Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump netaddr gem to 1.5.3 to fix CVE-2019-17383 #2373

Merged
merged 1 commit into from
May 9, 2022
Merged

Bump netaddr gem to 1.5.3 to fix CVE-2019-17383 #2373

merged 1 commit into from
May 9, 2022

Conversation

FlorianNachtigall
Copy link
Contributor

What is this change about?

As discussed in #2369 lets consume the fixed netaddr version 1.5.3 from github directly since it hasn't been published on rubygems yet.

@lnguyen @rkoster, do you mind reviewing the PR?

Please provide contextual information.

What tests have you run against this PR?

  • bosh-director unit tests (all succeeding besides two unrelated NATS cert tests which fail due to changed OpenSSL error messages)

How should this change be described in bosh release notes?

  • upgrade netaddr gem to 1.5.3

Does this PR introduce a breaking change?

  • no

Tag your pair, your PM, and/or team!

@ShilpaChandrashekara
@friegger
@cloudfoundry/cf-bosh-europe

@FlorianNachtigall @ShilpaChandrashekara
Bump netaddr gem to 1.5.3 to fix CVE-2019-17383
f81d53b 
Consume netaddr release from github since it hasn't been published on
rubygems yet. For more context see:
- dspinhirne/netaddr-rb#29
- #2369

Co-authored-by: Shilpa Chandrashekara <[email protected]>
@rkoster
Copy link
Contributor

rkoster commented May 5, 2022

@FlorianNachtigall is this PR ready for review? Asking because it is still in draft status.

@ShilpaChandrashekara
Copy link
Contributor

Tested this on one of our Dev Landscapes and it is ready to be reviewed.

@FlorianNachtigall FlorianNachtigall mentioned this pull request May 5, 2022
Closed
@FlorianNachtigall FlorianNachtigall marked this pull request as ready for review May 5, 2022 15:05
@ramonskie ramonskie requested review from a team, jpalermo and lnguyen and removed request for a team May 9, 2022 09:11
rkoster
rkoster approved these changes May 9, 2022
View reviewed changes
Copy link
Contributor

@rkoster rkoster left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rkoster
Copy link
Contributor

rkoster commented May 9, 2022

Thanks! @FlorianNachtigall

@rkoster rkoster merged commit 9b15fe5 into main May 9, 2022
@rkoster rkoster deleted the bump-netaddr-1.5.3 branch May 9, 2022 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramonskie ramonskie ramonskie approved these changes

@rkoster rkoster rkoster approved these changes

@jpalermo jpalermo Awaiting requested review from jpalermo

@lnguyen lnguyen Awaiting requested review from lnguyen

Assignees
No one assigned
Labels
None yet
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@FlorianNachtigall @rkoster @ShilpaChandrashekara @ramonskie