Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DAOS-16673 common: ignore Hadoop 3.4.0 related CVE #15284

Merged
merged 1 commit into from
Oct 11, 2024

Conversation

grom72
Copy link
Contributor

@grom72 grom72 commented Oct 9, 2024

Hadoope 3.4.0 has resolved a few CVE issues but introduces new

additionally, enable on-demand scan and scan on final PR merge for proper update to the GitHub Security tab.

Before requesting gatekeeper:

  • Two review approvals and any prior change requests have been resolved.
  • Testing is complete and all tests passed or there is a reason documented in the PR why it should be force landed and forced-landing tag is set.
  • Features: (or Test-tag*) commit pragma was used or there is a reason documented that there are no appropriate tags for this PR.
  • Commit messages follows the guidelines outlined here.
  • Any tests skipped by the ticket being addressed have been run and passed in the PR.

Gatekeeper:

  • You are the appropriate gatekeeper to be landing the patch.
  • The PR has 2 reviews by people familiar with the code, including appropriate owners.
  • Githooks were used. If not, request that user install them and check copyright dates.
  • Checkpatch issues are resolved. Pay particular attention to ones that will show up on future PRs.
  • All builds have passed. Check non-required builds for any new compiler warnings.
  • Sufficient testing is done. Check feature pragmas and test tags and that tests skipped for the ticket are run and now pass with the changes.
  • If applicable, the PR has addressed any potential version compatibility issues.
  • Check the target branch. If it is master branch, should the PR go to a feature branch? If it is a release branch, does it have merge approval in the JIRA ticket.
  • Extra checks if forced landing is requested
    • Review comments are sufficiently resolved, particularly by prior reviewers that requested changes.
    • No new NLT or valgrind warnings. Check the classic view.
    • Quick-build or Quick-functional is not used.
  • Fix the commit message upon landing. Check the standard here. Edit it to create a single commit. If necessary, ask submitter for a new summary.

Hadoope 3.4.0 has resolved a few CVE issues but introduces new

+ enable on demand scan and scan on final PR merge
for proper update to GitHub Security tab.

Doc-only: true

Required-githooks: true

Signed-off-by: Tomasz Gromadzki <[email protected]>
@grom72 grom72 added the release-2.6.2 Targeted for release 2.6.2 label Oct 9, 2024
Copy link

github-actions bot commented Oct 9, 2024

Ticket title is 'Ignore hadoop vulnerability in hadoop-common:3.4.0'
Status is 'In Review'
Labels: 'SDLe,scrubbed_2.8'
https://daosio.atlassian.net/browse/DAOS-16673

@grom72 grom72 force-pushed the grom72/DAOS-16673-ignore-for-hadoop-3.4.0 branch from 0414eb1 to ee5d741 Compare October 9, 2024 14:13
@grom72 grom72 added the java Pull requests that update Java code label Oct 9, 2024
@grom72 grom72 requested a review from ryon-jensen October 9, 2024 18:39
@janekmi janekmi requested a review from a team October 11, 2024 13:04
@mchaarawi mchaarawi merged commit 39895c3 into master Oct 11, 2024
43 checks passed
@mchaarawi mchaarawi deleted the grom72/DAOS-16673-ignore-for-hadoop-3.4.0 branch October 11, 2024 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
java Pull requests that update Java code release-2.6.2 Targeted for release 2.6.2
Development

Successfully merging this pull request may close these issues.

4 participants