Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mod: update github.com/lestrrat-go/jwx version #37799

Merged
merged 2 commits into from
Jan 31, 2024
Merged

mod: update github.com/lestrrat-go/jwx version #37799

merged 2 commits into from
Jan 31, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jan 31, 2024
edited
Loading

Proposed commit message

Addresses CVE-2023-49290 and CVE-2024-21664 risk.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 added Filebeat Filebeat bugfix backport-v8.12.0 Automated backport with mergify Team:Security-Service Integrations Security Service Integrations Team labels Jan 31, 2024
@efd6 efd6 self-assigned this Jan 31, 2024
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jan 31, 2024
@efd6 efd6 marked this pull request as ready for review January 31, 2024 11:18
@efd6 efd6 requested a review from a team as a code owner January 31, 2024 11:18
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2024-01-31T09:36:31.068+0000

  • Duration: 163 min 43 sec

Test stats 🧪

Test Results
Failed 0
Passed 28778
Skipped 2014
Total 30792

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@chrisberkhout
Copy link
Contributor

Proposed commit message says

Addresses CVE-2023-49290 risk.

That was fixed in 2.0.18.

This upgrade to 2.0.19 also fixes CVE-2024-21664.

andrewkroh
andrewkroh approved these changes Jan 31, 2024
View reviewed changes
CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@efd6
Copy link
Contributor Author

efd6 commented Jan 31, 2024

@chrisberkhout Thanks. Updated to

Addresses CVE-2023-49290 and CVE-2024-21664 risk.

@efd6
Copy link
Contributor Author

efd6 commented Jan 31, 2024

/test

@elasticmachine
Copy link
Collaborator

❕ Build Aborted

Either there was a build timeout or someone aborted the build.

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Duration: 64 min 13 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2024-01-31T20:32:07.257+0000

  • Duration: 149 min 25 sec

Test stats 🧪

Test Results
Failed 0
Passed 1253
Skipped 123
Total 1376

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@efd6 efd6 merged commit 11f298c into elastic:main Jan 31, 2024
122 checks passed
mergify bot pushed a commit that referenced this pull request Jan 31, 2024
@efd6 @mergify
mod: update github.com/lestrrat-go/jwx version (#37799)
b9f5d21 
Addresses CVE-2023-49290 and CVE-2024-21664 risk.

(cherry picked from commit 11f298c)

# Conflicts:
#	go.sum
@mergify mergify bot mentioned this pull request Jan 31, 2024
Merged
efd6 added a commit that referenced this pull request Feb 1, 2024
@mergify @efd6
[8.12](backport #37799) mod: update github.com/lestrrat-go/jwx version (
f5cde3c 
#37812)

* mod: update github.com/lestrrat-go/jwx version (#37799)

Addresses CVE-2023-49290 and CVE-2024-21664 risk.

(cherry picked from commit 11f298c)

# Conflicts:
#	go.sum

* resolve conflicts

---------

Co-authored-by: Dan Kortschak <[email protected]>
Co-authored-by: Dan Kortschak <[email protected]>
Scholar-Li pushed a commit to Scholar-Li/beats that referenced this pull request Feb 5, 2024
@efd6 @Scholar-Li
mod: update github.com/lestrrat-go/jwx version (elastic#37799)
4ee0636 
Addresses CVE-2023-49290 and CVE-2024-21664 risk.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@pierrehilbert pierrehilbert pierrehilbert approved these changes

Assignees

@efd6 efd6

Labels
backport-v8.12.0 Automated backport with mergify bugfix Filebeat Filebeat Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@efd6 @elasticmachine @chrisberkhout @pierrehilbert @andrewkroh