Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for CVE-2023-50570(Bumping up to latest version of ipaddress library) #1339

Merged
merged 1 commit into from
Feb 29, 2024

Conversation

mohitamg
Copy link
Contributor

@mohitamg mohitamg commented Feb 29, 2024

Description

Bumping up to latest version of ipaddress library to fix CVE-2023-50570 mentioned below

Issues Resolved

Fixes this CVE (https://nvd.nist.gov/vuln/detail/CVE-2023-50570)

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Copy link

codecov bot commented Feb 29, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.34%. Comparing base (74dfcd1) to head (d1ff016).

Additional details and impacted files
@@             Coverage Diff              @@
##               main    #1339      +/-   ##
============================================
- Coverage     76.74%   76.34%   -0.40%     
+ Complexity     1049     1048       -1     
============================================
  Files           141      141              
  Lines          4782     4782              
  Branches        526      526              
============================================
- Hits           3670     3651      -19     
- Misses          760      776      +16     
- Partials        352      355       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mohitamg mohitamg self-assigned this Feb 29, 2024
Copy link
Member

@ankitkala ankitkala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Can you fix the PR description.

@monusingh-1
Copy link
Collaborator

Thanks Mohit

@monusingh-1 monusingh-1 enabled auto-merge (squash) February 29, 2024 10:09
@monusingh-1 monusingh-1 merged commit bfbfdc6 into opensearch-project:main Feb 29, 2024
15 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Feb 29, 2024
…ary (#1339)

Signed-off-by: Mohit Kumar <[email protected]>
(cherry picked from commit bfbfdc6)
@opensearch-trigger-bot
Copy link

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-1339-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bfbfdc608e0ba668d658c07ff67412d854011721
# Push it to GitHub
git push --set-upstream origin backport/backport-1339-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-1339-to-2.x.

monusingh-1 pushed a commit that referenced this pull request Feb 29, 2024
…ary (#1339) (#1340)

Signed-off-by: Mohit Kumar <[email protected]>
(cherry picked from commit bfbfdc6)

Co-authored-by: Mohit Kumar <[email protected]>
@mohitamg mohitamg deleted the CVEFix branch February 29, 2024 10:14
@opensearch-trigger-bot
Copy link

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-1339-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bfbfdc608e0ba668d658c07ff67412d854011721
# Push it to GitHub
git push --set-upstream origin backport/backport-1339-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-1339-to-1.3.

@opensearch-trigger-bot
Copy link

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-1339-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bfbfdc608e0ba668d658c07ff67412d854011721
# Push it to GitHub
git push --set-upstream origin backport/backport-1339-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-1339-to-1.x.

skumarp7 pushed a commit to nokia/opensearch-project-cross-cluster-replication that referenced this pull request Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants