Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

b4sjoo · 2023-09-08T21:16:07Z

Description

Bump aws-encryption-sdk-java version to fix CVE-2023-33201

Check List

New functionality includes testing.
- All tests pass
New functionality has been documented.
- New functionality has javadoc added
Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Sicheng Song <[email protected]>

codecov · 2023-09-08T22:22:40Z

Codecov Report

Merging #1309 (e876792) into main (8bd4158) will decrease coverage by 0.11%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #1309      +/-   ##
============================================
- Coverage     78.94%   78.84%   -0.11%     
+ Complexity     2144     2139       -5     
============================================
  Files           168      168              
  Lines          8740     8740              
  Branches        877      877              
============================================
- Hits           6900     6891       -9     
- Misses         1441     1450       +9     
  Partials        399      399

Flag	Coverage Δ
ml-commons	`78.84% <ø> (-0.11%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 3 files with indirect coverage changes

Signed-off-by: Sicheng Song <[email protected]> (cherry picked from commit 0bdff8f)

Signed-off-by: Sicheng Song <[email protected]> (cherry picked from commit 0bdff8f) Co-authored-by: Sicheng Song <[email protected]>

* Add Auto Release Workflow (#1306) * Add Auto Release Workflow Signed-off-by: Sicheng Song <[email protected]> * Fix release note address Signed-off-by: Sicheng Song <[email protected]> --------- Signed-off-by: Sicheng Song <[email protected]> * Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309) Signed-off-by: Sicheng Song <[email protected]> * Add release note for 2.10.0 release (#1312) * Add release note for 2.10.0 Signed-off-by: Sicheng Song <[email protected]> * Add CVE fix Signed-off-by: Sicheng Song <[email protected]> --------- Signed-off-by: Sicheng Song <[email protected]> * fixing doc link (#1318) * fixing doc link Signed-off-by: Dhrubo Saha <[email protected]> * fixing indentation Signed-off-by: Dhrubo Saha <[email protected]> --------- Signed-off-by: Dhrubo Saha <[email protected]> * Fix unassigned ml system shard replicas (#1315) (#1324) * Fix unassigned ml system shard replicas * Adjust auto replica settings to keep it consistent with AOS default setting * Update plugin/src/main/java/org/opensearch/ml/indices/MLIndicesHandler.java * Modify exception handling * Modify exception messages * Add response check * Add response check and exception handling * Keep error message consistent * Keep error message consistent * Keep error message consistent --------- Signed-off-by: Sicheng Song <[email protected]> Co-authored-by: Yaliang Wu <[email protected]> * Adjust index replicas settings to keep consistent with AOS 2.9 (#1325) Signed-off-by: Sicheng Song <[email protected]> * Make 2.10 release notes up to date (#1345) Signed-off-by: Sicheng Song <[email protected]> * fix spelling (#1363) Signed-off-by: Kalyan <[email protected]> * Add neural search default processor for non OpenAI/Cohere scenario (#1274) * Add neural search default pre/post process function support Signed-off-by: zane-neo <[email protected]> * Fix UT failures Signed-off-by: zane-neo <[email protected]> * Address PR comment to remove nonJson response case Signed-off-by: zane-neo <[email protected]> * Fix low code coverage issue Signed-off-by: zane-neo <[email protected]> * fix format issue Signed-off-by: zane-neo <[email protected]> * Try to fix classNotFound issue in IT Signed-off-by: zane-neo <[email protected]> * revert Try to fix classNotFound issue in IT Signed-off-by: zane-neo <[email protected]> * Change gson dependency to compileOnly Signed-off-by: zane-neo <[email protected]> * Change default pre/post process function name Signed-off-by: zane-neo <[email protected]> * Address code review comments Signed-off-by: zane-neo <[email protected]> * Make preprocess function to default Signed-off-by: zane-neo <[email protected]> * Remove GsonUtil since there already a single instance in StringUtils Signed-off-by: zane-neo <[email protected]> * Fix UT failures Signed-off-by: zane-neo <[email protected]> * Address comments Signed-off-by: zane-neo <[email protected]> * use import instead of fully qualified name Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: Sicheng Song <[email protected]> Signed-off-by: Dhrubo Saha <[email protected]> Signed-off-by: Kalyan <[email protected]> Signed-off-by: zane-neo <[email protected]> Co-authored-by: Sicheng Song <[email protected]> Co-authored-by: Dhrubo Saha <[email protected]> Co-authored-by: Yaliang Wu <[email protected]> Co-authored-by: Kalyan <[email protected]>

Bump aws-encryption-sdk-java to fix CVE-2023-33201

e876792

Signed-off-by: Sicheng Song <[email protected]>

b4sjoo requested review from dhrubo-os, jngz-es, model-collapse, rbhavna, wujunshen, ylwu-amzn, zane-neo and Zhangxunmt as code owners September 8, 2023 21:16

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Error

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Failure

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Error

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Failure

b4sjoo added backport 2.x backport 2.10 labels Sep 8, 2023

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:32 — with GitHub Actions Error

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:32 — with GitHub Actions Failure

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 21:32 — with GitHub Actions Inactive

jngz-es approved these changes Sep 8, 2023

View reviewed changes

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:51 — with GitHub Actions Failure

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:51 — with GitHub Actions Error

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 21:51 — with GitHub Actions Inactive

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Failure

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Error

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Failure

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Failure

dhrubo-os approved these changes Sep 8, 2023

View reviewed changes

b4sjoo merged commit 0bdff8f into opensearch-project:main Sep 8, 2023

b4sjoo deleted the main_note branch September 8, 2023 22:30

opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309)

257cd36

Signed-off-by: Sicheng Song <[email protected]> (cherry picked from commit 0bdff8f)

This was referenced Sep 8, 2023

[Backport 2.x] Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1310

Merged

[Backport 2.10] Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1311

Merged

opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309)

d39e8f9

Signed-off-by: Sicheng Song <[email protected]> (cherry picked from commit 0bdff8f)

b4sjoo added a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309) (#1310)

f30fb8e

Signed-off-by: Sicheng Song <[email protected]> (cherry picked from commit 0bdff8f) Co-authored-by: Sicheng Song <[email protected]>

b4sjoo added a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309) (#1311)

14dd7ee

Signed-off-by: Sicheng Song <[email protected]> (cherry picked from commit 0bdff8f) Co-authored-by: Sicheng Song <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

b4sjoo commented Sep 8, 2023 •

edited

Loading

codecov bot commented Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

Conversation

b4sjoo commented Sep 8, 2023 • edited Loading

Description

Check List

codecov bot commented Sep 8, 2023

Codecov Report

b4sjoo commented Sep 8, 2023 •

edited

Loading