Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep jackson-databind in alignment with OpenSearch #1817

Merged
merged 1 commit into from
May 2, 2022
Merged

Keep jackson-databind in alignment with OpenSearch #1817

merged 1 commit into from
May 2, 2022

Conversation

peternied
Copy link
Member

Description

While addressing CVE-2020-36518 the security team updated to the latest
minor version of jackson-databind, whereas the OpenSearch team took the
CVE specific update. Aligning with OpenSearch's version.

Issues Resolved

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@peternied
Keep jackson-databind in alignment with OpenSearch
f3dcb1e 
While addressing CVE-2020-36518 the security team updated to the latest
minor version of jackson-databind, whereas the OpenSearch team took the
CVE specific update.  Aligning with OpenSearch's version.

Signed-off-by: Peter Nied <[email protected]>
@peternied peternied requested a review from a team May 2, 2022 15:32
@peternied peternied self-assigned this May 2, 2022
@peternied peternied mentioned this pull request May 2, 2022
Merged
@codecov-commenter
Copy link

codecov-commenter commented May 2, 2022
edited
Loading

Codecov Report

Merging #1817 (f3dcb1e) into 1.3 (ce18577) will increase coverage by 0.03%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                1.3    #1817      +/-   ##
============================================
+ Coverage     64.64%   64.67%   +0.03%     
- Complexity     3219     3221       +2     
============================================
  Files           247      247              
  Lines         17363    17363              
  Branches       3086     3086              
============================================
+ Hits          11224    11230       +6     
+ Misses         4590     4587       -3     
+ Partials       1549     1546       -3
Impacted Files Coverage Δ
...earch/security/ssl/util/SSLConnectionTestUtil.java 95.45% <0.00%> (+2.27%) ⬆️
...urity/ssl/transport/SecuritySSLNettyTransport.java 73.40% <0.00%> (+4.25%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ce18577...f3dcb1e. Read the comment docs.

cliu123
cliu123 reviewed May 2, 2022
View reviewed changes
build.gradle
@@ -81,7 +81,7 @@ dependencies {
implementation 'org.greenrobot:eventbus:3.2.0'
implementation 'commons-cli:commons-cli:1.3.1'
implementation 'org.bouncycastle:bcprov-jdk15on:1.67'
implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.2.1'
implementation 'com.fasterxml.jackson.core:jackson-databind:2.12.6.1'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can jackson dependency be removed from security plugin given that it's been added in OpenSearch core?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created #1816 for follow up so we can avoid these kinds of problems in the future

@peternied peternied merged commit 3c86522 into opensearch-project:1.3 May 2, 2022
@peternied peternied deleted the jackson branch May 2, 2022 17:11
@kartg kartg mentioned this pull request May 2, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cliu123 cliu123 cliu123 left review comments

@DarshitChanpura DarshitChanpura DarshitChanpura approved these changes

@davidlago davidlago davidlago approved these changes

Assignees

@peternied peternied

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@peternied @codecov-commenter @davidlago @cliu123 @DarshitChanpura