Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update error-prone to 2.14.0 #12558

Merged
merged 1 commit into from
May 30, 2022
Merged

Update error-prone to 2.14.0 #12558

merged 1 commit into from
May 30, 2022

Conversation

wendigo
Copy link
Contributor

@wendigo wendigo commented May 26, 2022

No description provided.

@cla-bot cla-bot bot added the cla-signed label May 26, 2022
@wendigo wendigo requested review from ksobolew and findepi May 26, 2022 08:40
@findepi
Copy link
Member

findepi commented May 26, 2022

Does it pass on Trino? cc @ksobolew

@ksobolew
Copy link
Contributor

Weird, how did I miss 2.13.0? I was just checking if there was a new release :)

Does it pass on Trino?

I guess we'll find out from the build

@ksobolew
Copy link
Contributor

ksobolew commented May 26, 2022
edited
Loading

I get BanJNDI in my local build in io.trino.plugin.base.ldap.JdkLdapClient.CloseableContext#search

@ksobolew
Copy link
Contributor

The build confirms:

Error:  /home/runner/work/trino/trino/lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/ldap/JdkLdapClient.java:[180,34] [BanJNDI] Using JNDI may deserialize user input via the `Serializable` API which is extremely dangerous
    (see https://errorprone.info/bugpattern/BanJNDI)

@wendigo wendigo force-pushed the serafin/errorprone branch from 6532c9b to 93f9a37 Compare May 26, 2022 09:18
findepi
findepi reviewed May 27, 2022
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@wendigo wendigo requested a review from findepi May 27, 2022 10:38
@wendigo wendigo force-pushed the serafin/errorprone branch from 93f9a37 to 887c170 Compare May 27, 2022 10:38
ksobolew
ksobolew approved these changes May 27, 2022
View reviewed changes
Copy link
Contributor

@ksobolew ksobolew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with the LDAP code, so I trust you that these are actually safe to ignore

@wendigo
Copy link
Contributor Author

wendigo commented May 30, 2022

Can we merge that @findepi ?

@findepi findepi merged commit 47dc6d8 into trinodb:master May 30, 2022
@github-actions github-actions bot added this to the 383 milestone May 30, 2022
@wendigo wendigo deleted the serafin/errorprone branch May 30, 2022 09:16
@colebow colebow mentioned this pull request May 31, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ksobolew ksobolew ksobolew approved these changes

@findepi findepi findepi approved these changes

Assignees
No one assigned
Labels
cla-signed
Milestone
383
Development

Successfully merging this pull request may close these issues.
3 participants
@wendigo @findepi @ksobolew