Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2020-36518] Update jackson-databind to 2.13.2.2 #2599

Merged
merged 1 commit into from
Mar 29, 2022
Merged

[CVE-2020-36518] Update jackson-databind to 2.13.2.2 #2599

merged 1 commit into from
Mar 29, 2022

Conversation

reta
Copy link
Collaborator

@reta reta commented Mar 25, 2022
edited

Signed-off-by: Andriy Redko andriy.redko@aiven.io

Description

Update jackson-databind to 2.13.2.2
Blocked by FasterXML/jackson-databind#3428

Issues Resolved

Closes #2597

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure a8db80b11cf901f4332e6f62157d7696b49346ef
Log 3762

Reports 3762

@reta reta changed the title [CVE-2020-36518] Update jackson-databind to 2.13.2.1 [CVE-2020-36518] Update jackson-databind to 2.13.2.2 Mar 29, 2022
@reta reta marked this pull request as ready for review March 29, 2022 13:48
@reta reta requested a review from a team as a code owner March 29, 2022 13:48
@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 541f4f90a1b1d2d0e5cb85051cd300eb36818e92
Log 3848

Reports 3848

@reta
[CVE-2020-36518] Update jackson-databind to 2.13.2.2
4059045 
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
@reta
Copy link
Collaborator Author

reta commented Mar 29, 2022
edited

@dblock @andrross addressing CVE for Jackson, please take a look :) thanks!

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success 4059045
Log 3850

Reports 3850

@dblock dblock added the backport 2.x Backport to 2.x branch label Mar 29, 2022
@dblock dblock merged commit d8a1ba6 into opensearch-project:main Mar 29, 2022
@dblock dblock added the backport 2.0 Backport to 2.0 branch label Mar 29, 2022
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-2599-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d8a1ba691204976e1b0e4ffc8e62b08a22e63692
# Push it to GitHub
git push --set-upstream origin backport/backport-2599-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-2599-to-2.x.

opensearch-trigger-bot bot pushed a commit that referenced this pull request Mar 29, 2022
@reta @github-actions
[CVE-2020-36518] Update jackson-databind to 2.13.2.2 (#2599)
e550ca1 
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
(cherry picked from commit d8a1ba6)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Mar 29, 2022
Merged
kartg pushed a commit that referenced this pull request Mar 29, 2022
@opensearch-trigger-bot @reta
[CVE-2020-36518] Update jackson-databind to 2.13.2.2 (#2599) (#2647)
be15fbc 
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
(cherry picked from commit d8a1ba6)

Co-authored-by: Andriy Redko <andriy.redko@aiven.io>
@dblock dblock added backport 1.x backport 1.3 Backport to 1.3 branch and removed backport 2.x Backport to 2.x branch labels Apr 1, 2022
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-2599-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d8a1ba691204976e1b0e4ffc8e62b08a22e63692
# Push it to GitHub
git push --set-upstream origin backport/backport-2599-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-2599-to-1.3.

@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-2599-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d8a1ba691204976e1b0e4ffc8e62b08a22e63692
# Push it to GitHub
git push --set-upstream origin backport/backport-2599-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-2599-to-1.x.

@dblock dblock mentioned this pull request Apr 1, 2022
Closed
This was referenced Apr 1, 2022
Merged
Merged
Merged
@heatherdoone
Copy link

We upgraded to 2.13.2.2 and we are still seeing the StackOverflowError reported here: #2597

@reta
Copy link
Collaborator Author

reta commented Apr 1, 2022

We upgraded to 2.13.2.2 and we are still seeing the StackOverflowError reported here: #2597

thanks @heatherdoone , do you see it with OpenSearch or just confirming the bug is not fixed actually?

@heatherdoone
Copy link

I thought 2.13.2.2 already had the fix for the StackOverFlowError. Looks like it is getting merged soon? Or is the fix there now and we just need to pull it again?

@reta
Copy link
Collaborator Author

reta commented Apr 1, 2022

@heatherdoone according to FasterXML/jackson-databind#2816, it is fixed

@kkhatua kkhatua mentioned this pull request May 10, 2022
Closed
@mch2 mch2 mentioned this pull request Jul 5, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dblock dblock dblock approved these changes

Assignees
No one assigned
Labels
backport 1.x backport 1.3 Backport to 1.3 branch backport 2.0 Backport to 2.0 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CVE-2020-36518] Update jackson-databind to 2.13.2.1
4 participants
@reta @opensearch-ci-bot @heatherdoone @dblock