[cassandra] 01/01: Merge branch 'cassandra-3.0' into cassandra-3.11

Fri, 07 Jul 2023 08:49:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch cassandra-3.11
in repository https://gitbox.apache.org/repos/asf/cassandra.git

commit 3f09baf1c2e833cc3028be08ab753f6c48788210
Merge: 5326a39a1c 493d15fffa
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Fri Jul 7 10:41:42 2023 -0500

    Merge branch 'cassandra-3.0' into cassandra-3.11

 .build/build-owasp.xml                   |  2 +-
 .build/dependency-check-suppressions.xml | 10 ++++++++++
 CHANGES.txt                              |  1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --cc .build/dependency-check-suppressions.xml
index bffab75a23,dead8f6120..58b38b7e62
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -117,19 -116,38 +117,29 @@@
          <cve>CVE-2018-11798</cve>
          <cve>CVE-2019-0205</cve>
      </suppress>
+     <suppress>
+         <packageUrl 
regex="true">^pkg:maven/com\.thinkaurelius\.thrift/thrift-server@.*$</packageUrl>
+         <cve>CVE-2015-3254</cve>
+         <cve>CVE-2016-5397</cve>
+         <cve>CVE-2018-1320</cve>
+         <cve>CVE-2018-11798</cve>
+         <cve>CVE-2019-0205</cve>
+     </suppress>
  
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-16056 -->
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-15416 -->
 -    <suppress>
 -        <packageUrl 
regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
 -        <cve>CVE-2017-7525</cve>
 -        <cve>CVE-2017-15095</cve>
 -        <cve>CVE-2017-17485</cve>
 -        <cve>CVE-2018-5968</cve>
 -        <cve>CVE-2018-14718</cve>
 -        <cve>CVE-2018-1000873</cve>
 -        <cve>CVE-2018-7489</cve>
 -        <cve>CVE-2019-10172</cve>
 -        <cve>CVE-2019-14540</cve>
 -        <cve>CVE-2019-14893</cve>
 -        <cve>CVE-2019-16335</cve>
 -        <cve>CVE-2019-17267</cve>
 -    </suppress>
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-18630 -->
 +    <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 -->
      <suppress>
          <packageUrl 
regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
 +        <cve>CVE-2022-42003</cve>
 +        <cve>CVE-2022-42004</cve>
          <cve>CVE-2023-35116</cve>
+       <cve>CVE-2022-42003</cve>
+       <cve>CVE-2022-42004</cve>
      </suppress>
  
 +    <!-- https://issues.apache.org/jira/browse/CASSANDRA-18643 -->
 +    <suppress>
 +        <packageUrl 
regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
 +        <cve>CVE-2022-45688</cve>
 +    </suppress>
 +
  </suppressions>
diff --cc CHANGES.txt
index 2c8a444f55,fbe5e0751b..33e4983986
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,11 -1,5 +1,12 @@@
 -3.0.30
 +3.11.16
 + * Suppress CVE-2022-45688 (CASSANDRA-18643)
 + * Remove unrepaired SSTables from garbage collection when 
only_purge_repaired_tombstones is true (CASSANDRA-14204)
 + * Wait for live endpoints in gossip waiting to settle (CASSANDRA-18543)
 + * Fix error message handling when trying to use CLUSTERING ORDER with 
non-clustering column (CASSANDRA-17818
 + * Add keyspace and table name to exception message during ColumnSubselection 
deserialization (CASSANDRA-18346)
 + * Remove unnecessary String.format invocation in QueryProcessor when getting 
a prepared statement from cache (CASSANDRA-17202)
 +Merged from 3.0:
+  * Upgrade OWASP to 8.3.1 (CASSANDRA-18650)
   * Suppress CVE-2023-34462 (CASSANDRA-18649)
   * Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555)
   * Suppress CVE-2023-35116 (CASSANDRA-18630)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to