This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-3.11 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 3f09baf1c2e833cc3028be08ab753f6c48788210 Merge: 5326a39a1c 493d15fffa Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Fri Jul 7 10:41:42 2023 -0500 Merge branch 'cassandra-3.0' into cassandra-3.11 .build/build-owasp.xml | 2 +- .build/dependency-check-suppressions.xml | 10 ++++++++++ CHANGES.txt | 1 + 3 files changed, 12 insertions(+), 1 deletion(-) diff --cc .build/dependency-check-suppressions.xml index bffab75a23,dead8f6120..58b38b7e62 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -117,19 -116,38 +117,29 @@@ <cve>CVE-2018-11798</cve> <cve>CVE-2019-0205</cve> </suppress> + <suppress> + <packageUrl regex="true">^pkg:maven/com\.thinkaurelius\.thrift/thrift-server@.*$</packageUrl> + <cve>CVE-2015-3254</cve> + <cve>CVE-2016-5397</cve> + <cve>CVE-2018-1320</cve> + <cve>CVE-2018-11798</cve> + <cve>CVE-2019-0205</cve> + </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16056 --> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-15416 --> - <suppress> - <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl> - <cve>CVE-2017-7525</cve> - <cve>CVE-2017-15095</cve> - <cve>CVE-2017-17485</cve> - <cve>CVE-2018-5968</cve> - <cve>CVE-2018-14718</cve> - <cve>CVE-2018-1000873</cve> - <cve>CVE-2018-7489</cve> - <cve>CVE-2019-10172</cve> - <cve>CVE-2019-14540</cve> - <cve>CVE-2019-14893</cve> - <cve>CVE-2019-16335</cve> - <cve>CVE-2019-17267</cve> - </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-18630 --> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 --> <suppress> <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl> + <cve>CVE-2022-42003</cve> + <cve>CVE-2022-42004</cve> <cve>CVE-2023-35116</cve> + <cve>CVE-2022-42003</cve> + <cve>CVE-2022-42004</cve> </suppress> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-18643 --> + <suppress> + <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl> + <cve>CVE-2022-45688</cve> + </suppress> + </suppressions> diff --cc CHANGES.txt index 2c8a444f55,fbe5e0751b..33e4983986 --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,11 -1,5 +1,12 @@@ -3.0.30 +3.11.16 + * Suppress CVE-2022-45688 (CASSANDRA-18643) + * Remove unrepaired SSTables from garbage collection when only_purge_repaired_tombstones is true (CASSANDRA-14204) + * Wait for live endpoints in gossip waiting to settle (CASSANDRA-18543) + * Fix error message handling when trying to use CLUSTERING ORDER with non-clustering column (CASSANDRA-17818 + * Add keyspace and table name to exception message during ColumnSubselection deserialization (CASSANDRA-18346) + * Remove unnecessary String.format invocation in QueryProcessor when getting a prepared statement from cache (CASSANDRA-17202) +Merged from 3.0: + * Upgrade OWASP to 8.3.1 (CASSANDRA-18650) * Suppress CVE-2023-34462 (CASSANDRA-18649) * Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555) * Suppress CVE-2023-35116 (CASSANDRA-18630) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org