This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-3.11 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 60d04d6713c9bc604d4528bf4df9cce7cd84c67a Merge: bee215cce6 5c4dd3b993 Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Tue Aug 8 10:03:31 2023 -0500 Merge branch 'cassandra-3.0' into cassandra-3.11 .build/dependency-check-suppressions.xml | 43 -------------------------------- CHANGES.txt | 1 + 2 files changed, 1 insertion(+), 43 deletions(-) diff --cc .build/dependency-check-suppressions.xml index 58b38b7e62,d0a81458db..47d37c53db --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -126,20 -88,22 +89,14 @@@ <cve>CVE-2019-0205</cve> </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16056 --> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-15416 --> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 --> <suppress> - <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl> - <cve>CVE-2017-7525</cve> - <cve>CVE-2017-15095</cve> - <cve>CVE-2017-17485</cve> - <cve>CVE-2018-5968</cve> - <cve>CVE-2018-14718</cve> - <cve>CVE-2018-1000873</cve> - <cve>CVE-2018-7489</cve> - <cve>CVE-2019-10172</cve> - <cve>CVE-2019-14540</cve> - <cve>CVE-2019-14893</cve> - <cve>CVE-2019-16335</cve> - <cve>CVE-2019-17267</cve> + <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl> + <cve>CVE-2022-42003</cve> + <cve>CVE-2022-42004</cve> + <cve>CVE-2023-35116</cve> + <cve>CVE-2022-42003</cve> + <cve>CVE-2022-42004</cve> </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-18643 --> - <suppress> - <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl> - <cve>CVE-2022-45688</cve> - </suppress> - </suppressions> diff --cc CHANGES.txt index 86f4b5c758,697262750a..8ca47eb52d --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,13 -1,5 +1,14 @@@ -3.0.30 +3.11.16 + * Moved jflex from runtime to build dependencies (CASSANDRA-18664) + * Fix CAST function for float to decimal (CASSANDRA-18647) + * Suppress CVE-2022-45688 (CASSANDRA-18643) + * Remove unrepaired SSTables from garbage collection when only_purge_repaired_tombstones is true (CASSANDRA-14204) + * Wait for live endpoints in gossip waiting to settle (CASSANDRA-18543) + * Fix error message handling when trying to use CLUSTERING ORDER with non-clustering column (CASSANDRA-17818 + * Add keyspace and table name to exception message during ColumnSubselection deserialization (CASSANDRA-18346) + * Remove unnecessary String.format invocation in QueryProcessor when getting a prepared statement from cache (CASSANDRA-17202) +Merged from 3.0: + * Remove unused suppressions (CASSANDRA-18724) * Upgrade OWASP to 8.3.1 (CASSANDRA-18650) * Suppress CVE-2023-34462 (CASSANDRA-18649) * Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org