This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 299ead7534a97af44035ab90002565f88f439144 Merge: 5f54d64c78 e9aa5ec514 Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Tue Jan 24 12:26:12 2023 -0600 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 4 ++++ CHANGES.txt | 1 + 2 files changed, 5 insertions(+) diff --cc .build/dependency-check-suppressions.xml index 35d9bd096f,8c5cf0f592..3c81e79c17 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -38,17 -30,55 +38,21 @@@ <cve>CVE-2022-38751</cve> <cve>CVE-2022-38752</cve> <cve>CVE-2022-41854</cve> + <cve>CVE-2021-1471</cve> + <cve>CVE-2021-3064</cve> + <cve>CVE-2021-4235</cve> + <cve>CVE-2017-18640</cve> </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-15417 --> - <suppress> - <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl> - <cve>CVE-2019-16869</cve> - <cve>CVE-2019-20444</cve> - <cve>CVE-2019-20445</cve> - <cve>CVE-2020-7238</cve> - <cve>CVE-2021-21290</cve> - <cve>CVE-2021-21295</cve> - <cve>CVE-2021-21409</cve> - <cve>CVE-2021-37136</cve> - <cve>CVE-2021-37137</cve> - <cve>CVE-2021-43797</cve> - <cve>CVE-2022-24823</cve> - <cve>CVE-2022-41881</cve> - </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-14183 --> - <suppress> - <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl> - <cve>CVE-2017-5929</cve> - </suppress> <suppress> - <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl> - <cve>CVE-2017-5929</cve> + <!-- dependency checker identified this as a completely different package (wire) --> + <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl> + <cpe>cpe:/a:wire:wire</cpe> </suppress> - - <!-- this was fixed in 3.0.22 --> - <suppress> - <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl> - <cve>CVE-2019-2684</cve> - <cve>CVE-2020-13946</cve> - <cve>CVE-2020-17516</cve> - <cve>CVE-2021-44521</cve> - </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 --> <suppress> + <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 --> <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> - <cve>CVE-2018-10237</cve> <cve>CVE-2020-8908</cve> </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-18146 --> <suppress> <packageUrl regex="true">^pkg:maven/org\.apache\.commons.*$</packageUrl> diff --cc CHANGES.txt index 0c0b1801c6,5a59323aa0..025f710a4a --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,18 -1,7 +1,19 @@@ -3.11.15 +4.0.8 + * Add safeguard so cleanup fails when node has pending ranges (CASSANDRA-16418) + * Fix legacy clustering serialization for paging with compact storage (CASSANDRA-17507) + * Add support for python 3.11 (CASSANDRA-18088) + * Fix formatting of duration in cqlsh (CASSANDRA-18141) + * Fix sstable loading of keyspaces named snapshots or backups (CASSANDRA-14013) + * Avoid ConcurrentModificationException in STCS/DTCS/TWCS.getSSTables (CASSANDRA-17977) + * Restore internode custom tracing on 4.0's new messaging system (CASSANDRA-17981) + * Harden parsing of boolean values in CQL in PropertyDefinitions (CASSANDRA-17878) + * Fix error message about type hints (CASSANDRA-17915) + * Fix possible race condition on repair snapshots (CASSANDRA-17955) + * Fix ASM bytecode version inconsistency (CASSANDRA-17873) +Merged from 3.11: * Fix Splitter sometimes creating more splits than requested (CASSANDRA-18013) Merged from 3.0: + * Suppress CVE-2021-1471, CVE-2021-3064, CVE-2021-4235 (CASSANDRA-18149) * Switch to snakeyaml's SafeConstructor (CASSANDRA-18150) * Expand build.dir property in rat targets (CASSANDRA-18183) * Suppress CVE-2022-41881 (CASSANDRA-18148) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org