This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 682ae0c64c9159c6c884252820ce1236fde39e17 Merge: dba4162666 b6b71c598e Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Thu May 4 10:24:20 2023 -0500 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 1 + CHANGES.txt | 1 + 2 files changed, 2 insertions(+) diff --cc .build/dependency-check-suppressions.xml index f203c2757f,98efddce73..f8aa4b5fb7 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -21,17 -21,10 +21,18 @@@ --> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> <suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 --> + <!-- not applicable since 4.0 --> + <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl> + <cve>CVE-2018-8016</cve> + <cve>CVE-2019-2684</cve> + <cve>CVE-2020-13946</cve> + <cve>CVE-2020-17516</cve> + <cve>CVE-2021-44521</cve> + </suppress> + <suppress> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-17907 --> <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl> + <cve>CVE-2023-2251</cve> - <cve>CVE-2017-18640</cve> <cve>CVE-2022-25857</cve> <cve>CVE-2022-38749</cve> <cve>CVE-2022-38750</cve> diff --cc CHANGES.txt index b3f3cf883a,b132527d5c..a10b0f67df --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,23 -1,9 +1,24 @@@ -3.11.16 +4.0.10 + * Improve 'Not enough space for compaction' logging messages (CASSANDRA-18260) + * Incremental repairs fail on mixed IPv4/v6 addresses serializing SyncRequest (CASSANDRA-18474) + * Deadlock updating sstable metadata if disk boundaries need reloading (CASSANDRA-18443) + * Fix nested selection of reversed collections (CASSANDRA-17913) +Merged from 3.11: + * Fix the capital P usage in the CQL parser (CASSANDRA-17919) Merged from 3.0: + * Suppress CVE-2023-2251 (CASSANDRA-18497) + * Do not remove SSTables when cause of FSReadError is OutOfMemoryError while using best_effort disk failure policy (CASSANDRA-18336) + * Do not remove truncated_at entry in system.local while dropping an index (CASSANDRA-18105) -3.11.15 - * Fix the capital P usage in the CQL parser (CASSANDRA-17919) +4.0.9 + * Update zstd-jni library to version 1.5.5 (CASSANDRA-18429) + * Backport CASSANDRA-17205 to 4.0 branch - Remove self-reference in SSTableTidier (CASSANDRA-18332) + * Avoid loading the preferred IP for BulkLoader streaming (CASSANDRA-18370) + * Fix BufferPool incorrect memoryInUse when putUnusedPortion is used (CASSANDRA-18311) + * Improve memtable allocator accounting when updating AtomicBTreePartition (CASSANDRA-18125) + * Update zstd-jni to version 1.5.4-1 (CASSANDRA-18259) + * Split and order IDEA workspace template VM_PARAMETERS (CASSANDRA-18242) +Merged from 3.11: * Fix sstable_count metric missing from tablestats json/yaml output (CASSANDRA-18448) * Suppress CVE-2022-45688 (CASSANDRA-18389) * Fix Splitter sometimes creating more splits than requested (CASSANDRA-18013) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org