This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 2fa7c1204c9f7530d0c82716c7f208b4571105a2 Merge: 0a91114dd5 349ec3e02d Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Thu Oct 26 05:58:35 2023 -0500 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 1 + CHANGES.txt | 1 + 2 files changed, 2 insertions(+) diff --cc .build/dependency-check-suppressions.xml index b7ebb45e57,e3e244e62b..d806926aaf --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -54,7 -61,35 +54,8 @@@ <cve>CVE-2022-41881</cve> <cve>CVE-2022-41915</cve> <cve>CVE-2023-34462</cve> + <cve>CVE-2023-44487</cve> </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 --> - <suppress> - <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> - <cve>CVE-2018-10237</cve> - <cve>CVE-2020-8908</cve> - <cve>CVE-2023-2976</cve> - </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 --> - <suppress> - <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl> - <cve>CVE-2015-3254</cve> - <cve>CVE-2016-5397</cve> - <cve>CVE-2018-1320</cve> - <cve>CVE-2018-11798</cve> - <cve>CVE-2019-0205</cve> - </suppress> - <suppress> - <packageUrl regex="true">^pkg:maven/com\.thinkaurelius\.thrift/thrift-server@.*$</packageUrl> - <cve>CVE-2015-3254</cve> - <cve>CVE-2016-5397</cve> - <cve>CVE-2018-1320</cve> - <cve>CVE-2018-11798</cve> - <cve>CVE-2019-0205</cve> - </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 --> <suppress> <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl> diff --cc CHANGES.txt index 52798983a4,683a5c10cc..66ac892da7 --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -13,8 -2,8 +13,9 @@@ Merged from 3.11 * Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756) * Revert CASSANDRA-18543 (CASSANDRA-18854) * Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739) + * Moved jflex from runtime to build dependencies (CASSANDRA-18664) Merged from 3.0: + * Suppress CVE-2023-44487 (CASSANDRA-18943) * Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935) * Implement the logic in bin/stop-server (CASSANDRA-18838) * Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org