This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git

commit 2fa7c1204c9f7530d0c82716c7f208b4571105a2
Merge: 0a91114dd5 349ec3e02d
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Thu Oct 26 05:58:35 2023 -0500

    Merge branch 'cassandra-3.11' into cassandra-4.0

 .build/dependency-check-suppressions.xml | 1 +
 CHANGES.txt                              | 1 +
 2 files changed, 2 insertions(+)

diff --cc .build/dependency-check-suppressions.xml
index b7ebb45e57,e3e244e62b..d806926aaf
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -54,7 -61,35 +54,8 @@@
          <cve>CVE-2022-41881</cve>
          <cve>CVE-2022-41915</cve>
          <cve>CVE-2023-34462</cve>
+         <cve>CVE-2023-44487</cve>
      </suppress>
 -
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 -->
 -    <suppress>
 -        <packageUrl 
regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
 -        <cve>CVE-2018-10237</cve>
 -        <cve>CVE-2020-8908</cve>
 -        <cve>CVE-2023-2976</cve>
 -    </suppress>
 -
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 -->
 -    <suppress>
 -        <packageUrl 
regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
 -        <cve>CVE-2015-3254</cve>
 -        <cve>CVE-2016-5397</cve>
 -        <cve>CVE-2018-1320</cve>
 -        <cve>CVE-2018-11798</cve>
 -        <cve>CVE-2019-0205</cve>
 -    </suppress>
 -    <suppress>
 -        <packageUrl 
regex="true">^pkg:maven/com\.thinkaurelius\.thrift/thrift-server@.*$</packageUrl>
 -        <cve>CVE-2015-3254</cve>
 -        <cve>CVE-2016-5397</cve>
 -        <cve>CVE-2018-1320</cve>
 -        <cve>CVE-2018-11798</cve>
 -        <cve>CVE-2019-0205</cve>
 -    </suppress>
 -
      <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 -->
      <suppress>
          <packageUrl 
regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
diff --cc CHANGES.txt
index 52798983a4,683a5c10cc..66ac892da7
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -13,8 -2,8 +13,9 @@@ Merged from 3.11
   * Fix delayed SSTable release with unsafe_aggressive_sstable_expiration 
(CASSANDRA-18756)
   * Revert CASSANDRA-18543 (CASSANDRA-18854)
   * Fix NPE when using udfContext in UDF after a restart of a node 
(CASSANDRA-18739)
 + * Moved jflex from runtime to build dependencies (CASSANDRA-18664)
  Merged from 3.0:
+  * Suppress CVE-2023-44487 (CASSANDRA-18943)
   * Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip 
(CASSANDRA-18935)
   * Implement the logic in bin/stop-server (CASSANDRA-18838) 
   * Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to