This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 8e5fc74c9a3d734bfded9bde3fff399d4b67d65a Merge: e1b0b44f9e 2e3d7e76f5 Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Wed Dec 6 06:32:32 2023 -0600 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 9 +++++++++ CHANGES.txt | 1 + 2 files changed, 10 insertions(+) diff --cc .build/dependency-check-suppressions.xml index d806926aaf,774e2e7886..0c32a06b17 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -62,6 -96,17 +62,15 @@@ <cve>CVE-2022-42003</cve> <cve>CVE-2022-42004</cve> <cve>CVE-2023-35116</cve> - <cve>CVE-2022-42003</cve> - <cve>CVE-2022-42004</cve> </suppress> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-19142 --> + <suppress> + <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl> + <cve>CVE-2023-6378</cve> + </suppress> + <suppress> + <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl> + <cve>CVE-2023-6378</cve> + </suppress> </suppressions> diff --cc CHANGES.txt index f79af3a59b,96e34db044..771cf1f3c0 --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -20,8 -2,8 +20,9 @@@ Merged from 3.11 * Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756) * Revert CASSANDRA-18543 (CASSANDRA-18854) * Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739) + * Moved jflex from runtime to build dependencies (CASSANDRA-18664) Merged from 3.0: + * Suppress CVE-2023-6378 (CASSANDRA-19142) * Do not set RPC_READY to false on transports shutdown in order to not fail counter updates for deployments with coordinator and storage nodes with transports turned off (CASSANDRA-18935) * Suppress CVE-2023-44487 (CASSANDRA-18943) * Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org