(cassandra) 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0

Wed, 06 Dec 2023 04:35:32 -0800 

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git

commit 8e5fc74c9a3d734bfded9bde3fff399d4b67d65a
Merge: e1b0b44f9e 2e3d7e76f5
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Wed Dec 6 06:32:32 2023 -0600

    Merge branch 'cassandra-3.11' into cassandra-4.0

 .build/dependency-check-suppressions.xml | 9 +++++++++
 CHANGES.txt                              | 1 +
 2 files changed, 10 insertions(+)

diff --cc .build/dependency-check-suppressions.xml
index d806926aaf,774e2e7886..0c32a06b17
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -62,6 -96,17 +62,15 @@@
          <cve>CVE-2022-42003</cve>
          <cve>CVE-2022-42004</cve>
          <cve>CVE-2023-35116</cve>
 -      <cve>CVE-2022-42003</cve>
 -      <cve>CVE-2022-42004</cve>
      </suppress>
  
+     <!-- https://issues.apache.org/jira/browse/CASSANDRA-19142 -->
+     <suppress>
+         <packageUrl 
regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
+         <cve>CVE-2023-6378</cve>
+     </suppress>
+     <suppress>
+         <packageUrl 
regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
+         <cve>CVE-2023-6378</cve>
+     </suppress>
  </suppressions>
diff --cc CHANGES.txt
index f79af3a59b,96e34db044..771cf1f3c0
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -20,8 -2,8 +20,9 @@@ Merged from 3.11
   * Fix delayed SSTable release with unsafe_aggressive_sstable_expiration 
(CASSANDRA-18756)
   * Revert CASSANDRA-18543 (CASSANDRA-18854)
   * Fix NPE when using udfContext in UDF after a restart of a node 
(CASSANDRA-18739)
 + * Moved jflex from runtime to build dependencies (CASSANDRA-18664)
  Merged from 3.0:
+  * Suppress CVE-2023-6378 (CASSANDRA-19142) 
   * Do not set RPC_READY to false on transports shutdown in order to not fail 
counter updates for deployments with coordinator and storage nodes with 
transports turned off (CASSANDRA-18935)
   * Suppress CVE-2023-44487 (CASSANDRA-18943)
   * Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip 
(CASSANDRA-18935)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to