[
https://issues.apache.org/jira/browse/CASSANDRA-20848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18015922#comment-18015922
]
Stefan Miklosovic commented on CASSANDRA-20848:
-----------------------------------------------
There are failures of configuration compatibility test I am looking into.
[CASSANDRA-20848-20849-5.0|https://github.com/instaclustr/cassandra/tree/CASSANDRA-20848-20849-5.0]
{noformat}
java17_pre-commit_tests
✓ j17_build 6m 5s
✓ j17_cqlsh_dtests_py311 6m 0s
✓ j17_cqlsh_dtests_py311_vnode 6m 20s
✓ j17_cqlsh_dtests_py38 6m 0s
✓ j17_cqlsh_dtests_py38_vnode 6m 22s
✓ j17_cqlshlib_cython_tests 8m 1s
✓ j17_cqlshlib_tests 6m 38s
✓ j17_dtests_latest 41m 4s
✓ j17_dtests_vnode 41m 35s
✓ j17_jvm_dtests 19m 55s
✓ j17_jvm_dtests_latest_vnode 18m 3s
✕ j17_dtests 36m 36s
refresh_test.TestRefresh test_refresh_deadlock_startup
✕ j17_unit_tests 14m 40s
org.apache.cassandra.config.ConfigCompatibilityTest diff_3_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_4_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_4_1
org.apache.cassandra.config.ConfigCompatibilityTest diff_5_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_3_11
✕ j17_utests_latest 16m 0s
org.apache.cassandra.config.ConfigCompatibilityTest diff_3_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_4_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_4_1
org.apache.cassandra.config.ConfigCompatibilityTest diff_5_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_3_11
✕ j17_utests_oa 15m 13s
org.apache.cassandra.config.ConfigCompatibilityTest diff_3_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_4_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_4_1
org.apache.cassandra.config.ConfigCompatibilityTest diff_5_0
org.apache.cassandra.config.ConfigCompatibilityTest diff_3_11
{noformat}
[java17_pre-commit_tests|https://app.circleci.com/pipelines/github/instaclustr/cassandra/5976/workflows/3552ab1b-ba0e-4ac9-9d4c-0fa19f5a1725]
> jackson-core vulnerability: CVE-2025-52999
> ------------------------------------------
>
> Key: CASSANDRA-20848
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20848
> Project: Apache Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: ANSHUL SAINI
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2025-52999
> jackson-core contains core low-level incremental ("streaming") parser and
> generator abstractions used by Jackson Data Processor. In versions prior to
> 2.15.0, if a user parses an input file and it has deeply nested data, Jackson
> could end up throwing a StackoverflowError if the depth is particularly large.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
