[cassandra] 03/04: Merge branch 'cassandra-3.11' into cassandra-4.0

Mon, 30 Jan 2023 05:32:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git

commit 0d0c5695df574888a02bb457160aac9adc47c814
Merge: 0b7e3a8ee7 5ac75323cd
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Mon Jan 30 07:26:16 2023 -0600

    Merge branch 'cassandra-3.11' into cassandra-4.0

 .build/dependency-check-suppressions.xml | 1 +
 CHANGES.txt                              | 1 +
 2 files changed, 2 insertions(+)

diff --cc .build/dependency-check-suppressions.xml
index 3c81e79c17,8bd46b0abc..63516343dc
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -70,18 -97,17 +70,19 @@@
          <packageUrl regex="true">^pkg:maven/commons-codec/.*$</packageUrl>
          <cve>CVE-2021-37533</cve>
      </suppress>
 -
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 -->
 +    <!-- netty's http stuff is not applicable here -->
      <suppress>
 -        <packageUrl 
regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
 -        <cve>CVE-2015-3254</cve>
 -        <cve>CVE-2016-5397</cve>
 -        <cve>CVE-2018-1320</cve>
 -        <cve>CVE-2018-11798</cve>
 -        <cve>CVE-2019-0205</cve>
 +        <packageUrl 
regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl>
 +        <cve>CVE-2021-21290</cve>
 +        <cve>CVE-2021-21295</cve>
 +        <cve>CVE-2021-21409</cve>
 +        <cve>CVE-2021-37136</cve>
 +        <cve>CVE-2021-37137</cve>
 +        <cve>CVE-2021-43797</cve>
 +        <cve>CVE-2022-24823</cve>
 +        <cve>CVE-2022-41881</cve>
++        <cve>CVE-2022-41915</cve>
      </suppress>
 -
      <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 -->
      <suppress>
          <packageUrl 
regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
diff --cc CHANGES.txt
index 806284588b,44e2eda7ce..a035c66541
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,19 -1,7 +1,20 @@@
 -3.11.15
 +4.0.8
 + * Connect to listen address when own broadcast address is requested 
(CASSANDRA-18200)
 + * Add safeguard so cleanup fails when node has pending ranges 
(CASSANDRA-16418)
 + * Fix legacy clustering serialization for paging with compact storage 
(CASSANDRA-17507)
 + * Add support for python 3.11 (CASSANDRA-18088)
 + * Fix formatting of duration in cqlsh (CASSANDRA-18141)
 + * Fix sstable loading of keyspaces named snapshots or backups 
(CASSANDRA-14013)
 + * Avoid ConcurrentModificationException in STCS/DTCS/TWCS.getSSTables 
(CASSANDRA-17977)
 + * Restore internode custom tracing on 4.0's new messaging system 
(CASSANDRA-17981)
 + * Harden parsing of boolean values in CQL in PropertyDefinitions 
(CASSANDRA-17878)
 + * Fix error message about type hints (CASSANDRA-17915)
 + * Fix possible race condition on repair snapshots (CASSANDRA-17955)
 + * Fix ASM bytecode version inconsistency (CASSANDRA-17873)
 +Merged from 3.11:
   * Fix Splitter sometimes creating more splits than requested 
(CASSANDRA-18013)
  Merged from 3.0:
+  * Suppress CVE-2022-41915 (CASSANDRA-18147)
   * Introduce check for names of test classes (CASSANDRA-17964)
   * Suppress CVE-2021-1471, CVE-2021-3064, CVE-2021-4235 (CASSANDRA-18149)
   * Switch to snakeyaml's SafeConstructor (CASSANDRA-18150)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to