This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 0d0c5695df574888a02bb457160aac9adc47c814 Merge: 0b7e3a8ee7 5ac75323cd Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Mon Jan 30 07:26:16 2023 -0600 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 1 + CHANGES.txt | 1 + 2 files changed, 2 insertions(+) diff --cc .build/dependency-check-suppressions.xml index 3c81e79c17,8bd46b0abc..63516343dc --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -70,18 -97,17 +70,19 @@@ <packageUrl regex="true">^pkg:maven/commons-codec/.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 --> + <!-- netty's http stuff is not applicable here --> <suppress> - <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl> - <cve>CVE-2015-3254</cve> - <cve>CVE-2016-5397</cve> - <cve>CVE-2018-1320</cve> - <cve>CVE-2018-11798</cve> - <cve>CVE-2019-0205</cve> + <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl> + <cve>CVE-2021-21290</cve> + <cve>CVE-2021-21295</cve> + <cve>CVE-2021-21409</cve> + <cve>CVE-2021-37136</cve> + <cve>CVE-2021-37137</cve> + <cve>CVE-2021-43797</cve> + <cve>CVE-2022-24823</cve> + <cve>CVE-2022-41881</cve> ++ <cve>CVE-2022-41915</cve> </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 --> <suppress> <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl> diff --cc CHANGES.txt index 806284588b,44e2eda7ce..a035c66541 --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,19 -1,7 +1,20 @@@ -3.11.15 +4.0.8 + * Connect to listen address when own broadcast address is requested (CASSANDRA-18200) + * Add safeguard so cleanup fails when node has pending ranges (CASSANDRA-16418) + * Fix legacy clustering serialization for paging with compact storage (CASSANDRA-17507) + * Add support for python 3.11 (CASSANDRA-18088) + * Fix formatting of duration in cqlsh (CASSANDRA-18141) + * Fix sstable loading of keyspaces named snapshots or backups (CASSANDRA-14013) + * Avoid ConcurrentModificationException in STCS/DTCS/TWCS.getSSTables (CASSANDRA-17977) + * Restore internode custom tracing on 4.0's new messaging system (CASSANDRA-17981) + * Harden parsing of boolean values in CQL in PropertyDefinitions (CASSANDRA-17878) + * Fix error message about type hints (CASSANDRA-17915) + * Fix possible race condition on repair snapshots (CASSANDRA-17955) + * Fix ASM bytecode version inconsistency (CASSANDRA-17873) +Merged from 3.11: * Fix Splitter sometimes creating more splits than requested (CASSANDRA-18013) Merged from 3.0: + * Suppress CVE-2022-41915 (CASSANDRA-18147) * Introduce check for names of test classes (CASSANDRA-17964) * Suppress CVE-2021-1471, CVE-2021-3064, CVE-2021-4235 (CASSANDRA-18149) * Switch to snakeyaml's SafeConstructor (CASSANDRA-18150) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org