Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrading Jettison due to CVE-2022-45685 #5777

Merged
merged 3 commits into from
Jan 13, 2023
Merged

Upgrading Jettison due to CVE-2022-45685 #5777

merged 3 commits into from
Jan 13, 2023

Conversation

saratvemulapalli
Copy link
Member

Signed-off-by: Sarat Vemulapalli vemulapallisarat@gmail.com

Description

Upgrading Jettison due to CVE-2022-45685

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@saratvemulapalli
Upgrading Jettison due to CVE
eb4517d 
Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
@saratvemulapalli saratvemulapalli added >upgrade Label used when upgrading library dependencies (e.g., Lucene) CVE Fixes a CVE dependencies Pull requests that update a dependency file backport 2.x Backport to 2.x branch backport 2.5 labels Jan 10, 2023
@saratvemulapalli
Updated Changelog
b00d88b 
Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

  • RESULT: null ❌
  • URL: null
  • CommitID: b00d88b
    Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
    Is the failure a flaky test unrelated to your change?

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@saratvemulapalli
Copy link
Member Author 

[org.opensearch.search.aggregations.metrics.MedianAbsoluteDeviationAggregatorTests.testQueryFiltering](https://build.ci.opensearch.org/job/gradle-check/9346/testReport/junit/org.opensearch.search.aggregations.metrics/MedianAbsoluteDeviationAggregatorTests/testQueryFiltering/)
[org.opensearch.search.aggregations.metrics.MedianAbsoluteDeviationAggregatorTests.testQueryFiltering](https://build.ci.opensearch.org/job/gradle-check/9346/testReport/junit/org.opensearch.search.aggregations.metrics/MedianAbsoluteDeviationAggregatorTests/testQueryFiltering_2/)
[org.opensearch.search.aggregations.metrics.MedianAbsoluteDeviationAggregatorTests.testQueryFiltering](https://build.ci.opensearch.org/job/gradle-check/9346/testReport/junit/org.opensearch.search.aggregations.metrics/MedianAbsoluteDeviationAggregatorTests/testQueryFiltering_3/)
[org.opensearch.search.aggregations.metrics.MedianAbsoluteDeviationAggregatorTests.testQueryFiltering](https://build.ci.opensearch.org/job/gradle-check/9346/testReport/junit/org.opensearch.search.aggregations.metrics/MedianAbsoluteDeviationAggregatorTests/testQueryFiltering_4/)

@saratvemulapalli
Copy link
Member Author

Flaky test: #4789 :/

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

  • RESULT: UNSTABLE ❕
  • TEST FAILURES:
      1 org.opensearch.search.SearchWeightedRoutingIT.testSearchAggregationWithNetworkDisruption_FailOpenEnabled
      1 org.opensearch.indices.replication.SegmentReplicationRelocationIT.testMultipleShards

@codecov-commenter
Copy link

Codecov Report

Merging #5777 (6d9f64d) into main (5989d01) will decrease coverage by 0.10%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #5777      +/-   ##
============================================
- Coverage     70.98%   70.87%   -0.11%     
+ Complexity    58818    58736      -82     
============================================
  Files          4768     4768              
  Lines        280575   280575              
  Branches      40514    40514              
============================================
- Hits         199155   198851     -304     
- Misses        65085    65414     +329     
+ Partials      16335    16310      -25
Impacted Files Coverage Δ
.../java/org/opensearch/plugins/IndexStorePlugin.java 0.00% <0.00%> (-100.00%) ⬇️
...va/org/opensearch/test/store/MockFSIndexStore.java 0.00% <0.00%> (-73.92%) ⬇️
...port/ResponseHandlerFailureTransportException.java 0.00% <0.00%> (-60.00%) ⬇️
...a/org/opensearch/tasks/TaskCancelledException.java 50.00% <0.00%> (-50.00%) ⬇️
.../opensearch/client/indices/CloseIndexResponse.java 42.50% <0.00%> (-48.75%) ⬇️
.../opensearch/test/store/MockFSDirectoryFactory.java 21.33% <0.00%> (-48.00%) ⬇️
...adcast/BroadcastShardOperationFailedException.java 55.55% <0.00%> (-44.45%) ⬇️
...opensearch/persistent/PersistentTasksExecutor.java 22.22% <0.00%> (-40.75%) ⬇️
...h/action/ingest/SimulateDocumentVerboseResult.java 60.71% <0.00%> (-39.29%) ⬇️
...cluster/coordination/PublishClusterStateStats.java 33.33% <0.00%> (-37.51%) ⬇️
... and 462 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@reta reta merged commit 32dd9e2 into opensearch-project:main Jan 13, 2023
RS146BIJAY pushed a commit to RS146BIJAY/OpenSearch that referenced this pull request Jan 13, 2023
@saratvemulapalli
Upgrading Jettison due to CVE-2022-45685 (opensearch-project#5777)
a8787d6 
* Upgrading Jettison due to CVE

Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>

* Updated Changelog

Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>

Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
@ryanbogan ryanbogan added the backport 1.3 Backport to 1.3 branch label Jan 25, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-1.3 1.3
# Navigate to the new working tree
pushd ../.worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-5777-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 32dd9e2e825fecd5b3fd87c6bbfbaa49cfd2f6f9
# Push it to GitHub
git push --set-upstream origin backport/backport-5777-to-1.3
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-5777-to-1.3.

@ryanbogan ryanbogan mentioned this pull request Jan 25, 2023
Merged
6 tasks
kartg added a commit to kartg/OpenSearch that referenced this pull request Feb 20, 2023
@kartg
[Backport 2.x] Bump jettison from 1.5.1 to 1.5.3 in /plugins/discover…
5fd2706 
…y-azure-classic

This is a backport of opensearch-project#5777

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
@kartg kartg mentioned this pull request Feb 20, 2023
Merged
6 tasks
kartg added a commit to kartg/OpenSearch that referenced this pull request Feb 20, 2023
@kartg
Bump jettison from 1.5.0 to 1.5.1 in /plugins/discovery-azure-classic
5bff6e5 
This is a backport of opensearch-project#5777

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
@kartg kartg mentioned this pull request Feb 20, 2023
Merged
6 tasks
kartg added a commit that referenced this pull request Feb 20, 2023
@kartg
[Backport 2.x] Bump jettison from 1.5.1 to 1.5.3 in /plugins/discover…
81f14a4 
…y-azure-classic (#6391)

* [Backport 2.x] Bump jettison from 1.5.1 to 1.5.3 in /plugins/discovery-azure-classic

This is a backport of #5777

Signed-off-by: Kartik Ganesh <gkart@amazon.com>

* Update CHANGELOG message with PR

Signed-off-by: Kartik Ganesh <gkart@amazon.com>

---------

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
kartg added a commit that referenced this pull request Feb 20, 2023
@kartg
[Backport 1.x] Bump jettison from 1.5.1 to 1.5.3 in /plugins/discover…
3e2e80c 
…y-azure-classic (#6392)

* Bump jettison from 1.5.0 to 1.5.1 in /plugins/discovery-azure-classic

This is a backport of #5777

Signed-off-by: Kartik Ganesh <gkart@amazon.com>

* updated CHANGELOG message with PR

Signed-off-by: Kartik Ganesh <gkart@amazon.com>

---------

Signed-off-by: Kartik Ganesh <gkart@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@adnapibar adnapibar Awaiting requested review from adnapibar

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@xuezhou25 xuezhou25 Awaiting requested review from xuezhou25

Assignees
No one assigned
Labels
backport 1.3 Backport to 1.3 branch backport 2.x Backport to 2.x branch backport 2.5 CVE Fixes a CVE dependencies Pull requests that update a dependency file >upgrade Label used when upgrading library dependencies (e.g., Lucene)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@saratvemulapalli @codecov-commenter @reta @ryanbogan