Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security vulnerability:update of org.eclipse.jetty #989

Closed
wants to merge 1 commit into from
Closed

security vulnerability:update of org.eclipse.jetty #989

wants to merge 1 commit into from

Conversation

mbiarnes
Copy link
Contributor

GitHub: potential security vulnerabilities in dependencies

@mbiarnes mbiarnes requested review from mareknovotny and krisv July 15, 2019 08:27
@mbiarnes
Copy link
Contributor Author

found org.eclipse.jetty in following reps:
droolsjbpm-integration
jbpm-work-items

@mareknovotny
Copy link
Member

Jenkins execute full downstream build

@mareknovotny mareknovotny added the rebase-needed PR should be rebased label Jul 20, 2019
@mareknovotny mareknovotny requested a review from tsurdilo July 26, 2019 07:11
@mareknovotny mareknovotny removed the rebase-needed PR should be rebased label Jul 26, 2019
@mareknovotny mareknovotny requested a review from mswiderski July 26, 2019 07:21
@mareknovotny
Copy link
Member

we use jetty as a test container only with exceptions to jbpm-work-items google's modules which can bundle/depends on some jetty, @tsurdilo can you review this upgrade?

@mbiarnes affected tests are the following:

If they are green here in CI I think we can merge it

@mareknovotny
Copy link
Member

Jenkins execute full downstream build

@mbiarnes
Copy link
Contributor Author

@mareknovotny three test failed
org.kie.server.common.rest.KieServerHttpRequestTest.getWithResponseCharset
org.kie.server.common.rest.KieServerHttpRequestTest.numberHeader
org.kie.wb.selenium.ui.ProjectLibraryIntegrationTest.importAndBuildProjectFromStockRepository
the selenium one fails in each FDB - the other two has to be looked at

@mareknovotny
Copy link
Member

@mbiarnes ok, so test source code need a fix for the upgrade.

@mbiarnes mbiarnes force-pushed the org.eclipse.jetty_vulnerability branch from 8bbb5ba to ac7a6ec Compare August 2, 2019 14:45
@mbiarnes
Copy link
Contributor Author

mbiarnes commented Aug 2, 2019

Jenkins execute full downstream build

@mareknovotny
Copy link
Member

I looked at jetty issues, and it seems the Charset can be in different letter case in 9.x see https://bugs.eclipse.org/bugs/show_bug.cgi?id=414449 so we can fix it like in my change here mareknovotny/droolsjbpm-integration@55baa10 or find the version it is fixed. Unfortunately that bugzilla is referencing only the commit hash so I need to look for it in git repository

@mbiarnes mbiarnes mentioned this pull request Aug 19, 2019
Closed
@mbiarnes
Copy link
Contributor Author

#989
kiegroup/droolsjbpm-integration#1891

@mbiarnes
Copy link
Contributor Author

Jenkins execute full downstream build

@mareknovotny
Copy link
Member

so there is keeping org.kie.server.common.rest.KieServerHttpRequestTest.numberHeader failing, looking at that

@mbiarnes
Copy link
Contributor Author

Jenkins execute full downstream build

@mareknovotny
Copy link
Member

jetty vulnerability is not applicable here as we use it mainly for CI tests. And we don't have a motivation to solve the test failures in newer jetty version

@mbiarnes mbiarnes closed this Nov 13, 2019
@mbiarnes mbiarnes deleted the org.eclipse.jetty_vulnerability branch December 17, 2019 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mareknovotny mareknovotny Awaiting requested review from mareknovotny

@krisv krisv Awaiting requested review from krisv

@tsurdilo tsurdilo Awaiting requested review from tsurdilo

@mswiderski mswiderski Awaiting requested review from mswiderski

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mbiarnes @mareknovotny