Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[onecollector & resources.aws] Mitigate STJ vulnerabilities #2196

Merged
merged 3 commits into from
Oct 9, 2024
Merged

[onecollector & resources.aws] Mitigate STJ vulnerabilities #2196

merged 3 commits into from
Oct 9, 2024

Conversation

CodeBlanch
Copy link
Member

Changes

  • Mitigate security vulnerabilities in projects which are today targeting System.Text.Json v6.0.0.

Details

OpenTelemetry.Exporter.OneCollector

Before

Target Direct reference Version Vulnerable
net462 Yes 6.0.0 Yes
net8.0 No 8.0.0 - 8.0.5 Depends on installed runtime patch level
netstandard2.0 Yes 6.0.0 Yes
netstandard2.1 Yes 6.0.0 Yes

After

Target Direct reference Version Vulnerable
net462 Yes 6.0.10 No
net8.0 Yes 8.0.5 No
netstandard2.0 Yes 6.0.10 No
netstandard2.1 Yes 6.0.10 No

OpenTelemetry.Resources.AWS

Before

Target Direct reference Version Vulnerable
net462 Yes 6.0.0 Yes
net8.0 No 8.0.0 - 8.0.5 Depends on installed runtime patch level
netstandard2.0 Yes 6.0.0 Yes

After

Target Direct reference Version Vulnerable
net462 Yes 6.0.10 No
net8.0 Yes 8.0.5 No
netstandard2.0 Yes 6.0.10 No

Merge requirement checklist

  • CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)

@CodeBlanch CodeBlanch requested a review from a team as a code owner October 9, 2024 21:12
@github-actions github-actions bot requested review from ppittle, reyang and srprash October 9, 2024 21:12
@github-actions github-actions bot added infra Infra work - CI/CD, code coverage, linters comp:exporter.onecollector Things related to OpenTelemetry.Exporter.OneCollector comp:resources.aws Things related to OpenTelemetry.Resources.AWS labels Oct 9, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.83%. Comparing base (71655ce) to head (a5268c2).
Report is 522 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2196      +/-   ##
==========================================
- Coverage   73.91%   68.83%   -5.08%     
==========================================
  Files         267      260       -7     
  Lines        9615    10830    +1215     
==========================================
+ Hits         7107     7455     +348     
- Misses       2508     3375     +867
Flag Coverage Δ
unittests-Exporter.Geneva 58.94% <ø> (?)
unittests-Exporter.Instana 71.24% <ø> (?)
unittests-Exporter.OneCollector 94.32% <ø> (?)
unittests-Exporter.Stackdriver 75.73% <ø> (?)
unittests-Extensions 88.63% <ø> (?)
unittests-Extensions.Enrichment 100.00% <ø> (?)
unittests-Instrumentation.AspNet 76.73% <ø> (?)
unittests-Instrumentation.ConfluentKafka 14.12% <ø> (?)
unittests-Instrumentation.EventCounters 76.36% <ø> (?)
unittests-Instrumentation.GrpcNetClient 79.61% <ø> (?)
unittests-Instrumentation.Hangfire 93.58% <ø> (?)
unittests-Instrumentation.Http 73.57% <ø> (?)
unittests-Instrumentation.Owin 85.97% <ø> (?)
unittests-Instrumentation.Process 100.00% <ø> (?)
unittests-Instrumentation.Quartz 78.94% <ø> (?)
unittests-Instrumentation.Runtime 97.53% <ø> (?)
unittests-Instrumentation.StackExchangeRedis 69.92% <ø> (?)
unittests-Instrumentation.Wcf 78.47% <ø> (?)
unittests-PersistentStorage 65.78% <ø> (?)
unittests-Resources.AWS 77.85% <ø> (?)
unittests-Resources.Azure 83.89% <ø> (?)
unittests-Resources.Container 72.41% <ø> (?)
unittests-Resources.Gcp 72.54% <ø> (?)
unittests-Resources.Host 73.94% <ø> (?)
unittests-Resources.OperatingSystem 77.20% <ø> (?)
unittests-Resources.Process 100.00% <ø> (?)
unittests-Resources.ProcessRuntime 77.08% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 343 files with indirect coverage changes

@CodeBlanch CodeBlanch merged commit 81bcef5 into open-telemetry:main Oct 9, 2024
104 of 133 checks passed
@CodeBlanch CodeBlanch deleted the repo-stj-mitigate-projects-at-6 branch October 9, 2024 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajkumar-rangaraj rajkumar-rangaraj rajkumar-rangaraj approved these changes

@cijothomas cijothomas cijothomas approved these changes

@ppittle ppittle Awaiting requested review from ppittle

@reyang reyang Awaiting requested review from reyang

@srprash srprash Awaiting requested review from srprash

Assignees

@ppittle ppittle

@reyang reyang

@CodeBlanch CodeBlanch

@srprash srprash

Labels
comp:exporter.onecollector Things related to OpenTelemetry.Exporter.OneCollector comp:resources.aws Things related to OpenTelemetry.Resources.AWS infra Infra work - CI/CD, code coverage, linters
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@CodeBlanch @cijothomas @rajkumar-rangaraj @ppittle @reyang @srprash