Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[extensions.aws & sampler.aws] Mitigate STJ vulnerabilities #2197

Merged
merged 2 commits into from
Oct 9, 2024
Merged

[extensions.aws & sampler.aws] Mitigate STJ vulnerabilities #2197

merged 2 commits into from
Oct 9, 2024

Conversation

CodeBlanch
Copy link
Member

@CodeBlanch CodeBlanch commented Oct 9, 2024
edited
Loading

Changes

  • Mitigate security vulnerabilities in more projects which are today targeting System.Text.Json v6.0.0.
  • In OpenTelemetry.Sampler.AWS reference System.Net.Http directly on net462 and drop package reference. Not related to vulnerability just making it consistent with the rest of the repo.

Details

OpenTelemetry.Extensions.AWS

Before

Target Direct reference Version Vulnerable
net462 Yes 6.0.0 Yes
net8.0 No 8.0.0 - 8.0.5 Depends on installed runtime patch level
netstandard2.0 Yes 6.0.0 Yes

After

Target Direct reference Version Vulnerable
net462 Yes 6.0.10 No
net8.0 Yes 8.0.5 No
netstandard2.0 Yes 6.0.10 No

OpenTelemetry.Sampler.AWS

Before

Target Direct reference Version Vulnerable
net462 Yes 6.0.0 Yes
net8.0 No 8.0.0 - 8.0.5 Depends on installed runtime patch level
netstandard2.0 Yes 6.0.0 Yes

After

Target Direct reference Version Vulnerable
net462 Yes 6.0.10 No
net8.0 Yes 8.0.5 No
netstandard2.0 Yes 6.0.10 No

Merge requirement checklist

  • CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)

@CodeBlanch CodeBlanch requested a review from a team as a code owner October 9, 2024 22:35
@github-actions github-actions bot requested review from ppittle, reyang and srprash October 9, 2024 22:36
@github-actions github-actions bot added comp:exporter.onecollector Things related to OpenTelemetry.Exporter.OneCollector comp:extensions.aws Things related to OpenTelemetry.Extensions.AWS comp:resources.aws Things related to OpenTelemetry.Resources.AWS comp:sampler.aws Things related to OpenTelemetry.Samplers.AWS comp:instrumentation.http Things related to OpenTelemetry.Instrumentation.Http labels Oct 9, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.45%. Comparing base (71655ce) to head (73a1703).
Report is 523 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2197      +/-   ##
==========================================
+ Coverage   73.91%   77.45%   +3.53%     
==========================================
  Files         267       26     -241     
  Lines        9615     1233    -8382     
==========================================
- Hits         7107      955    -6152     
+ Misses       2508      278    -2230
Flag Coverage Δ
unittests-Extensions 88.63% <ø> (?)
unittests-Extensions.AWS 83.41% <ø> (?)
unittests-Instrumentation.Http 73.57% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 279 files with indirect coverage changes

@CodeBlanch CodeBlanch merged commit 2f0ee5a into open-telemetry:main Oct 9, 2024
58 of 61 checks passed
@CodeBlanch CodeBlanch deleted the repo-stj-mitigate-projects-at-6-2 branch October 9, 2024 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cijothomas cijothomas cijothomas approved these changes

@ppittle ppittle Awaiting requested review from ppittle

@reyang reyang Awaiting requested review from reyang

@srprash srprash Awaiting requested review from srprash

Assignees

@ppittle ppittle

@reyang reyang

@CodeBlanch CodeBlanch

@srprash srprash

Labels
comp:exporter.onecollector Things related to OpenTelemetry.Exporter.OneCollector comp:extensions.aws Things related to OpenTelemetry.Extensions.AWS comp:instrumentation.http Things related to OpenTelemetry.Instrumentation.Http comp:resources.aws Things related to OpenTelemetry.Resources.AWS comp:sampler.aws Things related to OpenTelemetry.Samplers.AWS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@CodeBlanch @cijothomas @ppittle @reyang @srprash