Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.4] Fixes CVE-2022-42920 by forcing bcel version to resovle to 6.6 #2303

Merged
merged 1 commit into from
Dec 6, 2022

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Dec 6, 2022

Backport of #2275 to 2.4

@cwperks cwperks requested a review from a team December 6, 2022 18:10
@codecov-commenter
Copy link

Codecov Report

Merging #2303 (70125b5) into 2.4 (8031157) will decrease coverage by 0.09%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                2.4    #2303      +/-   ##
============================================
- Coverage     61.08%   60.99%   -0.10%     
+ Complexity     3251     3244       -7     
============================================
  Files           258      258              
  Lines         18125    18124       -1     
  Branches       3231     3231              
============================================
- Hits          11072    11054      -18     
- Misses         5483     5495      +12     
- Partials       1570     1575       +5     
Impacted Files Coverage Δ
...ecurity/configuration/StaticResourceException.java 0.00% <0.00%> (-25.00%) ⬇️
...urity/ssl/transport/SecuritySSLNettyTransport.java 62.36% <0.00%> (-4.31%) ⬇️
...nsearch/security/dlic/rest/api/AuditApiAction.java 63.82% <0.00%> (-4.26%) ⬇️
...security/auditlog/sink/ExternalOpenSearchSink.java 59.25% <0.00%> (-2.47%) ⬇️
...earch/security/ssl/util/SSLConnectionTestUtil.java 93.18% <0.00%> (-2.28%) ⬇️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java 57.46% <0.00%> (-1.50%) ⬇️
...iance/ComplianceIndexingOperationListenerImpl.java 61.76% <0.00%> (-1.48%) ⬇️
...ecurity/ssl/rest/SecuritySSLReloadCertsAction.java 84.78% <0.00%> (-0.33%) ⬇️
...a/org/opensearch/security/tools/SecurityAdmin.java 35.75% <0.00%> (-0.25%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@peternied peternied merged commit ad3656c into opensearch-project:2.4 Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants