Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Corrects CVE-2023-20863 by forcing spring-expression version #2711

Merged
merged 1 commit into from
Apr 20, 2023
Merged

Corrects CVE-2023-20863 by forcing spring-expression version #2711

merged 1 commit into from
Apr 20, 2023

Conversation

stephen-crawford
Copy link
Contributor

Description

Corrects CVE-2023-20863 by forcing spring-expression up to a corrected version.

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@stephen-crawford
Force expression
7b530dc 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford stephen-crawford added the backport 1.x backport to 1.x branch label Apr 20, 2023
@stephen-crawford
Copy link
Contributor Author

@RyanL1997 and @DarshitChanpura would you mind reviewing this CVE bump when you get a chance?

@DarshitChanpura DarshitChanpura merged commit 87c8e46 into opensearch-project:1.3 Apr 20, 2023
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Apr 20, 2023
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Apr 20, 2023
@stephen-crawford @github-actions
Force expression (#2711)
2e80fed 
Signed-off-by: Stephen Crawford <[email protected]>
(cherry picked from commit 87c8e46)
@stephen-crawford stephen-crawford deleted the spring-expression-1.3 branch April 20, 2023 17:12
stephen-crawford added a commit that referenced this pull request Apr 20, 2023
@opensearch-trigger-bot @stephen-crawford
Force expression (#2711) (#2712)
16a67fb 
Signed-off-by: Stephen Crawford <[email protected]>
(cherry picked from commit 87c8e46)

Co-authored-by: Stephen Crawford <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RyanL1997 RyanL1997 RyanL1997 approved these changes

@DarshitChanpura DarshitChanpura DarshitChanpura approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@davidlago davidlago Awaiting requested review from davidlago

@peternied peternied Awaiting requested review from peternied peternied is a code owner

Assignees
No one assigned
Labels
backport 1.x backport to 1.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stephen-crawford @DarshitChanpura @RyanL1997