Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version of cryptography to address CVE #18656

Merged
merged 2 commits into from
Sep 25, 2024
Merged

Bump version of cryptography to address CVE #18656

merged 2 commits into from
Sep 25, 2024

Conversation

Kyle-Neale
Copy link
Contributor

What does this PR do?

This PR bumps the version of cryptography.

Motivation

GHSA-h4gh-qq45-vh27

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt.

Additional Notes

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Changelog entries must be created for modifications to shipped code
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@codecov Codecov
Copy link

codecov bot commented Sep 25, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.56%. Comparing base (d837ba9) to head (b4d89e6).
Report is 38 commits behind head on master.

Additional details and impacted files
Flag Coverage Δ
activemq ?
cassandra ?
cisco_aci 95.03% <ø> (ø)
datadog_checks_base 88.97% <ø> (+0.29%) ⬆️
hive ?
hivemq ?
http_check 93.99% <ø> (ø)
ignite ?
jboss_wildfly ?
kafka ?
mysql 88.67% <ø> (-0.88%) ⬇️
presto ?
solr ?
tls 91.68% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@Kyle-Neale Kyle-Neale marked this pull request as ready for review September 25, 2024 11:23
@Kyle-Neale Kyle-Neale requested review from a team as code owners September 25, 2024 11:23
@Kyle-Neale Kyle-Neale merged commit 2a83f38 into master Sep 25, 2024
65 checks passed
@Kyle-Neale Kyle-Neale deleted the kyleneale/bump_cryptography_version branch September 25, 2024 12:43
@datadog-agent-integrations-bot
Copy link
Contributor

The backport to 7.58.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-7.58.x 7.58.x
# Navigate to the new working tree
cd .worktrees/backport-7.58.x
# Create a new branch
git switch --create backport-18656-to-7.58.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 2a83f38221a3f521763b93591a21e56af0cf8a75
# Push it to GitHub
git push --set-upstream origin backport-18656-to-7.58.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.58.x

Then, create a pull request where the base branch is 7.58.x and the compare/head branch is backport-18656-to-7.58.x.

github-actions bot pushed a commit to bhargavnariyanicrest/integrations-core that referenced this pull request Sep 25, 2024
@bhargavnariyanicrest
Bump version of cryptography to address CVE (DataDog#18656)
a9d949b 
* bump version of cryptography to address CVE

* add changelog 2a83f38
@datadog-agent-integrations-bot
Copy link
Contributor

The backport to 7.58.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-7.58.x 7.58.x
# Navigate to the new working tree
cd .worktrees/backport-7.58.x
# Create a new branch
git switch --create backport-18656-to-7.58.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 2a83f38221a3f521763b93591a21e56af0cf8a75
# Push it to GitHub
git push --set-upstream origin backport-18656-to-7.58.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.58.x

Then, create a pull request where the base branch is 7.58.x and the compare/head branch is backport-18656-to-7.58.x.

@datadog-agent-integrations-bot
Copy link
Contributor

The backport to 7.57.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-7.57.x 7.57.x
# Navigate to the new working tree
cd .worktrees/backport-7.57.x
# Create a new branch
git switch --create backport-18656-to-7.57.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 2a83f38221a3f521763b93591a21e56af0cf8a75
# Push it to GitHub
git push --set-upstream origin backport-18656-to-7.57.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.57.x

Then, create a pull request where the base branch is 7.57.x and the compare/head branch is backport-18656-to-7.57.x.

Kyle-Neale added a commit that referenced this pull request Sep 30, 2024
@Kyle-Neale
Bump version of cryptography to address CVE (#18656)
147fd59 
* bump version of cryptography to address CVE

* add changelog

(cherry picked from commit 2a83f38)
Kyle-Neale added a commit that referenced this pull request Sep 30, 2024
@Kyle-Neale
Bump version of cryptography to address CVE (#18656) (#18727)
ce57db0 
* bump version of cryptography to address CVE

* add changelog

(cherry picked from commit 2a83f38)
datadog-agent-integrations-bot bot pushed a commit that referenced this pull request Oct 1, 2024
@Kyle-Neale @github-actions
Bump version of cryptography to address CVE (#18656)
f3a7cab 
* bump version of cryptography to address CVE

* add changelog

(cherry picked from commit 2a83f38)
@datadog-agent-integrations-bot datadog-agent-integrations-bot bot mentioned this pull request Oct 1, 2024
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TCheruy TCheruy TCheruy approved these changes

@HadhemiDD HadhemiDD HadhemiDD approved these changes

@steveny91 steveny91 steveny91 approved these changes

@lu-zhengda lu-zhengda lu-zhengda approved these changes

Assignees
No one assigned
Labels
agent/approved backport/master backport/7.57.x backport/7.58.x base_package dependencies ecosystems/review-requested integration/cisco_aci integration/http_check integration/mysql integration/tls product/review-requested team/agent-integrations team/database-monitoring-agent team/network-device-monitoring
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Kyle-Neale @lu-zhengda @steveny91 @HadhemiDD @TCheruy