Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.3] Fixes CVE-2022-46363 #2351

Merged
merged 2 commits into from
Dec 16, 2022
Merged

[Backport 1.3] Fixes CVE-2022-46363 #2351

merged 2 commits into from
Dec 16, 2022

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 8b907c4 from #2349

@stephen-crawford @github-actions
[1.x] Fixes CVE-2022-46363 (#2349)
a4a39b8 
* Update cxf-core to 3.5.5

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
(cherry picked from commit 8b907c4)
@opensearch-trigger-bot opensearch-trigger-bot bot requested a review from a team December 14, 2022 18:15
@codecov-commenter
Copy link

codecov-commenter commented Dec 14, 2022
edited
Loading

Codecov Report

Merging #2351 (8b907c4) into 1.3 (43244d2) will increase coverage by 0.16%.
The diff coverage is 58.33%.

❗ Current head 8b907c4 differs from pull request most recent head a4a39b8. Consider uploading reports for the commit a4a39b8 to get more accurate results

@@             Coverage Diff              @@
##                1.3    #2351      +/-   ##
============================================
+ Coverage     64.43%   64.59%   +0.16%     
+ Complexity     3219     3215       -4     
============================================
  Files           247      247              
  Lines         17344    17358      +14     
  Branches       3073     3085      +12     
============================================
+ Hits          11176    11213      +37     
+ Misses         4622     4594      -28     
- Partials       1546     1551       +5
Impacted Files Coverage Δ
...earch/security/resolver/IndexResolverReplacer.java 63.97% <54.54%> (+0.10%) ⬆️
...earch/security/privileges/PrivilegesEvaluator.java 71.57% <100.00%> (ø)
...g/opensearch/security/auditlog/sink/Log4JSink.java 48.00% <0.00%> (-12.00%) ⬇️
...security/privileges/TermsAggregationEvaluator.java 58.06% <0.00%> (-3.23%) ⬇️
...search/security/securityconf/impl/v7/ConfigV7.java 72.12% <0.00%> (-1.82%) ⬇️
...search/security/configuration/DlsFlsValveImpl.java 70.22% <0.00%> (-1.52%) ⬇️
...security/configuration/DlsFlsFilterLeafReader.java 60.47% <0.00%> (-0.95%) ⬇️
...g/opensearch/security/support/WildcardMatcher.java 61.03% <0.00%> (-0.65%) ⬇️
...pensearch/security/securityconf/ConfigModelV7.java 63.90% <0.00%> (-0.57%) ⬇️
...ensearch/security/ssl/DefaultSecurityKeyStore.java 68.93% <0.00%> (-0.15%) ⬇️
... and 15 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@DarshitChanpura DarshitChanpura changed the title [Backport 1.3] [1.x] Fixes CVE-2022-46363 [Backport 1.3] Fixes CVE-2022-46363 Dec 16, 2022
@DarshitChanpura DarshitChanpura merged commit 9c20990 into 1.3 Dec 16, 2022
@DarshitChanpura DarshitChanpura deleted the backport/backport-2349-to-1.3 branch December 16, 2022 22:04
@cwperks cwperks mentioned this pull request Feb 1, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DarshitChanpura DarshitChanpura DarshitChanpura approved these changes

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@codecov-commenter @DarshitChanpura @stephen-crawford