Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump iceberg version (java) #19423

Merged
merged 3 commits into from
Nov 26, 2024
Merged

chore: bump iceberg version (java) #19423

merged 3 commits into from
Nov 26, 2024

Conversation

fuyufjh
Copy link
Member

@fuyufjh fuyufjh commented Nov 18, 2024

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

This is necessary to get rid of

✗ CRITICAL CVE-2024-47561 [Deserialization of Untrusted Data]
  | https://scout.docker.com/v/CVE-2024-47561
  | Affected range : <1.11.4
  | Fixed version  : 1.11.4
  | CVSS Score     : 9.8
  | CVSS Vector    : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 

Due to the lack of test, cc @chenzl25 for double check.

Checklist

  • I have written necessary rustdoc comments
  • I have added necessary unit tests and integration tests
  • I have added test labels as necessary. See details.
  • I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
  • My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
  • All checks passed in ./risedev check (or alias, ./risedev c)
  • My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)
  • My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

  • My PR needs documentation updates. (Please use the Release note section below to summarize the impact on users)

Release note

If this PR includes changes that directly affect users or other significant modifications relevant to the community, kindly draft a release note to provide a concise summary of these changes. Please prioritize highlighting the impact these changes will have on users.

@fuyufjh fuyufjh requested a review from chenzl25 November 18, 2024 06:50
@chenzl25
Copy link
Contributor

I will test this PR with Nessie, Polaris and Glue later.

@chenzl25
Copy link
Contributor

Let's merge #19406 first before this PR. And then I can check whether polaris can work after bumping.

chenzl25
chenzl25 approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@chenzl25 chenzl25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified

@chenzl25 chenzl25 enabled auto-merge November 26, 2024 05:05
@chenzl25 chenzl25 added this pull request to the merge queue Nov 26, 2024
@fuyufjh fuyufjh mentioned this pull request Nov 26, 2024
Merged
Merged via the queue into main with commit a58b142 Nov 26, 2024
31 of 32 checks passed
@chenzl25 chenzl25 deleted the eric/bump_iceberg branch November 26, 2024 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenzl25 chenzl25 chenzl25 approved these changes

Assignees

@chenzl25 chenzl25

Labels
ci/run-e2e-iceberg-sink-tests type/chore
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fuyufjh @chenzl25