Skip to content

apache-pulsar/4.0.6-r0: cve remediation #63146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kwmonroe merged 2 commits into from
Aug 15, 2025
Merged

apache-pulsar/4.0.6-r0: cve remediation #63146

kwmonroe merged 2 commits into from
Aug 15, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Aug 14, 2025

apache-pulsar/4.0.6-r0: fix GHSA-prj3-ccx8-p6x4

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/apache-pulsar.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts
Copy link
Contributor Author

octo-sts bot commented Aug 14, 2025
edited
Loading

📦 Build Failed: Missing Dependency

package io.netty.buffer does not exist

Build Details

Category Details
Build System Maven
Failure Point maven-compiler-plugin:3.11.0:compile (default-compile) on project java-test-plugins

Root Cause Analysis 🔍

The Netty dependencies (io.netty.buffer, io.netty.channel, io.netty.channel.socket) are missing from the classpath during compilation. Multiple Java source files are trying to import Netty classes but the required Netty libraries are not available as dependencies in the Maven project configuration.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Aug 14, 2025
@jamie-albert jamie-albert self-assigned this Aug 14, 2025
@jamie-albert
Copy link
Member

jamie-albert commented Aug 15, 2025

• malcontent scans are clean

jamie.albert@Mac presub-scan % ./presub-scan.sh https://apk.cgr.dev/wolfi-presubmit/162f953e63ba1c8d90133eba71904ea30947c31b
Output root: presub-scan_20250814_185637
Choose scan type [malcontent/cve/both]: malcontent
Beginning scan (resumable).

=== PHASE 1: DOWNLOADING PACKAGES ===
→ Processing x86_64 packages...
   → Found        2 packages to download
   → Downloading (2/2): apache-pulsar-4.0.6-r1.apk
   ✔ Downloaded        2 packages for x86_64
→ Processing aarch64 packages...
   → Found        2 packages to download
   → Downloading (2/2): apache-pulsar-4.0.6-r1.apk
   ✔ Downloaded        2 packages for aarch64

=== PHASE 2: SCANNING PACKAGES ===
→ Scanning x86_64 packages...
   → Malcontent results → presub-scan_20250814_185637/malcontent/x86_64/mal_scan_apache-pulsar-compat-4.0.6-r1.apk_20250814_185637.txt
   → Scanning (2/2): apache-pulsar-4.0.6-r1.apk
   ✔ Scanned        2 packages for x86_64
→ Scanning aarch64 packages...
   → Malcontent results → presub-scan_20250814_185637/malcontent/aarch64/mal_scan_apache-pulsar-compat-4.0.6-r1.apk_20250814_185637.txt
   → Scanning (2/2): apache-pulsar-4.0.6-r1.apk
   ✔ Scanned        2 packages for aarch64
All done.

Summary:
  • malcontent scans are clean

Check output under: presub-scan_20250814_185637

@jamie-albert jamie-albert requested a review from a team August 15, 2025 01:59
@kwmonroe kwmonroe merged commit 0cdd6fa into main Aug 15, 2025
17 of 18 checks passed
@kwmonroe kwmonroe deleted the cve-apache-pulsar-4.0.6-r0-2dc69909bb02fd4021f9e96b24a6a4f1 branch August 15, 2025 02:07
This was referenced Sep 4, 2025
Merged
Closed
Closed
Open
Closed
Closed
@octo-sts octo-sts bot mentioned this pull request Oct 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kwmonroe kwmonroe kwmonroe approved these changes

Assignees

@jamie-albert jamie-albert

Labels

ai/skip-comment Stop AI from commenting on PR apache-pulsar automated pr GHSA-prj3-ccx8-p6x4 maven/pombump request-cve-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jamie-albert @kwmonroe