Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DAOS-17108 common: suppress io.netty 4.1.115 CVE #15889

Merged
merged 1 commit into from
Feb 13, 2025
Merged

DAOS-17108 common: suppress io.netty 4.1.115 CVE #15889

merged 1 commit into from
Feb 13, 2025

Conversation

grom72
Copy link
Contributor

@grom72 grom72 commented Feb 12, 2025
edited
Loading

Suppress io.netty:netty-common 4.1.115.Final CVE - no fix available
Suppress io.netty:netty-handler 4.1.100.Final CVE - fix available in 4.1.118.Final

Doc-only: true

Before requesting gatekeeper:

  • Two review approvals and any prior change requests have been resolved.
  • Testing is complete and all tests passed or there is a reason documented in the PR why it should be force landed and forced-landing tag is set.
  • Features: (or Test-tag*) commit pragma was used or there is a reason documented that there are no appropriate tags for this PR.
  • Commit messages follows the guidelines outlined here.
  • Any tests skipped by the ticket being addressed have been run and passed in the PR.

Gatekeeper:

  • You are the appropriate gatekeeper to be landing the patch.
  • The PR has 2 reviews by people familiar with the code, including appropriate owners.
  • Githooks were used. If not, request that user install them and check copyright dates.
  • Checkpatch issues are resolved. Pay particular attention to ones that will show up on future PRs.
  • All builds have passed. Check non-required builds for any new compiler warnings.
  • Sufficient testing is done. Check feature pragmas and test tags and that tests skipped for the ticket are run and now pass with the changes.
  • If applicable, the PR has addressed any potential version compatibility issues.
  • Check the target branch. If it is master branch, should the PR go to a feature branch? If it is a release branch, does it have merge approval in the JIRA ticket.
  • Extra checks if forced landing is requested
    • Review comments are sufficiently resolved, particularly by prior reviewers that requested changes.
    • No new NLT or valgrind warnings. Check the classic view.
    • Quick-build or Quick-functional is not used.
  • Fix the commit message upon landing. Check the standard here. Edit it to create a single commit. If necessary, ask submitter for a new summary.

@grom72
DAOS-17108 common: suppress io.netty 4.1.115 CVE
7b75949 
Suppress io.netty:netty-common 4.1.115.Final CVE - no fix available
Suppress io.netty:netty-handler 4.1.100.Final CVE -
    fix available in 4.1.118.Final

Doc-only: true

Signed-off-by: Tomasz Gromadzki <[email protected]>
@github-actions GitHub Actions
Copy link

Ticket title is 'Ignore vulnerability in io.netty:netty-common 4.1.115.Final'
Status is 'Open'
Labels: 'SDL'
https://daosio.atlassian.net/browse/DAOS-17108

@grom72 grom72 mentioned this pull request Feb 12, 2025
Merged
18 tasks
@daltonbohning daltonbohning requested a review from a team February 13, 2025 22:39
@daltonbohning daltonbohning added the forced-landing The PR has known failures or has intentionally reduced testing, but should still be landed. label Feb 13, 2025
@daltonbohning daltonbohning merged commit 7fa8052 into master Feb 13, 2025
40 checks passed
@daltonbohning daltonbohning deleted the grom72/daos-17108-io.netty.netty-common.4.1.115.Final branch February 13, 2025 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daltonbohning daltonbohning daltonbohning approved these changes

@phender phender phender approved these changes

@ryon-jensen ryon-jensen Awaiting requested review from ryon-jensen

@osalyk osalyk Awaiting requested review from osalyk

Assignees
No one assigned
Labels
forced-landing The PR has known failures or has intentionally reduced testing, but should still be landed.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@grom72 @daltonbohning @phender