Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exclude jackson-jaxrs from ranger-security, update documentation to reflect ranger update #15481

Merged
merged 5 commits into from
Dec 5, 2023
Merged

exclude jackson-jaxrs from ranger-security, update documentation to reflect ranger update #15481

merged 5 commits into from
Dec 5, 2023

Conversation

janjwerner-confluent
Copy link
Contributor

@janjwerner-confluent janjwerner-confluent commented Dec 4, 2023
edited
Loading

Description

Excluding additional dependency from ranger-plugin-common to address CVE regression introduced by ranger-upgrade:
CVE-2019-10202
CVE-2019-10172

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • a release note entry in the PR description.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@janjwerner-confluent janjwerner-confluent changed the title exclude jackson-jaxrs exclude jackson-jaxrs from ranger-security Dec 4, 2023
@janjwerner-confluent janjwerner-confluent changed the title exclude jackson-jaxrs from ranger-security exclude jackson-jaxrs from ranger-security, update documentation to reflect ranger update Dec 4, 2023
@janjwerner-confluent @xvrl
Update extensions-core/druid-ranger-security/pom.xml
140aea0 
Co-authored-by: Xavier Léauté <xl+github@xvrl.net>
@janjwerner-confluent @xvrl
Update extensions-core/druid-ranger-security/pom.xml
a55db07 
Co-authored-by: Xavier Léauté <xl+github@xvrl.net>
@janjwerner-confluent
Copy link
Contributor Author

Thank you for the catches @xvrl
Fingers crossed it still works :)

@xvrl xvrl merged commit f4856bc into apache:master Dec 5, 2023
83 checks passed
@janjwerner-confluent janjwerner-confluent deleted the janjwerner-remove-jackson-jaxrs branch December 5, 2023 16:25
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 13, 2023
@janjwerner-confluent @xvrl @Pankaj260100
ranger-security: exclude jackson-jaxrs from + fix outdated documentat…
1ef18e3 
…ion (apache#15481)

* Excluding jackson-jaxrs dependency from ranger-plugin-common to address CVE regression introduced by ranger-upgrade: CVE-2019-10202, CVE-2019-10172
* remove the reference to outdated ranger 2.0 from the docs

---------

Co-authored-by: Xavier Léauté <xl+github@xvrl.net>
@Pankaj260100 Pankaj260100 mentioned this pull request Dec 19, 2023
Merged
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 19, 2023
@janjwerner-confluent @xvrl @Pankaj260100
ranger-security: exclude jackson-jaxrs from + fix outdated documentat…
6412199 
…ion (apache#15481)

* Excluding jackson-jaxrs dependency from ranger-plugin-common to address CVE regression introduced by ranger-upgrade: CVE-2019-10202, CVE-2019-10172
* remove the reference to outdated ranger 2.0 from the docs

---------

Co-authored-by: Xavier Léauté <xl+github@xvrl.net>
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 19, 2023
@janjwerner-confluent @xvrl @Pankaj260100
ranger-security: exclude jackson-jaxrs from + fix outdated documentat…
39103f0 
…ion (apache#15481)

* Excluding jackson-jaxrs dependency from ranger-plugin-common to address CVE regression introduced by ranger-upgrade: CVE-2019-10202, CVE-2019-10172
* remove the reference to outdated ranger 2.0 from the docs

---------

Co-authored-by: Xavier Léauté <xl+github@xvrl.net>
@OliveBZH
Copy link

Hello, this PR seems to solve the 2 CVE mentionned above, can you confirm the milestone please ? 29.0 ?

@LakshSingla LakshSingla added this to the 29.0.0 milestone Jan 29, 2024
LakshSingla added a commit to LakshSingla/druid that referenced this pull request Feb 12, 2024
@LakshSingla
Revert "ranger-security: exclude jackson-jaxrs from + fix outdated do…
281a396 
…cumentation (apache#15481)"

This reverts commit f4856bc.
@LakshSingla LakshSingla mentioned this pull request Feb 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xvrl xvrl xvrl approved these changes

Assignees
No one assigned
Labels
Area - Dependencies Area - Documentation
Projects
None yet
Milestone
29.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@janjwerner-confluent @OliveBZH @xvrl @LakshSingla