This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 4fa541705c11af7dc9cc935f3698a64b08c5612d Merge: a8b67e3 a4c9a40 Author: Brandon Williams <[email protected]> AuthorDate: Mon Feb 28 07:46:27 2022 -0600 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 3 +++ CHANGES.txt | 1 + 2 files changed, 4 insertions(+) diff --cc .build/dependency-check-suppressions.xml index 10709d7,ce51590..0003951 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -27,21 -56,21 +27,24 @@@ <cve>CVE-2020-13946</cve> <cve>CVE-2020-17516</cve> </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 --> <suppress> + <!-- dependency checker identified this as a completely different package (wire) --> + <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl> + <cpe>cpe:/a:wire:wire</cpe> + </suppress> + <suppress> + <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 --> <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> - <cve>CVE-2018-10237</cve> <cve>CVE-2020-8908</cve> </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 --> + <!-- netty's http stuff is not applicable here --> <suppress> - <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl> - <cve>CVE-2015-3254</cve> - <cve>CVE-2016-5397</cve> - <cve>CVE-2018-1320</cve> - <cve>CVE-2018-11798</cve> - <cve>CVE-2019-0205</cve> + <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl> + <cve>CVE-2021-21290</cve> + <cve>CVE-2021-21295</cve> + <cve>CVE-2021-21409</cve> ++ <cve>CVE-2021-37136</cve> ++ <cve>CVE-2021-37137</cve> ++ <cve>CVE-2021-43797</cve> </suppress> </suppressions> diff --cc CHANGES.txt index 5dd0675,b055b12..ea4960b --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,7 -1,6 +1,8 @@@ -3.11.13 +4.0.4 + * Streaming tasks handle empty SSTables correctly (CASSANDRA-16349) + * Prevent SSTableLoader from doing unnecessary work (CASSANDRA-16349) Merged from 3.0: + * Suppress inapplicable CVEs (CASSANDRA-17368) * Fix flaky test - test_cqlsh_completion.TestCqlshCompletion (CASSANDRA-17338) * Fixed TestCqlshOutput failing tests (CASSANDRA-17386) * Lazy transaction log replica creation allows incorrect replica content divergence during anticompaction (CASSANDRA-17273) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
