This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 7ec9b7cf4f9827d3feaa15b62932cbfa0480b938 Merge: 8b331ddb4d 60d04d6713 Author: Brandon Williams <[email protected]> AuthorDate: Tue Aug 8 10:07:00 2023 -0500 Merge branch 'cassandra-3.11' into cassandra-4.0 .build/dependency-check-suppressions.xml | 37 -------------------------------- CHANGES.txt | 1 + 2 files changed, 1 insertion(+), 37 deletions(-) diff --cc .build/dependency-check-suppressions.xml index ae7ff368a7,47d37c53db..b7ebb45e57 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@@ -20,19 -20,18 +20,10 @@@ https://jeremylong.github.io/DependencyCheck/general/suppression.html --> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";> - <suppress> - <!-- not applicable since 4.0 --> - <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl> - <cve>CVE-2018-8016</cve> - <cve>CVE-2019-2684</cve> - <cve>CVE-2020-13946</cve> - <cve>CVE-2020-17516</cve> - <cve>CVE-2021-44521</cve> - </suppress> <suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-18608 --> - <packageUrl regex="true">^pkg:maven/org\.xerial\.snappy/snappy\-java@.*$</packageUrl> - <cve>CVE-2023-34453</cve> - <cve>CVE-2023-34454</cve> - <cve>CVE-2023-34455</cve> - </suppress> - <suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 --> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-17907 --> <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl> <cve>CVE-2023-2251</cve> - <cve>CVE-2017-18640</cve> <cve>CVE-2022-25857</cve> <cve>CVE-2022-38749</cve> <cve>CVE-2022-38750</cve> @@@ -44,37 -43,14 +35,15 @@@ <cve>CVE-2021-4235</cve> <cve>CVE-2017-18640</cve> </suppress> - <suppress> - <!-- dependency checker identified this as a completely different package (wire) --> - <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl> - <cpe>cpe:/a:wire:wire</cpe> - </suppress> - - <!-- https://issues.apache.org/jira/browse/CASSANDRA-15417 --> + <suppress> + <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 --> + <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> + <cve>CVE-2020-8908</cve> + <cve>CVE-2023-2976</cve> + </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-18146 --> - <suppress> - <packageUrl regex="true">^pkg:maven/org\.apache\.commons.*$</packageUrl> - <cve>CVE-2021-37533</cve> - </suppress> - <suppress> - <packageUrl regex="true">^pkg:maven/commons-io/.*$</packageUrl> - <cve>CVE-2021-37533</cve> - </suppress> - <suppress> - <packageUrl regex="true">^pkg:maven/commons-cli/.*$</packageUrl> - <cve>CVE-2021-37533</cve> - </suppress> - <suppress> - <packageUrl regex="true">^pkg:maven/commons-codec/.*$</packageUrl> - <cve>CVE-2021-37533</cve> - </suppress> + <!-- netty's http stuff is not applicable here --> <suppress> <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl> - <cve>CVE-2019-16869</cve> - <cve>CVE-2019-20444</cve> - <cve>CVE-2019-20445</cve> - <cve>CVE-2020-7238</cve> <cve>CVE-2021-21290</cve> <cve>CVE-2021-21295</cve> <cve>CVE-2021-21409</cve> @@@ -92,12 -95,8 +61,6 @@@ <cve>CVE-2022-42003</cve> <cve>CVE-2022-42004</cve> <cve>CVE-2023-35116</cve> - <cve>CVE-2022-42003</cve> - <cve>CVE-2022-42004</cve> </suppress> - <!-- https://issues.apache.org/jira/browse/CASSANDRA-18643 --> - <suppress> - <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl> - <cve>CVE-2022-45688</cve> - </suppress> - </suppressions> diff --cc CHANGES.txt index a45b6dce5d,8ca47eb52d..62b70b072f --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,20 -1,5 +1,21 @@@ -3.11.16 +4.0.12 + * Fix NTS log message when an unrecognized strategy option is passed (CASSANDRA-18679) + * Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582) + * Migrate Python optparse to argparse (CASSANDRA-17914) +Merged from 3.11: * Moved jflex from runtime to build dependencies (CASSANDRA-18664) +Merged from 3.0: ++ * Remove unused suppressions (CASSANDRA-18724) + + +4.0.11 + * Revert CASSANDRA-16718 (CASSANDRA-18560) + * Upgrade snappy to 1.1.10.1 (CASSANDRA-18608) + * Fix assertion error when describing mv as table (CASSANDRA-18596) + * Track the amount of read data per row (CASSANDRA-18513) + * Fix Down nodes counter in nodetool describecluster (CASSANDRA-18512) + * Remove unnecessary shuffling of GossipDigests in Gossiper#makeRandomGossipDigest (CASSANDRA-18546) +Merged from 3.11: * Fix CAST function for float to decimal (CASSANDRA-18647) * Suppress CVE-2022-45688 (CASSANDRA-18643) * Remove unrepaired SSTables from garbage collection when only_purge_repaired_tombstones is true (CASSANDRA-14204) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
