[jira] [Resolved] (ZOOKEEPER-4827) Bump bouncycastl version from 1.75 to 1.78
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zili Chen resolved ZOOKEEPER-4827. -- Resolution: Fixed master via https://github.com/apache/zookeeper/commit/6ac8edaabbb9b04529b7438ff226d19ec0e40ec9. > Bump bouncycastl version from 1.75 to 1.78 > -- > > Key: ZOOKEEPER-4827 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4827 > Project: ZooKeeper > Issue Type: Task >Reporter: ZhangJian He >Priority: Minor > Labels: pull-request-available > Time Spent: 50m > Remaining Estimate: 0h > > Upgrade Bouncy Castle to 1.78 to address CVEs > https://bouncycastle.org/releasenotes.html#r1rv78 > - https://www.cve.org/CVERecord?id=CVE-2024-29857 (reserved) > - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613079 > - https://www.cve.org/CVERecord?id=CVE-2024-30171 (reserved) > - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613076 > - https://www.cve.org/CVERecord?id=CVE-2024-30172 (reserved) > - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6612984 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (ZOOKEEPER-4827) Bump bouncycastl version from 1.75 to 1.78
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zili Chen updated ZOOKEEPER-4827: - Fix Version/s: 3.10.0 > Bump bouncycastl version from 1.75 to 1.78 > -- > > Key: ZOOKEEPER-4827 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4827 > Project: ZooKeeper > Issue Type: Task >Reporter: ZhangJian He >Priority: Minor > Labels: pull-request-available > Fix For: 3.10.0 > > Time Spent: 50m > Remaining Estimate: 0h > > Upgrade Bouncy Castle to 1.78 to address CVEs > https://bouncycastle.org/releasenotes.html#r1rv78 > - https://www.cve.org/CVERecord?id=CVE-2024-29857 (reserved) > - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613079 > - https://www.cve.org/CVERecord?id=CVE-2024-30171 (reserved) > - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6613076 > - https://www.cve.org/CVERecord?id=CVE-2024-30172 (reserved) > - https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6612984 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (ZOOKEEPER-4826) Reduce unnecessary executable permissions on files
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enrico Olivelli resolved ZOOKEEPER-4826. Fix Version/s: 3.10.0 (was: 4.0.0) Resolution: Fixed > Reduce unnecessary executable permissions on files > -- > > Key: ZOOKEEPER-4826 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4826 > Project: ZooKeeper > Issue Type: Improvement >Reporter: ZhangJian He >Priority: Minor > Labels: pull-request-available > Fix For: 3.10.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > ***Summary:*** This patch aims to modify the permissions of various files > within the ZooKeeper repository that currently have executable permissions > set (755) but do not require such permissions for their operation. Changing > these permissions to 644 enhances security and maintains the consistency of > file permissions throughout the project. ***Details:*** Several > non-executable files (not including scripts or executable binaries) are > currently set with executable permissions. This is generally unnecessary and > can lead to potential security concerns. This patch will adjust these > permissions to a more appropriate setting (644), which is sufficient for > reading and writing operations but does not allow execution. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (ZOOKEEPER-4826) Reduce unnecessary executable permissions on files
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enrico Olivelli updated ZOOKEEPER-4826: --- Fix Version/s: 4.0.0 > Reduce unnecessary executable permissions on files > -- > > Key: ZOOKEEPER-4826 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4826 > Project: ZooKeeper > Issue Type: Improvement >Reporter: ZhangJian He >Priority: Minor > Labels: pull-request-available > Fix For: 4.0.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > ***Summary:*** This patch aims to modify the permissions of various files > within the ZooKeeper repository that currently have executable permissions > set (755) but do not require such permissions for their operation. Changing > these permissions to 644 enhances security and maintains the consistency of > file permissions throughout the project. ***Details:*** Several > non-executable files (not including scripts or executable binaries) are > currently set with executable permissions. This is generally unnecessary and > can lead to potential security concerns. This patch will adjust these > permissions to a more appropriate setting (644), which is sufficient for > reading and writing operations but does not allow execution. -- This message was sent by Atlassian Jira (v8.20.10#820010)
