Skip to content

[fix] Upgrade K8S java client to 20.0.0 #22271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

[fix] Upgrade K8S java client to 20.0.0 #22271

wants to merge 5 commits into from

Conversation

merlimat
Copy link
Contributor

Motivation

Upgrade K8S java client lib to latest version. This version is pulling the latest version of org.bitbucket.b_c:jose4j:jar:0.9.4:compile which has a fix for:

┌──────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│               Library                │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├──────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ org.bitbucket.b_c:jose4j             │ CVE-2023-51775 │ MEDIUM   │ fixed  │ 0.9.3             │ 0.9.4         │ jose4j: denial of service (CPU consumption) via a large p2c │
│ (org.bitbucket.b_c-jose4j-0.9.3.jar) │                │          │        │                   │               │ (aka PBES2...                                               │
│                                      │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-51775                  │
└──────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Modifications

Verifying this change

  • Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • Dependencies (add or upgrade a dependency)
  • The public API
  • The schema
  • The default values of configurations
  • The threading model
  • The binary protocol
  • The REST endpoints
  • The admin CLI options
  • The metrics
  • Anything that affects deployment

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository:

@merlimat merlimat self-assigned this Mar 14, 2024
@merlimat merlimat added this to the 3.3.0 milestone Mar 14, 2024
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Mar 14, 2024
@merlimat merlimat marked this pull request as draft March 15, 2024 01:11
@coderzc coderzc modified the milestones: 3.3.0, 3.4.0 May 8, 2024
@lhotari lhotari modified the milestones: 4.0.0, 4.1.0 Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@merlimat merlimat

Labels
doc-not-needed Your PR changes do not impact docs ready-to-test release/3.0.12 release/3.2.3 release/4.0.5
Projects
None yet
Milestone
4.1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@merlimat @lhotari @coderzc