Skip to content

Commit 8875616

Browse files
michaelklishinmichaelklishin
committed
Merge branch 'v3.13.x' into mergify/bp/v3.13.x/pr-12611
2 parents 9d1449c + b921008 commit 8875616

12 files changed

+50
-36
lines changed

.github/SECURITY.md

+8-3
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ RabbitMQ Core team really appreciates responsible vulnerability reports
1111
from security researchers and our user community.
1212

1313
To responsibly disclose a vulnerability, please use [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) or email `[email protected]` or
14-
[sign up for RabbitMQ community Slack](https://rabbitmq-slack.herokuapp.com) and
15-
send a DM to @michaelklishin. For reports received via Slack, a separate private
14+
[sign up for RabbitMQ Discord server]([https://rabbitmq-slack.herokuapp.com](https://rabbitmq.com/discord)) and
15+
send a DM to @michaelklishin. For reports received via Discord, a separate private
1616
channel will be set up so that multiple RabbitMQ maintainers can access the disclosed
1717
information.
1818

@@ -26,8 +26,13 @@ When reporting a vulnerability, please including the following information:
2626
* Why do you think this behavior is a security vulnerability
2727

2828
A received vulnerability report will be acknowledged by a RabbitMQ core team or VMware R&D staff member.
29+
For reports that will be considered legitimate and serious enough, a [GitHub Security Advisory](https://github.com/rabbitmq/rabbitmq-server/security/advisories)
30+
will be drafted. An advisory is a private way for reporters and collaborators to work on a solution.
31+
32+
After a new patch release is shipped, a [new CVE ID will be requested](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory#requesting-a-cve-identification-number-optional) as
33+
part of the advisory and eventually published. The advisory will credit the reporters.
34+
The associated discussion will be removed when the advisory is published.
2935

30-
As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.
3136

3237
### When Should I Report a Vulnerability?
3338

.github/workflows/rabbitmq_peer_discovery_aws.yaml

+7-5
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,12 @@
11
name: Peer Discovery AWS Integration Test
22
on:
33
push:
4-
paths-ignore:
5-
- '.github/workflows/secondary-umbrella.yaml'
6-
- '.github/workflows/update-elixir-patches.yaml'
7-
- '.github/workflows/update-otp-patches.yaml'
4+
paths:
5+
- "deps/rabbitmq_peer_discovery_aws/**"
6+
- "deps/rabbitmq_peer_discovery_common/**"
7+
- "deps/rabbit/src/rabbit_peer_discovery.erl"
8+
schedule:
9+
- cron: "4 0 * * MON"
810
workflow_dispatch:
911
concurrency:
1012
group: ${{ github.workflow }}-${{ github.ref_name }}
@@ -66,7 +68,7 @@ jobs:
6668
ecs-cli --version
6769
- name: AUTHENTICATE TO GOOGLE CLOUD
6870
if: steps.authorized.outputs.authorized == 'true'
69-
uses: google-github-actions/[email protected].6
71+
uses: google-github-actions/[email protected].7
7072
with:
7173
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
7274
- name: CONFIGURE BAZEL

.github/workflows/templates/test-mixed-versions.template.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ jobs:
9999
https://builds.hex.pm
100100
https://cdn.jsdelivr.net/hex
101101
- name: AUTHENTICATE TO GOOGLE CLOUD
102-
uses: google-github-actions/[email protected].6
102+
uses: google-github-actions/[email protected].7
103103
with:
104104
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
105105
- name: BUILD SECONDARY UMBRELLA ARCHIVE

.github/workflows/templates/test.template.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ jobs:
7373
run: |
7474
echo "value=bazel-repo-cache-${{ hashFiles('MODULE.bazel') }}" | tee -a $GITHUB_OUTPUT
7575
- name: AUTHENTICATE TO GOOGLE CLOUD
76-
uses: google-github-actions/[email protected].6
76+
uses: google-github-actions/[email protected].7
7777
with:
7878
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
7979
- name: REPO CACHE

.github/workflows/test-authnz.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ jobs:
5858
https://cdn.jsdelivr.net/hex
5959
6060
- name: Authenticate To Google Cloud
61-
uses: google-github-actions/[email protected].6
61+
uses: google-github-actions/[email protected].7
6262
with:
6363
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
6464

.github/workflows/test-mixed-versions.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ jobs:
7777
https://builds.hex.pm
7878
https://cdn.jsdelivr.net/hex
7979
- name: AUTHENTICATE TO GOOGLE CLOUD
80-
uses: google-github-actions/[email protected].6
80+
uses: google-github-actions/[email protected].7
8181
with:
8282
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
8383
- name: BUILD SECONDARY UMBRELLA ARCHIVE

.github/workflows/test-plugin-mixed.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
https://builds.hex.pm
5555
https://cdn.jsdelivr.net/hex
5656
- name: AUTHENTICATE TO GOOGLE CLOUD
57-
uses: google-github-actions/[email protected].6
57+
uses: google-github-actions/[email protected].7
5858
with:
5959
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
6060
- name: CONFIGURE BAZEL

.github/workflows/test-plugin.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ jobs:
5151
https://builds.hex.pm
5252
https://cdn.jsdelivr.net/hex
5353
- name: AUTHENTICATE TO GOOGLE CLOUD
54-
uses: google-github-actions/[email protected].6
54+
uses: google-github-actions/[email protected].7
5555
with:
5656
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
5757
- name: CONFIGURE BAZEL

.github/workflows/test-selenium.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
https://cdn.jsdelivr.net/hex
5555
5656
- name: Authenticate To Google Cloud
57-
uses: google-github-actions/[email protected].6
57+
uses: google-github-actions/[email protected].7
5858
with:
5959
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
6060

.github/workflows/test.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ jobs:
5353
run: |
5454
echo "value=bazel-repo-cache-${{ hashFiles('MODULE.bazel') }}" | tee -a $GITHUB_OUTPUT
5555
- name: AUTHENTICATE TO GOOGLE CLOUD
56-
uses: google-github-actions/[email protected].6
56+
uses: google-github-actions/[email protected].7
5757
with:
5858
credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
5959
- name: REPO CACHE

deps/rabbit/test/metrics_SUITE.erl

+6-4
Original file line numberDiff line numberDiff line change
@@ -288,11 +288,13 @@ add_rem_counter(Config, {Initial, Ops}, {AddFun, RemFun}, Tables) ->
288288
{Initial, Things},
289289
Ops),
290290
force_metric_gc(Config),
291-
TabLens = lists:map(fun(T) ->
292-
length(read_table_rpc(Config, T))
293-
end, Tables),
291+
?awaitMatch([FinalLen],
292+
lists:usort(lists:map(fun(T) ->
293+
length(read_table_rpc(Config, T))
294+
end, Tables)),
295+
45000),
294296
[RemFun(Thing) || Thing <- Things1],
295-
[FinalLen] == lists:usort(TabLens).
297+
true.
296298

297299

298300
connection(Config) ->

deps/rabbitmq_prometheus/test/prometheus_rabbitmq_federation_collector_SUITE.erl

+21-16
Original file line numberDiff line numberDiff line change
@@ -98,13 +98,15 @@ single_link_then_second_added(Config) ->
9898
with_ch(
9999
Config,
100100
fun (Ch) ->
101-
timer:sleep(3000),
102-
[_L1] = rabbit_ct_broker_helpers:rpc(Config, 0,
103-
rabbit_federation_status, status, []),
101+
rabbit_ct_helpers:eventually(
102+
?_assertMatch([_L1],
103+
rabbit_ct_broker_helpers:rpc(
104+
Config, 0, rabbit_federation_status, status, [])),
105+
1000, 60),
104106
rabbit_ct_helpers:eventually(?_assertEqual([?ONE_RUNNING_METRIC],
105107
get_metrics(Config)),
106-
500,
107-
5),
108+
1000,
109+
30),
108110
maybe_declare_queue(Config, Ch, q(<<"fed.downstream2">>, [{<<"x-queue-type">>, longstr, <<"classic">>}])),
109111
%% here we race against queue.declare... most of the times there is going to be
110112
%% new status=starting metric. In this case we wait a bit more for running=2.
@@ -116,14 +118,14 @@ single_link_then_second_added(Config) ->
116118
[?ONE_RUNNING_METRIC] ->
117119
rabbit_ct_helpers:eventually(?_assertEqual([?TWO_RUNNING_METRIC],
118120
get_metrics(Config)),
119-
500,
120-
5);
121+
1000,
122+
30);
121123
[?ONE_RUNNING_ONE_STARTING_METRIC] ->
122124
rabbit_ct_helpers:eventually(?_assertEqual([?TWO_RUNNING_METRIC],
123125
get_metrics(Config)),
124-
500,
125-
5)
126-
126+
1000,
127+
30)
128+
127129
end,
128130

129131
delete_all(Ch, [q(<<"fed.downstream2">>, [{<<"x-queue-type">>, longstr, <<"classic">>}])])
@@ -133,12 +135,15 @@ two_links_from_the_start(Config) ->
133135
with_ch(
134136
Config,
135137
fun (_Ch) ->
136-
timer:sleep(3000),
137-
[_L1 | _L2] = rabbit_ct_broker_helpers:rpc(Config, 0,
138-
rabbit_federation_status, status, []),
139-
MFs = get_metrics(Config),
140-
[?TWO_RUNNING_METRIC] = MFs
141-
138+
rabbit_ct_helpers:eventually(
139+
?_assertMatch([_L1 | _L2],
140+
rabbit_ct_broker_helpers:rpc(
141+
Config, 0, rabbit_federation_status, status, [])),
142+
1000, 60),
143+
rabbit_ct_helpers:eventually(?_assertEqual([?TWO_RUNNING_METRIC],
144+
get_metrics(Config)),
145+
1000,
146+
30)
142147
end, upstream_downstream() ++ [q(<<"fed.downstream2">>, [{<<"x-queue-type">>, longstr, <<"classic">>}])]).
143148

144149
%% -------------------------------------------------------------------

0 commit comments

Comments
 (0)