Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump pgjbdc version to prevent CVE from being passed in Proxy #30369

Merged
merged 1 commit into from
Mar 2, 2024

Conversation

linghengqian
Copy link
Member

@linghengqian linghengqian commented Mar 1, 2024

Fixes https://github.com/apache/shardingsphere/security/dependabot/77 .

Changes proposed in this pull request:


Before committing this PR, I'm sure that I have checked the following options:

  • My code follows the code of conduct of this project.
  • I have self-reviewed the commit code.
  • I have (or in comment I request) added corresponding labels for the pull request.
  • I have passed maven check locally : ./mvnw clean install -B -T1C -Dmaven.javadoc.skip -Dmaven.jacoco.skip -e.
  • I have made corresponding changes to the documentation.
  • I have added corresponding unit tests for my changes.

@linghengqian linghengqian added in: proxy type: dependencies Pull requests that update a dependency file labels Mar 1, 2024
@linghengqian linghengqian changed the title Bump pgjbdc version to prevent CVE-2024-1597 from being passed in Proxy Bump pgjbdc version to prevent CVE from being passed in Proxy Mar 1, 2024
@linghengqian linghengqian marked this pull request as ready for review March 1, 2024 14:03
@terrymanu terrymanu added this to the 5.5.0 milestone Mar 1, 2024
@strongduanmu strongduanmu merged commit e9c1603 into apache:master Mar 2, 2024
139 checks passed
@linghengqian linghengqian deleted the cve branch March 2, 2024 05:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: proxy type: dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants