Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patched security vulnerability by updating Ranger libraries to the ne… #15363

Merged
merged 5 commits into from
Nov 22, 2023
Merged

Patched security vulnerability by updating Ranger libraries to the ne… #15363

merged 5 commits into from
Nov 22, 2023

Conversation

vivek807
Copy link
Contributor

Fixes #14454 .

Description

Patched security vulnerability by updating Ranger libraries to the newest available version.

Release note

This change removes the log4j dependency from the extension. It is done by updating Ranger libraries to the newest available version. The functioning of this library does not change.

BartMiki
BartMiki suggested changes Nov 13, 2023
View reviewed changes
Copy link
Contributor

@BartMiki BartMiki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There were no changes to the Druid parent pom.xml, the ranger version should be updated there.

extensions-core/druid-ranger-security/pom.xml Outdated Show resolved Hide resolved
extensions-core/druid-ranger-security/pom.xml Outdated Show resolved Hide resolved
extensions-core/druid-ranger-security/pom.xml Outdated Show resolved Hide resolved
extensions-core/druid-ranger-security/pom.xml Outdated Show resolved Hide resolved
extensions-core/druid-ranger-security/src/assembly/assembly.xml Outdated Show resolved Hide resolved
@vivek807 vivek807 marked this pull request as ready for review November 15, 2023 12:50
cryptoe
cryptoe approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@cryptoe cryptoe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM. Waiting for a clean CI run.

@abhishekagarwal87 abhishekagarwal87 merged commit c14cfc2 into apache:master Nov 22, 2023
83 checks passed
@abhishekagarwal87
Copy link
Contributor

thank you for your first contribution @vivek807

@vivek807
Copy link
Contributor Author

thank you for your first contribution @vivek807

Thanks @abhishekagarwal87 :)

@xvrl xvrl mentioned this pull request Nov 28, 2023
Closed
yashdeep97 pushed a commit to yashdeep97/druid that referenced this pull request Dec 1, 2023
@vivek807
Patched security vulnerability by updating Ranger libraries to the ne… (
4acbeb2 
apache#15363)

Patched security vulnerability by updating Ranger libraries to the newest available version.
@janjwerner-confluent janjwerner-confluent mentioned this pull request Dec 4, 2023
Merged
10 tasks
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 13, 2023
@vivek807 @Pankaj260100
Patched security vulnerability by updating Ranger libraries to the ne… (
fb284b2 
apache#15363)

Patched security vulnerability by updating Ranger libraries to the newest available version.
@Pankaj260100 Pankaj260100 mentioned this pull request Dec 13, 2023
Merged
@xvrl xvrl mentioned this pull request Dec 15, 2023
Closed
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 19, 2023
@vivek807 @Pankaj260100
Patched security vulnerability by updating Ranger libraries to the ne… (
6d9475f 
apache#15363)

Patched security vulnerability by updating Ranger libraries to the newest available version.
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 19, 2023
@vivek807 @Pankaj260100
Patched security vulnerability by updating Ranger libraries to the ne… (
04eb944 
apache#15363)

Patched security vulnerability by updating Ranger libraries to the newest available version.
@LakshSingla LakshSingla added this to the 29.0.0 milestone Jan 29, 2024
LakshSingla added a commit to LakshSingla/druid that referenced this pull request Feb 12, 2024
@LakshSingla
Revert "Patched security vulnerability by updating Ranger libraries t…
1788660 
…o the ne… (apache#15363)"

This reverts commit c14cfc2.
@LakshSingla LakshSingla mentioned this pull request Feb 13, 2024
Closed
@prabhjyotsingh prabhjyotsingh mentioned this pull request Jul 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BartMiki BartMiki BartMiki requested changes

@cryptoe cryptoe cryptoe approved these changes

Assignees
No one assigned
Labels
Area - Dependencies Release Notes
Projects
None yet
Milestone
29.0.0
Development

Successfully merging this pull request may close these issues.

Vulnerable Log4j 1.x is bundled with the Ranger extension
5 participants
@vivek807 @abhishekagarwal87 @cryptoe @BartMiki @LakshSingla