Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgraded Guava version from 19.0 to 27.1-jre - CVE-2018-10237 - CWE-119 #2615

Merged
merged 2 commits into from
Jun 26, 2019
Merged

Upgraded Guava version from 19.0 to 27.1-jre - CVE-2018-10237 - CWE-119 #2615

merged 2 commits into from
Jun 26, 2019

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Jun 6, 2019
edited
Loading

This PR bumps the version of Guava Library to 27.1-jre

Related Issue
None

Description of the solution adopted
Bumped to the last version that has currently a CQ already approved on which we can piggy back our CQ.

CQ to piggy back: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19822
Kapua CQ: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=20138

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz added Enhancement This PR/Issue improves an part of Kapua Security This issue/PR has some security critical aspect and should be issued as soon as possible CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Jun 6, 2019
@codecov
Copy link

codecov bot commented Jun 6, 2019
edited
Loading

Codecov Report

Merging #2615 into develop will increase coverage by 3.88%.
The diff coverage is n/a.

Impacted file tree graph

@@              Coverage Diff              @@
##             develop    #2615      +/-   ##
=============================================
+ Coverage      45.59%   49.48%   +3.88%     
- Complexity      2309     2478     +169     
=============================================
  Files            992      992              
  Lines          28134    28134              
  Branches        2308     2308              
=============================================
+ Hits           12827    13921    +1094     
+ Misses         14350    13231    -1119     
- Partials         957      982      +25
Impacted Files Coverage Δ Complexity Δ
.../DeviceManagementNotificationMessageProcessor.java 0% <ø> (ø) 0 <0> (ø) ⬇️
...ua/broker/core/listener/DeviceMessageListener.java 46.8% <0%> (-6.39%) 0% <0%> (ø)
...egistry/event/internal/DeviceEventServiceImpl.java 40.81% <0%> (-4.09%) 5% <0%> (-1%)
...nnection/internal/DeviceConnectionServiceImpl.java 45.56% <0%> (-2.54%) 10% <0%> (-1%)
...pse/kapua/commons/service/internal/ServiceDAO.java 68.64% <0%> (+1.39%) 0% <0%> (ø) ⬇️
.../org/eclipse/kapua/qa/common/cucumber/CucUser.java 42.85% <0%> (+2.38%) 12% <0%> (+1%) ⬆️
.../eclipse/kapua/service/user/internal/UserImpl.java 62.16% <0%> (+5.4%) 12% <0%> (+1%) ⬆️
...a/org/eclipse/kapua/commons/model/id/KapuaEid.java 81.25% <0%> (+6.25%) 0% <0%> (ø) ⬇️
...pse/kapua/service/user/steps/UserServiceSteps.java 45.31% <0%> (+8.25%) 38% <0%> (+5%) ⬆️
...e/kapua/service/user/internal/UserFactoryImpl.java 54.54% <0%> (+9.09%) 4% <0%> (+1%) ⬆️
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d7386d...ffdced8. Read the comment docs.

@Coduz Coduz added CQ approved The PR has passed CQ approvation and removed CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Jun 7, 2019
@Coduz
Copy link
Contributor Author

Coduz commented Jun 7, 2019

CQ Approved! 🎉
https://dev.eclipse.org/ipzilla/show_bug.cgi?id=20138#c2

@Coduz Coduz force-pushed the chng-bumpGuavaVersionTo27.1 branch 3 times, most recently from 361460d to 35c7b15 Compare June 21, 2019 12:47
lorthirk
lorthirk requested changes Jun 24, 2019
View reviewed changes
Copy link

@lorthirk lorthirk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the spacing!

...ava/org/eclipse/kapua/broker/core/listener/DeviceManagementNotificationMessageProcessor.java Outdated Show resolved Hide resolved
Coduz and others added 2 commits June 25, 2019 16:41
@Coduz
Upgraded Guava version from 19.0 to 27.1-jre - CVE-2018-10237 - CWE-119
aee0050 
Signed-off-by: coduz <alberto.codutti@eurotech.com>
@Coduz
Fixed code formatting
ffdced8 
Signed-off-by: Claudio Mezzasalma <claudio.mezzasalma@eurotech.com>
@Coduz Coduz force-pushed the chng-bumpGuavaVersionTo27.1 branch from 61be265 to ffdced8 Compare June 25, 2019 14:42
@Coduz Coduz merged commit 293dcb9 into eclipse-kapua:develop Jun 26, 2019
@Coduz Coduz deleted the chng-bumpGuavaVersionTo27.1 branch June 26, 2019 07:27
@Coduz Coduz mentioned this pull request Jun 28, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorthirk lorthirk lorthirk approved these changes

@riccardomodanese riccardomodanese Awaiting requested review from riccardomodanese

@stefanomorson stefanomorson Awaiting requested review from stefanomorson

Assignees
No one assigned
Labels
CQ approved The PR has passed CQ approvation Enhancement This PR/Issue improves an part of Kapua Security This issue/PR has some security critical aspect and should be issued as soon as possible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Coduz @lorthirk