Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgradend Quartz Scheduler Version to from 2.2.3 to 2.3.2 - CVE-2019-13990 - CWE-611 #3204

Merged
merged 1 commit into from
Feb 5, 2021
Merged

Upgradend Quartz Scheduler Version to from 2.2.3 to 2.3.2 - CVE-2019-13990 - CWE-611 #3204

merged 1 commit into from
Feb 5, 2021

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Jan 20, 2021

This PR bumps the version of Quartz Scheduler to 2.3.2

Related Issue
None

Description of the solution adopted
Bumped to the last version available.
https://mvnrepository.com/artifact/org.quartz-scheduler/quartz/2.3.2

CQ for Quartz: 22979

Following transitive dependencies have been excluded since we are using EclipseLink connection pooling.

  • com.mchange:c3p0
  • com.mchange:mchange-commons-java
  • com.zaxxer: HikariCP-java7

Transient dependency on slf4j-api is already used by Kapua, and we recently upgraded it to the latest available.

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz added Security This issue/PR has some security critical aspect and should be issued as soon as possible CQ pending This PR needs a CQ to be approved from Eclipse before merging. Dependencies PR that updates dependencies. Be on the edge! labels Jan 20, 2021
@Coduz Coduz requested a review from lorthirk January 20, 2021 08:23
@codecov
Copy link

codecov bot commented Jan 21, 2021
edited
Loading

Codecov Report

Merging #3204 (35fdbce) into develop (0620420) will increase coverage by 0.05%.
The diff coverage is n/a.

Impacted file tree graph

@@              Coverage Diff              @@
##             develop    #3204      +/-   ##
=============================================
+ Coverage      55.30%   55.35%   +0.05%     
- Complexity      2502     2504       +2     
=============================================
  Files           1273     1273              
  Lines          26996    26996              
  Branches        2340     2340              
=============================================
+ Hits           14929    14943      +14     
+ Misses         11177    11162      -15     
- Partials         890      891       +1
Impacted Files Coverage Δ Complexity Δ
.../DeviceManagementOperationRegistryServiceImpl.java 66.07% <0.00%> (-3.58%) 12.00% <0.00%> (-2.00%)
...apua/job/engine/jbatch/JobEngineServiceJbatch.java 51.85% <0.00%> (+1.85%) 9.00% <0.00%> (+1.00%)
...obDeviceManagementOperationManagerServiceImpl.java 79.26% <0.00%> (+6.09%) 14.00% <0.00%> (+1.00%)
...pse/kapua/commons/security/KapuaSecurityUtils.java 93.10% <0.00%> (+6.89%) 0.00% <0.00%> (ø%)
.../DeviceManagementNotificationMessageProcessor.java 85.71% <0.00%> (+7.14%) 0.00% <0.00%> (ø%)
...ob/engine/jbatch/exception/JobEngineException.java 66.66% <0.00%> (+33.33%) 2.00% <0.00%> (+1.00%)
...gine/jbatch/exception/JobMissingStepException.java 100.00% <0.00%> (+100.00%) 1.00% <0.00%> (+1.00%)

@Coduz Coduz force-pushed the chng-bumpQuartzVersionTo2.3.2 branch 3 times, most recently from 36a57ec to f945eac Compare January 28, 2021 13:36
@Coduz Coduz force-pushed the chng-bumpQuartzVersionTo2.3.2 branch from f945eac to c35615a Compare January 28, 2021 15:11
@Coduz Coduz added CQ approved The PR has passed CQ approvation and removed CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Feb 1, 2021
@Coduz
Copy link
Contributor Author

Coduz commented Feb 1, 2021

CQs Approved

@Coduz Coduz force-pushed the chng-bumpQuartzVersionTo2.3.2 branch from c35615a to 1768c58 Compare February 5, 2021 10:41
@Coduz
Set Quartz dependency version to 2.3.2
65d57e4 
Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
@Coduz Coduz force-pushed the chng-bumpQuartzVersionTo2.3.2 branch from 1768c58 to 65d57e4 Compare February 5, 2021 10:44
@Coduz Coduz merged commit a76a5dd into eclipse:develop Feb 5, 2021
@Coduz Coduz deleted the chng-bumpQuartzVersionTo2.3.2 branch February 5, 2021 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorthirk lorthirk lorthirk approved these changes

Assignees
No one assigned
Labels
CQ approved The PR has passed CQ approvation Dependencies PR that updates dependencies. Be on the edge! Security This issue/PR has some security critical aspect and should be issued as soon as possible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Coduz @lorthirk