Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BE: upgrade logback to 1.5.16 #773

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

BE: upgrade logback to 1.5.16 #773

wants to merge 1 commit into from

Conversation

yeikel
Copy link
Collaborator

@yeikel yeikel commented Jan 14, 2025
edited
Loading

What changes did you make? (Give an overview)

Fixes CVE-2024-12798 and CVE-2024-12801 while we wait for the next Spring Boot Release

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • Covered by existing automation
  • Manual tests

Cherry-picked 150b7af to test with changes in #745

Without this PR : https://github.com/kafbat/kafka-ui/actions/runs/12760141709/job/35565086663?pr=745

image

With this PR: https://github.com/kafbat/kafka-ui/actions/runs/12760148833/job/35565105573?pr=773

image

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas

A picture of a cute animal (not mandatory but encouraged)

baby-pangolin-on-mother

@kapybro kapybro bot added status/triage Issues pending maintainers triage status/triage/manual Manual triage in progress status/triage/completed Automatic triage completed and removed status/triage Issues pending maintainers triage labels Jan 14, 2025
@yeikel yeikel force-pushed the overwrite-logback branch 2 times, most recently from 848cf62 to c901408 Compare January 14, 2025 02:43
@yeikel yeikel force-pushed the overwrite-logback branch 2 times, most recently from cd5ffcd to 588862c Compare January 14, 2025 02:57
@yeikel yeikel marked this pull request as ready for review January 14, 2025 02:57
@yeikel yeikel requested review from a team as code owners January 14, 2025 02:57
Haarolean
Haarolean previously approved these changes Jan 14, 2025
View reviewed changes
@Haarolean Haarolean added scope/backend Related to backend changes type/security Pull requests that address a security vulnerability type/dependencies A pull request/issue dedicated to updating the dependency(-ies) and removed status/triage/manual Manual triage in progress labels Jan 14, 2025
@Haarolean Haarolean added this to the 1.2 milestone Jan 14, 2025
@Haarolean
Copy link
Member

@yeikel do you mind if we hold this for a few days? We currently have #109 in progress so this will impose merge conflicts, I believe it'd be easier to do this the other way -- to upgrade logback once we migrate to gradle.

@yeikel
Copy link
Collaborator Author

yeikel commented Jan 14, 2025

@yeikel do you mind if we hold this for a few days? We currently have #109 in progress so this will impose merge conflicts, I believe it'd be easier to do this the other way -- to upgrade logback once we migrate to gradle.

I am okay to wait

@yeikel yeikel marked this pull request as draft January 14, 2025 14:51
@yeikel
Copy link
Collaborator Author

yeikel commented Jan 14, 2025

The only challenge is that the project will remain vulnerable to these CVEs until this upgrade can happen so hopefully we can complete the Gradle migration soon

@Haarolean
Copy link
Member

The only challenge is that the project will remain vulnerable to these CVEs until this upgrade can happen so hopefully we can complete the Gradle migration soon

I've been told a few days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Haarolean Haarolean Haarolean left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
scope/backend Related to backend changes status/triage/completed Automatic triage completed type/dependencies A pull request/issue dedicated to updating the dependency(-ies) type/security Pull requests that address a security vulnerability
Projects
Release 1.2
Status: PR Approved
Milestone
1.2
Development

Successfully merging this pull request may close these issues.
2 participants
@yeikel @Haarolean