Skip to content

Bump curl, openssl, zlib to address CVEs #482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Apr 25, 2025

Conversation

BewareMyPower
Copy link
Contributor

@BewareMyPower BewareMyPower commented Apr 22, 2025

  • openssl 3.1.4 -> 3.5.0
  • zlib 1.3 -> 1.3.1
  • curl 8.4.0 -> 8.13.0

Keep the protobuf to an old version (3.21.12) because it's the last release that supports C++11, see https://protobuf.dev/news/2022-08-03/

Keep the asio version not changed (1.28.2) because there are some APIs removed.

@BewareMyPower BewareMyPower self-assigned this Apr 22, 2025
@BewareMyPower BewareMyPower added this to the 3.8.0 milestone Apr 22, 2025
@BewareMyPower BewareMyPower marked this pull request as draft April 22, 2025 09:05
@BewareMyPower BewareMyPower marked this pull request as ready for review April 22, 2025 09:15
@BewareMyPower
Copy link
Contributor Author

Some tests failed:

     299 ms: ./pulsar-tests ClientTest.testCloseClient (try #1)
    1291 ms: ./pulsar-tests Pulsar/ReaderSeekTest.testHasMessageAvailableAfterSeekTimestamp/0 (try #1)
   30038 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/0 (try #1)
   30052 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/1 (try #1)
   60031 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/0 (try #1)
   60030 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/1 (try #1)
   30026 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/0 (try #2)
   30029 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/1 (try #2)
   30064 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/0 (try #3)
   30028 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/1 (try #3)
   60028 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/0 (try #2)
   60028 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/1 (try #2)
   30024 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/0 (try #4)
   30030 ms: ./pulsar-tests Pulsar/LookupServiceTest.testGetKeyValueSchema/1 (try #4)
   60029 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/0 (try #3)
   60030 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/1 (try #3)
   60032 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/0 (try #4)
   60029 ms: ./pulsar-tests Pulsar/KeyValueSchemaTest.testKeyValueSchema/1 (try #4)

Let me address these failures.

@BewareMyPower BewareMyPower marked this pull request as draft April 22, 2025 09:39
@BewareMyPower BewareMyPower marked this pull request as ready for review April 23, 2025 08:29
@BewareMyPower BewareMyPower marked this pull request as draft April 23, 2025 09:13
@BewareMyPower BewareMyPower marked this pull request as ready for review April 23, 2025 11:37
@BewareMyPower BewareMyPower merged commit eede80b into apache:main Apr 25, 2025
13 checks passed
BewareMyPower added a commit that referenced this pull request Apr 28, 2025
- openssl 3.1.4 -> 3.5.0
- zlib 1.3 -> 1.3.1
- curl 8.4.0 -> 8.13.0

Keep the `protobuf` to an old version (3.21.12) because it's the last release that supports C++11, see https://protobuf.dev/news/2022-08-03/

Keep the `asio` version not changed (1.28.2) because there are some APIs removed.

(cherry picked from commit eede80b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants