Skip to content

Update mq allclient, log4j and junit to latest version #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 26, 2023
Merged

Update mq allclient, log4j and junit to latest version #62

merged 3 commits into from
Sep 26, 2023

Conversation

@Joel-hanson
Copy link
Contributor

@Joel-hanson Joel-hanson commented Sep 25, 2023
edited
Loading

Description

Update IBM MQ allclient to address:

CVE-2020-15522 5.9 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability pending CVSS allocation
Cxa9261daf-3755 9.8 Vulnerability with high severity found

Update log4j to address:

CVE-2019-17571 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
CVE-2021-4104 7.5 Deserialization of Untrusted Data vulnerability with medium severity found
CVE-2022-23302 8.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
CVE-2022-23305 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability pending CVSS allocation
CVE-2022-23307 8.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation

Update testcontainers and junit to be in the same version as https://github.com/ibm-messaging/kafka-connect-mq-source connector

Fixes #61

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

  • E2E
  • Unit Test
  • Integration Test

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@Joel-hanson Joel-hanson changed the title Update mq allclient, log4j and junit to latest versionclient Update mq allclient, log4j and junit to latest version Sep 25, 2023
neeraj-laad
neeraj-laad approved these changes Sep 25, 2023
View reviewed changes
Copy link
Contributor

@neeraj-laad neeraj-laad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Joel-hanson
Update template to check if the code is tested properly
8c94f2b 
Signed-off-by: Joel Hanson <[email protected]>
Signed-off-by: Joel Hanson <[email protected]>
@Joel-hanson Joel-hanson requested review from neeraj-laad and varada-sunanda-ibm and removed request for neeraj-laad September 26, 2023 03:33
@Joel-hanson
Update version from 1.5.1 to 1.5.2
c11934c 
- Update dockerfile to be same as source connector

Signed-off-by: Joel Hanson <[email protected]>
Signed-off-by: Joel Hanson <[email protected]>
Signed-off-by: Joel Hanson <[email protected]>
neeraj-laad
neeraj-laad approved these changes Sep 26, 2023
View reviewed changes
Copy link
Contributor

@neeraj-laad neeraj-laad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dalelane dalelane merged commit 3bd3bdb into ibm-messaging:main Sep 26, 2023
@Joel-hanson Joel-hanson mentioned this pull request Oct 5, 2023
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dalelane dalelane dalelane approved these changes

@neeraj-laad neeraj-laad neeraj-laad approved these changes

@varada-sunanda-ibm varada-sunanda-ibm Awaiting requested review from varada-sunanda-ibm

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Old MQ allclient has TLS-Problems with new JVM

3 participants

@Joel-hanson @dalelane @neeraj-laad