search

palantir / cassandra

Palantir's fork of Apache Cassandra
Apache License 2.0
10 stars 7 forks source link

upgrade snappy-java to 1.1.10.4 #558

Closed rhuffy closed 1 month ago

rhuffy commented 1 month ago

This addresses CVE-2023-43642

rhuffy commented 1 month ago

Confirmed that expected https://repo1.maven.org/maven2/org/xerial/snappy/snappy-java/1.1.10.4/snappy-java-1.1.10.4.jar.sha1

matches actual

shasum -a 1 lib/snappy-java-1.1.10.4.jar
50d0390056017158bdc75c063efd5c2a898d5f0c  lib/snappy-java-1.1.10.4.jar
rhuffy commented 1 month ago

The same version is currently used on trunk https://github.com/apache/cassandra/blob/7446529e45047c45248ecdb21c239e4d6dc673ff/.build/parent-pom-template.xml#L295

autorelease3[bot] commented 1 month ago

:warning: Release Failed

Failed to push release: exit status 1
Command Output
remote: error: GH006: Protected branch update failed for refs/heads/palantir-cassandra-2.2.18.        
remote: 
remote: - Changes must be made through a pull request.        
remote: 
remote: - 4 of 4 required status checks are expected.        
!   refs/heads/palantir-cassandra-2.2.18:refs/heads/palantir-cassandra-2.2.18   [remote rejected] (protected branch hook declined)
!   refs/tags/1.167.0:refs/tags/1.167.0 [remote rejected] (atomic transaction failed)

If you know how to resolve this error, you can initiate a manual release using the autorelease UI. Otherwise, please reach out to #help-devtools for assistance and include csd5k3kqrq8rmg9o3a6g as your error id.