Closed avelanarius closed 2 years ago
This PR cleanly applies also to the branch-4.4
.
branch 4.3 is long dead
Active branches: 4.5, 4.6, 5.0.
@avelanarius why did you target 4.3 and 4.4? Are more recent branches not affected? If they are, we can backport to the active branches as described by @avikivity.
@denesb This fix of this PR is already in master. If I understand patch flow maintainer documentation correctly (I misunderstood it before), a maintainer should cherry pick fe351e84910017e0bd1f88c750bcd768081b5723 and 6b677f98c109ee298619a486a9dd374623e3a71a onto older branches.
@avelanarius sorry to pile on more paperwork, but to backport something, we need an issue. So please create issues in scylla.git and immediately close them referencing the commits that fix the problem.
Also, like I mentioned in https://github.com/scylladb/scylla-enterprise-jmx/issues/10#issuecomment-1149425901 we need to know which releases are vulnerable. Usually, when backporting a fix, we backport to all live releases. The only reason to exclude a release from backport is it not being vulnerable to the fixed bug.
I understand that 2021.1 is the target, but we have both older and newer live releases.
Backport a commit updating snakeyaml dependency.
Update Jackson dependency to a newer version, without any known security vulnerabilities.