pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard
verified publisher icon apache

[fix] Upgrade K8S java client to 20.0.0

Open merlimat opened this issue 1 year ago • 0 comments

Motivation

Upgrade K8S java client lib to latest version. This version is pulling the latest version of org.bitbucket.b_c:jose4j:jar:0.9.4:compile which has a fix for:

┌──────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│               Library                │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├──────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ org.bitbucket.b_c:jose4j             │ CVE-2023-51775 │ MEDIUM   │ fixed  │ 0.9.3             │ 0.9.4         │ jose4j: denial of service (CPU consumption) via a large p2c │
│ (org.bitbucket.b_c-jose4j-0.9.3.jar) │                │          │        │                   │               │ (aka PBES2...                                               │
│                                      │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-51775                  │
└──────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Modifications

Verifying this change

  • [ ] Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • [ ] Dependencies (add or upgrade a dependency)
  • [ ] The public API
  • [ ] The schema
  • [ ] The default values of configurations
  • [ ] The threading model
  • [ ] The binary protocol
  • [ ] The REST endpoints
  • [ ] The admin CLI options
  • [ ] The metrics
  • [ ] Anything that affects deployment

Documentation

  • [ ] doc
  • [ ] doc-required
  • [x] doc-not-needed
  • [ ] doc-complete

Matching PR in forked repository

PR in forked repository:

merlimat avatar Mar 14 '24 18:03 merlimat