Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Memcache SSLContext Protocol to TLSv1.2 #190

Merged
merged 5 commits into from
Mar 8, 2024
Merged

Update Memcache SSLContext Protocol to TLSv1.2 #190

merged 5 commits into from
Mar 8, 2024

Conversation

pagrawal10
Copy link

@pagrawal10 pagrawal10 commented Mar 8, 2024
edited
Loading

Cherry-picks apache#16035
TLS versions 1.0, 1.1, and all SSL versions are considered weak encryption and are deprecated.
This PR updates the TLS version used for SSL connections to v1.2

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • a release note entry in the PR description.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

KeerthanaSrikanth and others added 5 commits January 24, 2024 10:02
@KeerthanaSrikanth @pagrawal10
Upgrade pac4j-oidc to 4.5.7 to address CVE-2021-44878 (apache#15522)
7dc2876 
* Upgrade org.pac4j:pac4j-oidc to 4.5.5 to address CVE-2021-44878
* add CVE suppression and notes, since vulnerability scan still shows this CVE
* Add tests to improve coverage
@pagrawal10
Merge branch '28.0.1-confluent' of github.com:confluentinc/druid into…
47debbe 
… 28.0.1-confluent
@pagrawal10 @xvrl
CVE Fix: Update json-path version (apache#15772)
c9b61ad 
Apache Druid brings the dependency json-path which is affected by CVE-2023-51074.
Its latest version 2.9.0 fixes the above CVE.

Append function has been added to json-path and so the unit test to check for the append function not present has been updated.

---------

Co-authored-by: Xavier Léauté <[email protected]>
@pagrawal10
Merge branch '28.0.1-confluent' of github.com:confluentinc/druid into…
6e8e215 
… 28.0.1-confluent
@pagrawal10
Update protocol for MemcachedCache (apache#16035)
aa88da3
@pagrawal10 pagrawal10 requested review from a team as code owners March 8, 2024 02:59
@pagrawal10 pagrawal10 enabled auto-merge (squash) March 8, 2024 04:33
@pagrawal10 pagrawal10 merged commit 3746924 into 28.0.1-confluent Mar 8, 2024
4 checks passed
@pagrawal10 pagrawal10 deleted the CONMON-152 branch March 8, 2024 07:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pankaj260100 Pankaj260100 Pankaj260100 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pagrawal10 @Pankaj260100 @KeerthanaSrikanth