8000 fix: trivy vulnerability fix by shubham19may · Pull Request #252 · datazip-inc/olake · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: trivy vulnerability fix #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 27, 2025
Merged

fix: trivy vulnerability fix #252

merged 3 commits into from
Apr 27, 2025

Conversation

shubham19may
Copy link
Contributor
@shubham19may shubham19may commented Apr 26, 2025
edited
Loading

Description

Trivy reported this vulnerability.

org.apache.httpcomponents.client5:httpclient5 │ CVE-2025-27820 │ HIGH │ fixed │ 5.4 │ 5.4.3 │ Apache HttpClient disables domain checks
Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

  • Generated the jar again and tested the postgres sync. Working fine as its a patch upgrade to dependency version

Screenshots or Recordings

Screenshot 2025-04-26 at 2 34 22 PM

I have also tested it for the Hive metastore version (image: alexcpn/hivemetastore:3.1.3.5) by Hivemetastore config shared by client with

Reproduced issue, and then tested the fix. Can not share the configuration as its a public forum.

@shubham19may shubham19may merged commit a9bfac4 into staging Apr 27, 2025
7 checks passed
d-cryptic pushed a commit to d-cryptic/olake that referenced this pull request Apr 29, 2025
8000
@shubham19may @d-cryptic
fix: trivy vulnerability fix (datazip-inc#252)
6094b5d
d-cryptic pushed a commit to d-cryptic/olake that referenced this pull request Apr 29, 2025
@shubham19may @d-cryptic
fix: trivy vulnerability fix (datazip-inc#252)
dd87673
d-cryptic pushed a commit to d-cryptic/olake that referenced this pull request Apr 29, 2025
@shubham19may @d-cryptic
fix: trivy vulnerability fix (datazip-inc#252)
8027ed4
@hash-data hash-data deleted the fix/trivy-fix branch June 13, 2025 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hash-data hash-data hash-data approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shubham19may @hash-data
0