Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade flatbuffers from 2.1.2 to 23.5.26 to address security issue #15628

Merged
merged 4 commits into from
Sep 20, 2023
Merged

upgrade flatbuffers from 2.1.2 to 23.5.26 to address security issue #15628

merged 4 commits into from
Sep 20, 2023

Conversation

tonyxuqqi
Copy link
Contributor

What is changed and how it works?

Issue Number: Ref #15621

What's Changed:

The security issue is https://github.com/google/flatbuffers/issues/6627.
Upgrade flatbuffers from 2.1.2 to 23.5.26 to address it.

Related changes

  • PR to update pingcap/docs/pingcap/docs-cn:
  • Need to cherry-pick to the release branch

Check List

Tests

  • No code

Release note 

None

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 18, 2023
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • SpadeA-Tang
  • bufferflies

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot bot added the release-note-none Denotes a PR that doesn't merit a release note. label Sep 18, 2023
@ti-chi-bot ti-chi-bot bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Sep 18, 2023
@tonyxuqqi
Copy link
Contributor Author

/test

@ti-chi-bot ti-chi-bot bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Sep 18, 2023
@ti-chi-bot ti-chi-bot bot added the status/LGT1 Indicates that a PR has LGTM 1. label Sep 19, 2023
@ti-chi-bot ti-chi-bot bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Sep 19, 2023
@tonyxuqqi
Copy link
Contributor Author

/merge

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 20, 2023

@tonyxuqqi: It seems you want to merge this PR, I will help you trigger all the tests:

/run-all-tests

You only need to trigger /merge once, and if the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

If you have any questions about the PR merge process, please refer to pr process.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Sep 20, 2023

This pull request has been accepted and is ready to merge.

Commit hash: 07a5fb2

@ti-chi-bot ti-chi-bot bot added the status/can-merge Indicates a PR has been approved by a committer. label Sep 20, 2023
@ti-chi-bot ti-chi-bot bot merged commit 6971a46 into tikv:master Sep 20, 2023
1 check passed
@ti-chi-bot ti-chi-bot bot added this to the Pool milestone Sep 20, 2023
@tonyxuqqi
Copy link
Contributor Author

/cherry-pick release-6.5

@ti-chi-bot
Copy link
Member

@tonyxuqqi: new pull request created to branch release-6.5: #15664.

In response to this:

/cherry-pick release-6.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot mentioned this pull request Sep 21, 2023
Closed
ti-chi-bot pushed a commit to ti-chi-bot/tikv that referenced this pull request Sep 21, 2023
@tonyxuqqi @ti-chi-bot
This is an automated cherry-pick of tikv#15628
c33157f 
ref tikv#15621

Signed-off-by: ti-chi-bot <[email protected]>
glorv added a commit to glorv/tikv that referenced this pull request Sep 26, 2023
@glorv
Revert "upgrade flatbuffers from 2.1.2 to 23.5.26 to address security…
1778d79 
… issue (tikv#15628)"

This reverts commit 6971a46.

Signed-off-by: glorv <[email protected]>
@glorv glorv mentioned this pull request Sep 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bufferflies bufferflies bufferflies approved these changes

@SpadeA-Tang SpadeA-Tang SpadeA-Tang approved these changes

Assignees
No one assigned
Labels
affects-6.5 affects-7.1 release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
Pool
Development

Successfully merging this pull request may close these issues.
4 participants
@tonyxuqqi @ti-chi-bot @bufferflies @SpadeA-Tang