Skip to content

[incubator-kie-issues#1737] [CVE] [Medium] CVE-2023-0833 okhttp-3.12.12.jar (Part 2) #3835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[incubator-kie-issues#1737] [CVE] [Medium] CVE-2023-0833 okhttp-3.12.12.jar (Part 2) #3835

wants to merge 1 commit into from

Conversation

josedee
Copy link
Contributor

@josedee josedee commented Jan 28, 2025

Part of apache/incubator-kie-issues#1781

GroupId: com.squareup.okhttp3
ArtifactId: okhttp
Version: 3.12.12

Description: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Top fix: Upgrade to version com.squareup.okhttp3:okhttp:4.9.2
Message: Upgrade to version

@kie-ci3
Copy link
Contributor

kie-ci3 commented Jan 28, 2025

PR job #1 was: UNSTABLE
Possible explanation: This should be test failures

Reproducer

build-chain build full_downstream -f 'https://raw.githubusercontent.com/${AUTHOR:apache}/incubator-kie-kogito-pipelines/${BRANCH:main}/.ci/buildchain-config-pr-cdb.yaml' -o 'bc' -p apache/incubator-kie-kogito-runtimes -u #3835 --skipParallelCheckout

NOTE: To install the build-chain tool, please refer to https://github.com/kiegroup/github-action-build-chain#local-execution

Please look here: https://ci-builds.apache.org/job/KIE/job/kogito/job/main/job/pullrequest_jobs/job/kogito-runtimes-pr/job/PR-3835/1/display/redirect

Test results:

  • PASSED: 3479
  • FAILED: 13

Those are the test failures:

org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.DeploymentUtilsTest.testDeploymentWithServiceWithCustomPortName java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.Fabric8KubernetesServiceCatalogTest.getServiceAddress(KubernetesProtocol, String, String)[1] java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.IngressUtilsTest.testIngressWithTLS java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.KnativeServiceDiscoveryTest.queryService java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.KubernetesResourceDiscoveryTest.testServiceNodePort java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.OpenShiftServiceDiscoveryTest.testDeploymentConfigWithoutService java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.PodUtilsTest.testPodWithNoService java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.StatefulSetUtilsTest.testStatefulSetNoService java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.knative.serving.customfunctions.it.KnativeServingAddonIT.(?) java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.kubernetes.ConfigValueExpanderIT.test java.util.concurrent.CompletionException: java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.k8s.KnativeRouteEndpointDiscoveryTest.testBaseCase java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.k8s.KubernetesServiceEndpointDiscoveryTest.testGetURLOnRandomPort java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'
org.kie.kogito.addons.quarkus.k8s.config.KubeDiscoveryConfigCacheUpdaterTest.knativeResource java.lang.NoSuchMethodError: 'void okhttp3.internal.Internal.initializeInstanceForTests()'

@josedee josedee closed this Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@josedee @kie-ci3