Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unused dev files #15737

Closed
mmalohlava opened this issue Sep 8, 2023 · 0 comments · Fixed by #15738
Closed

Remove unused dev files #15737

mmalohlava opened this issue Sep 8, 2023 · 0 comments · Fixed by #15738
Assignees
@mmalohlava
Labels
bug Security Vulnerability
Milestone
3.44.0.1

Comments

@mmalohlava
Copy link
Member

H2O version, Operating System and Environment
ALL

Actual behavior
Unused, deprecated files exposing security vulnerabilities.

Expected behavior
Remove files if they are not used.

Steps to reproduce
https://huntr.mlsecops.com/bounties/6a69952f-a1ba-4dee-9d8c-e87f52508b58/
@mmalohlava mmalohlava self-assigned this Sep 8, 2023
@mmalohlava mmalohlava changed the title Remove unused files Remove unused dev files Sep 8, 2023
mmalohlava added a commit that referenced this issue Sep 8, 2023
@mmalohlava
bug: remove unused files.
56fc3db 
The files were:
 - created 6y ago without major updates.
 - using Ubuntu 16.04.
 - using S3 bucket that does not exist anymore (and creates security
   vulnerability).
 - not used in the repository.

After change - there are no references to the deleted files:
```bash
❯ ag "Dockerfile.dev"
❯ ag "setup-h2o-dev.sh"
  ~/Devel/projects/h2o/repos/h2o2 on   mm/master/gh_15737 *43 +2 ?19 ❯
```

This change fixes #15737
and related security vulnerability https://huntr.mlsecops.com/bounties/6a69952f-a1ba-4dee-9d8c-e87f52508b58/
@mmalohlava mmalohlava mentioned this issue Sep 8, 2023
Merged
@mn-mikke mn-mikke added this to the 3.44.0.1 milestone Sep 11, 2023
mn-mikke pushed a commit that referenced this issue Sep 11, 2023
@mmalohlava
bug: remove unused files. (#15738)
458c011 
The files were:
 - created 6y ago without major updates.
 - using Ubuntu 16.04.
 - using S3 bucket that does not exist anymore (and creates security
   vulnerability).
 - not used in the repository.

After change - there are no references to the deleted files:
```bash
❯ ag "Dockerfile.dev"
❯ ag "setup-h2o-dev.sh"
  ~/Devel/projects/h2o/repos/h2o2 on   mm/master/gh_15737 *43 +2 ?19 ❯
```

This change fixes #15737
and related security vulnerability https://huntr.mlsecops.com/bounties/6a69952f-a1ba-4dee-9d8c-e87f52508b58/
hannah-tillman added a commit that referenced this issue Oct 10, 2023
@hannah-tillman
ht/initial draft release notes (37 issues)
c64a45b 
excluding internal-only facing issues (6):
- GH-15795: Included GitHub issue numbers in PR descriptions for gradle checks.
- GH-15787: Included GitHub issue links in PR descriptions for gradle checks.
- GH-15764: Forced Prisma to use specific path to scan for vulnerability by specifying versions of commons-compress and protobuf-java in Main Standalone Jar.
- GH-15737: Removed unused developer files.
- GH-15691: Fixed broken JIRA links from the R documentation.
- GH-15470: Upgraded Hadoop Libraries to 3.3.5 in Main Standalone Jar.
@hannah-tillman hannah-tillman mentioned this issue Oct 10, 2023
Merged
mn-mikke added a commit that referenced this issue Oct 15, 2023
@hannah-tillman @mn-mikke
[GH-15811] 3.44.0.1 Release Notes [no check] (#15812)
cdb6ce3 
* ht/initial draft release notes (37 issues)

excluding internal-only facing issues (6):
- GH-15795: Included GitHub issue numbers in PR descriptions for gradle checks.
- GH-15787: Included GitHub issue links in PR descriptions for gradle checks.
- GH-15764: Forced Prisma to use specific path to scan for vulnerability by specifying versions of commons-compress and protobuf-java in Main Standalone Jar.
- GH-15737: Removed unused developer files.
- GH-15691: Fixed broken JIRA links from the R documentation.
- GH-15470: Upgraded Hadoop Libraries to 3.3.5 in Main Standalone Jar.

* ht/added 15815 & 15470; removed jetty v#

* Postpone release date

---------

Co-authored-by: Marek Novotny <[email protected]>
@mn-mikke mn-mikke mentioned this issue Jan 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmalohlava mmalohlava

Labels
bug Security Vulnerability
Projects
None yet
Milestone
3.44.0.1
Development

Successfully merging a pull request may close this issue.

[GH-15737] bug: remove unused files. h2oai/h2o-3
2 participants
@mmalohlava @mn-mikke