Skip to content

Upgrade ion-java to 1.11.2 and remove handling of exceptions that are no longer leaked #482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 9, 2024
Merged

Upgrade ion-java to 1.11.2 and remove handling of exceptions that are no longer leaked #482

merged 2 commits into from
Feb 9, 2024

Conversation

tgregg
Copy link
Contributor

@tgregg tgregg commented Feb 9, 2024

Closes #469
Closes #471
Closes #473

ion-java 1.11.2 release notes: https://github.com/amazon-ion/ion-java/releases/tag/v1.11.2
Maven Central release: https://central.sonatype.com/artifact/com.amazon.ion/ion-java/1.11.2

This should take care of the leaked exceptions identified via fuzzing so far. If we find more we will fix them in subsequent ion-java releases.

@cowtowncoder cowtowncoder merged commit 4974cfd into FasterXML:2.17 Feb 9, 2024
@tgregg tgregg deleted the 2.17-upgrade-to-ion-java-1.11.2 branch February 9, 2024 22:10
@cowtowncoder
Copy link
Member

Thank you @tgregg!

There is one new Fuzz report at:

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66495

but it might be resolved by this as well, I'll see if it gets closed within 24-48 hours (there's some delay until failing tests are re-run).

Btw, can you see OSS-Fuzz entries like that, or do you need more access? I use this dashboard:

https://oss-fuzz.com/testcases?open=yes&project=jackson-dataformats-binary&reproducible=yes&security=no

(which contains fails for all binary formats)

@tgregg
Copy link
Contributor Author

tgregg commented Feb 9, 2024
edited
Loading

@cowtowncoder I get permission denied at both of those links. Is there something you can do to grant me access, or do you know of a self-service process for me to follow?

Note: I'm also going to onboard ion-java directly so I won't have to wait to receive reports via jackson-dataformats-binary.

@cowtowncoder
Copy link
Member

@tgregg I can ask Adam via comment to add, I think -- do you have gmail account to use? I think main auth is via google.

@tgregg
Copy link
Contributor Author

tgregg commented Feb 9, 2024

do you have gmail account to use

Yes, tyagregg@

@cowtowncoder
Copy link
Member

cowtowncoder commented Feb 9, 2024
edited
Loading

@tgregg Ok I'll see if I can do a PR for https://github.com/cowtowncoder/oss-fuzz; access defined in project.yaml I think

-> google/oss-fuzz#11584

@cowtowncoder
Copy link
Member

@tgregg Ok, merged -- I think you should now have access.

@tgregg
Copy link
Contributor Author

tgregg commented Feb 9, 2024

Still getting access denied for now; I'll check again later in case the changes take time to propagate.

@cowtowncoder
Copy link
Member

Yeah, that could be. Let me know if it still won't work after 24 hours or so, I can ask what gives.

@cowtowncoder
Copy link
Member

cowtowncoder commented Feb 10, 2024
edited
Loading

@tgregg I think you have access now (I saw updates that were for notifying you of open issues I think). And in good news, looks like all relevant OSS-Fuzz reported issues were verified resolved by this PR!!!

@tgregg
Copy link
Contributor Author

tgregg commented Feb 12, 2024

Excellent. Yes, I can view the existing issues now, and I'm receiving updates via email. I'll keep working to resolve the Ion-related issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cowtowncoder cowtowncoder cowtowncoder approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@tgregg @cowtowncoder