Skip to content

Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547 #1280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 12, 2025
Merged

Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547 #1280

merged 1 commit into from
Aug 12, 2025

Conversation

@gaiksaya
Copy link
Member

Description

Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@amsiglan amsiglan merged commit dc5991d into opensearch-project:main Aug 12, 2025
9 of 14 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Aug 12, 2025
@github-actions
Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547 (#1280)
85d4d33 
Signed-off-by: Sayali Gaikawad <[email protected]>
(cherry picked from commit dc5991d)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Aug 12, 2025
Merged
@gaiksaya gaiksaya deleted the fix-cve branch August 12, 2025 03:16
gaiksaya pushed a commit that referenced this pull request Aug 12, 2025
@opensearch-trigger-bot @github-actions
Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547 (#1280) (#1281)
71388db 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.19 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/alerting-dashboards-plugin/backport-2.19 2.19
# Navigate to the new working tree
pushd ../.worktrees/alerting-dashboards-plugin/backport-2.19
# Create a new branch
git switch --create backport-1280-to-2.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 dc5991defa701698e72be4034004e341cb202a0e
# Push it to GitHub
git push --set-upstream origin backport-1280-to-2.19
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/alerting-dashboards-plugin/backport-2.19

Then, create a pull request where the base branch is 2.19 and the compare/head branch is backport-1280-to-2.19.

amsiglan pushed a commit to amsiglan/alerting-dashboards-plugin that referenced this pull request Oct 29, 2025
@gaiksaya @amsiglan
Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547 (opensearch-pro…
eed3971 
…ject#1280)

Signed-off-by: Sayali Gaikawad <[email protected]>
@amsiglan amsiglan mentioned this pull request Oct 29, 2025
Merged
5 tasks
amsiglan added a commit that referenced this pull request Oct 29, 2025
@amsiglan @gaiksaya @peterzhuamazon
[Backport 2.19] Cherry pick CVE fixes #1296, #1280 (#1303)
a52d774 
* Resolve pbkdf2 to resolve CVE-2025-6545 CVE-2025-6547 (#1280)

Signed-off-by: Sayali Gaikawad <[email protected]>

* Bump form-data, cipher-base, sha.js version (#1296)

Signed-off-by: Peter Zhu <[email protected]>

---------

Signed-off-by: Sayali Gaikawad <[email protected]>
Signed-off-by: Peter Zhu <[email protected]>
Co-authored-by: Sayali Gaikawad <[email protected]>
Co-authored-by: Peter Zhu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peterzhuamazon peterzhuamazon peterzhuamazon approved these changes

@amsiglan amsiglan amsiglan approved these changes

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

@eirsep eirsep Awaiting requested review from eirsep eirsep is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@bowenlan-amzn bowenlan-amzn Awaiting requested review from bowenlan-amzn bowenlan-amzn is a code owner

@rishabhmaurya rishabhmaurya Awaiting requested review from rishabhmaurya rishabhmaurya is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

Assignees

No one assigned

Labels

backport 2.19 backport 3.2 failed backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gaiksaya @peterzhuamazon @amsiglan