Skip to content

Fix CVE-2025-68161: Force resolve log4j dependencies#932

Merged
peterzhuamazon merged 2 commits into
opensearch-project:mainfrom
AjayRajNelapudi:fix/cve-2025-68161
Apr 1, 2026
Merged

Fix CVE-2025-68161: Force resolve log4j dependencies#932
peterzhuamazon merged 2 commits into
opensearch-project:mainfrom
AjayRajNelapudi:fix/cve-2025-68161

Conversation

@AjayRajNelapudi

Copy link
Copy Markdown
Contributor

Description

Fix CVE-2025-68161: Force resolve log4j dependencies

Related Issues

Resolves https://advisories.opensearch.org/advisories/CVE-2025-68161

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Ajay Raj Nelapudi <ajnelapu@amazon.com>
@codecov

codecov Bot commented Apr 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.32%. Comparing base (9cb092f) to head (0e4d526).
⚠️ Report is 56 commits behind head on main.

Additional details and impacted files
@@             Coverage Diff              @@
##               main     #932      +/-   ##
============================================
- Coverage     70.88%   70.32%   -0.56%     
- Complexity      421      523     +102     
============================================
  Files            49       56       +7     
  Lines          3125     3663     +538     
  Branches        194      244      +50     
============================================
+ Hits           2215     2576     +361     
- Misses          785      923     +138     
- Partials        125      164      +39     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Updated log4j dependencies to remove CVE-2025-68161 comments.

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
@peterzhuamazon peterzhuamazon merged commit 6637d57 into opensearch-project:main Apr 1, 2026
7 checks passed
opensearch-trigger-bot Bot pushed a commit that referenced this pull request Apr 1, 2026
* Fix CVE-2025-68161: Force resolve log4j dependencies

Signed-off-by: Ajay Raj Nelapudi <ajnelapu@amazon.com>

* Update log4j dependency declarations

Updated log4j dependencies to remove CVE-2025-68161 comments.

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

---------

Signed-off-by: Ajay Raj Nelapudi <ajnelapu@amazon.com>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
Co-authored-by: Ajay Raj Nelapudi <ajnelapu@amazon.com>
Co-authored-by: Peter Zhu <zhujiaxi@amazon.com>
(cherry picked from commit 6637d57)
peterzhuamazon added a commit that referenced this pull request Apr 1, 2026
* Fix CVE-2025-68161: Force resolve log4j dependencies



* Update log4j dependency declarations

Updated log4j dependencies to remove CVE-2025-68161 comments.



---------





(cherry picked from commit 6637d57)

Signed-off-by: Ajay Raj Nelapudi <ajnelapu@amazon.com>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
Co-authored-by: Ajay Raj Nelapudi <ajayraj.nelapudi@gmail.com>
Co-authored-by: Ajay Raj Nelapudi <ajnelapu@amazon.com>
Co-authored-by: Peter Zhu <zhujiaxi@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants