Add jmeter-grpc-request v2.0.0 - CVE fixes and mTLS support#820
Add jmeter-grpc-request v2.0.0 - CVE fixes and mTLS support#820undera merged 3 commits intoundera:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new release entry for the jmeter-grpc-request plugin (v2.0.0) to the plugin repository metadata so it can be discovered/downloaded via the catalog.
Changes:
- Added
2.0.0version metadata forjmeter-grpc-request, including change summary, download URL, and dependencies.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "changes": "Security: CVE fixes (commons-io 2.14.0 for CVE-2024-47554, TestNG 7.5.1 for CVE-2022-4065). Added Mutual TLS (mTLS) support with client certificate, client key, and CA certificate fields. JDK 8 compatible (bytecode 52).", | ||
| "downloadUrl": "https://github.com/bakthava/jmeter-grpc-request/releases/download/v2.0.0/jmeter-grpc-request.2.0.0.jar", | ||
| "depends": [ |
There was a problem hiding this comment.
The new 2.0.0 downloadUrl points to the bakthava/jmeter-grpc-request repo, but this plugin entry’s helpUrl (and all prior versions) still point to zalopay-oss/jmeter-grpc-request. Please confirm which upstream should be authoritative for this plugin and update the entry metadata (at least helpUrl, and any other repo-derived fields if needed) so users aren’t directed to the wrong project/docs.
| ] | ||
| }, | ||
| "2.0.0": { | ||
| "changes": "Security: CVE fixes (commons-io 2.14.0 for CVE-2024-47554, TestNG 7.5.1 for CVE-2022-4065). Added Mutual TLS (mTLS) support with client certificate, client key, and CA certificate fields. JDK 8 compatible (bytecode 52).", |
There was a problem hiding this comment.
The PR description claims “Upgraded TestNG from 7.6.1 to 7.5.1” which is a downgrade. Please double-check the actual TestNG version in the 2.0.0 release and update the release notes text here (and/or the PR description) so the CVE fix information is accurate.
|
I suggest you doing it slightly differently. Since the original repository is archived (https://github.com/zalopay-oss/jmeter-grpc-request) it would make sense for your release to inherit and continue the work. So you can point existing jmeter-grpc-request to your fork repo and add a new release over it. IMO the users will benefit from the continuity of the project, assuming you explain the relation to original project and this agreement. |
|
Sure thanks for the insights undera, I will resubmit with the rebase the branch to my fork. |
bakthava
force-pushed
the
add-grpc-request-plugin
branch
from
866135b to
fa89752
Compare
…otes - helpUrl: zalopay-oss -> bakthava (continuation of archived project per undera suggestion) - vendor: fix incorrect 'Datadog' -> 'bakthava' - v2.0.0 changes: replace inaccurate text with comprehensive CVE fix list (xstream, jackson-databind, log4j exclusion, json-smart, batik, bouncycastle, Netty, gRPC, protobuf) and note project continuity context
|
nice |
JMeter gRPC Request Plugin - Version 2.0.0
Plugin Details
What's New in v2.0.0
Security Fixes (CVE)
New Feature: Mutual TLS (mTLS) Support
Added client certificate authentication for servers requiring mTLS:
Compatibility
Technical Details