You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by GitBox <gi...@apache.org> on 2022/04/05 09:32:03 UTC
[GitHub] [tez] shameersss1 opened a new pull request, #198: TEZ-4403: Upgrade SLF4J Version To 1.7.34
shameersss1 opened a new pull request, #198:
URL: https://github.com/apache/tez/pull/198
urrently we are on slf4j 1.7.30 https://github.com/apache/tez/blob/master/pom.xml#L65. As per https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are four CVE's against this version.
1. CVE-2022-23305
2. CVE-2022-23302
3. CVE-2021-4104
4. CVE-2019-17571
Upgrading to 1.7.34 https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.34 should solve the security concerns.
Reference
1. https://github.com/apache/tez/blob/master/pom.xml#L256
2. https://github.com/apache/tez/blob/master/pom.xml#L240
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] shameersss1 commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.34
Posted by GitBox <gi...@apache.org>.
shameersss1 commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1097543506
@abstractdog Can you please review the changes?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.34
Posted by GitBox <gi...@apache.org>.
abstractdog commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1098943796
thanks for taking care of this @shameersss1!
as far as I can see, there is already 1.7.36, would you consider upgrading to that? it's told to fix log4j issues by pulling in reload4j
https://www.slf4j.org/news.html
let me know if it makes sense
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog merged pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.36
Posted by GitBox <gi...@apache.org>.
abstractdog merged PR #198:
URL: https://github.com/apache/tez/pull/198
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.34
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1088594098
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 16m 3s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 15m 59s | master passed |
| +1 :green_heart: | compile | 2m 20s | master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | compile | 2m 9s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javadoc | 2m 20s | master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javadoc | 1m 36s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 31s | the patch passed |
| +1 :green_heart: | compile | 2m 19s | the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javac | 2m 19s | the patch passed |
| +1 :green_heart: | compile | 2m 8s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 2m 8s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. |
| +1 :green_heart: | javadoc | 1m 58s | the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javadoc | 1m 36s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 66m 14s | root in the patch passed. |
| +1 :green_heart: | asflicense | 0m 30s | The patch does not generate ASF License warnings. |
| | | 120m 46s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/198 |
| Optional Tests | dupname asflicense javac javadoc unit xml compile |
| uname | Linux 83fc6d906103 4.15.0-163-generic #171-Ubuntu SMP Fri Nov 5 11:55:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / 3e452e985 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/1/testReport/ |
| Max. process+thread count | 1430 (vs. ulimit of 5500) |
| modules | C: . U: . |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/1/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.36
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1113138715
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 59s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 15m 48s | master passed |
| +1 :green_heart: | compile | 2m 33s | master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | compile | 2m 18s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javadoc | 2m 36s | master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javadoc | 1m 50s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 49s | the patch passed |
| +1 :green_heart: | compile | 3m 2s | the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javac | 3m 2s | the patch passed |
| +1 :green_heart: | compile | 2m 48s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 2m 48s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | javadoc | 2m 46s | the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javadoc | 2m 4s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 66m 25s | root in the patch passed. |
| +1 :green_heart: | asflicense | 0m 46s | The patch does not generate ASF License warnings. |
| | | 109m 52s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/3/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/198 |
| Optional Tests | dupname asflicense javac javadoc unit xml compile |
| uname | Linux 2320942233e3 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / 2a9495afe |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/3/testReport/ |
| Max. process+thread count | 1373 (vs. ulimit of 5500) |
| modules | C: . U: . |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/3/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] shameersss1 commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.34
Posted by GitBox <gi...@apache.org>.
shameersss1 commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1088602031
@abstractdog Could you please review the changes?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.36
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1108552638
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 16m 32s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| -1 :x: | mvninstall | 13m 56s | root in master failed. |
| -1 :x: | compile | 1m 31s | root in master failed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04. |
| -1 :x: | compile | 1m 20s | root in master failed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07. |
| +1 :green_heart: | javadoc | 2m 39s | master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javadoc | 1m 48s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Patch Compile Tests _ |
| -1 :x: | mvninstall | 3m 45s | root in the patch failed. |
| -1 :x: | compile | 1m 31s | root in the patch failed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04. |
| -1 :x: | javac | 1m 31s | root in the patch failed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04. |
| -1 :x: | compile | 1m 21s | root in the patch failed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07. |
| -1 :x: | javac | 1m 21s | root in the patch failed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07. |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | javadoc | 2m 10s | the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 |
| +1 :green_heart: | javadoc | 1m 49s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Other Tests _ |
| -1 :x: | unit | 65m 39s | root in the patch failed. |
| +1 :green_heart: | asflicense | 0m 43s | The patch does not generate ASF License warnings. |
| | | 115m 44s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/198 |
| Optional Tests | dupname asflicense javac javadoc unit xml compile |
| uname | Linux 2a878fae6a66 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / 627f33077 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| mvninstall | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/branch-mvninstall-root.txt |
| compile | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/branch-compile-root-jdkUbuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04.txt |
| compile | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/branch-compile-root-jdkPrivateBuild-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07.txt |
| mvninstall | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/patch-mvninstall-root.txt |
| compile | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/patch-compile-root-jdkUbuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04.txt |
| javac | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/patch-compile-root-jdkUbuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04.txt |
| compile | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/patch-compile-root-jdkPrivateBuild-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07.txt |
| javac | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/patch-compile-root-jdkPrivateBuild-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07.txt |
| unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/artifact/out/patch-unit-root.txt |
| Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/testReport/ |
| Max. process+thread count | 1386 (vs. ulimit of 5500) |
| modules | C: . U: . |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/2/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] shameersss1 commented on pull request #198: TEZ-4403: Upgrade SLF4J Version To 1.7.36
Posted by GitBox <gi...@apache.org>.
shameersss1 commented on PR #198:
URL: https://github.com/apache/tez/pull/198#issuecomment-1113013439
@abstractdog - i have upgraded the version to 1.7.36 and re-triggered the pre-commit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org