You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2020/01/10 14:00:43 UTC
[GitHub] [flink] zentol opened a new pull request #10830: [FLINK-x][azure]
Bump jetty-util to 3.1.2
zentol opened a new pull request #10830: [FLINK-x][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830
`flink-fs-hadoop-azure` has transitive dependency on jetty-util-ajax:9.3.19, which has a security vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
This was fixed in `9.3.24.v20180605` ([source](https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668)). Starting from version 3.2.1 `hadoop-azure` is using this version as well, but for a quick resolution I propose bumped this single dependency for the time being.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on issue #10830: [FLINK-15554][azure] Bump
jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
zentol commented on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573458471
We have no tests that actually use the azure-fs jar; while there is an e2e _test_ we have no azure credentials.
I did however look at
* the commit that bumped jetty in the hadoop-azure project, which did not require any changes
* the (single....) jetty usages and that code hasn't been touched in a long time
* hadoop-azure 3.1.2 exclusive commits and there was nothing jetty related
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:PENDING URL:https://travis-ci.com/flink-ci/flink/builds/143899788 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:PENDING URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 Travis: [PENDING](https://travis-ci.com/flink-ci/flink/builds/143899788) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://travis-ci.com/flink-ci/flink/builds/143899788 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:UNKNOWN URL:TBD TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 Travis: [SUCCESS](https://travis-ci.com/flink-ci/flink/builds/143899788) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260)
* 600e84d3d506226d2361f5037f84210b97164e72 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot commented on issue #10830: [FLINK-15554][azure]
Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot commented on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573048030
Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community
to review your pull request. We will use this comment to track the progress of the review.
## Automated Checks
Last check on commit 8aba8ccd54ff402b95b302453317d534febb5df9 (Fri Jan 10 14:04:54 UTC 2020)
**Warnings:**
* **1 pom.xml files were touched**: Check for build and licensing issues.
* No documentation files were touched! Remember to keep the Flink docs up to date!
<sub>Mention the bot in a comment to re-run the automated checks.</sub>
## Review Progress
* ❓ 1. The [description] looks good.
* ❓ 2. There is [consensus] that the contribution should go into to Flink.
* ❓ 3. Needs [attention] from.
* ❓ 4. The change fits into the overall [architecture].
* ❓ 5. Overall code [quality] is good.
Please see the [Pull Request Review Guide](https://flink.apache.org/contributing/reviewing-prs.html) for a full explanation of the review process.<details>
The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required <summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot approve description` to approve one or more aspects (aspects: `description`, `consensus`, `architecture` and `quality`)
- `@flinkbot approve all` to approve all aspects
- `@flinkbot approve-until architecture` to approve everything until `architecture`
- `@flinkbot attention @username1 [@username2 ..]` to require somebody's attention
- `@flinkbot disapprove architecture` to remove an approval you gave earlier
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://travis-ci.com/flink-ci/flink/builds/143899788 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 Travis: [SUCCESS](https://travis-ci.com/flink-ci/flink/builds/143899788) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://travis-ci.com/flink-ci/flink/builds/143899788 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:FAILURE URL:https://travis-ci.com/flink-ci/flink/builds/144073760 TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:PENDING URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4273 TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 Travis: [SUCCESS](https://travis-ci.com/flink-ci/flink/builds/143899788) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260)
* 600e84d3d506226d2361f5037f84210b97164e72 Travis: [FAILURE](https://travis-ci.com/flink-ci/flink/builds/144073760) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4273)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-574294921
Sounds good to me. Thanks for looking into the changes so deeply.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://travis-ci.com/flink-ci/flink/builds/143899788 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:FAILURE URL:https://travis-ci.com/flink-ci/flink/builds/144073760 TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:SUCCESS URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4273 TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 Travis: [SUCCESS](https://travis-ci.com/flink-ci/flink/builds/143899788) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260)
* 600e84d3d506226d2361f5037f84210b97164e72 Travis: [FAILURE](https://travis-ci.com/flink-ci/flink/builds/144073760) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4273)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol merged pull request #10830: [FLINK-15554][azure]
Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
zentol merged pull request #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#discussion_r365294294
##########
File path: flink-filesystems/flink-azure-fs-hadoop/pom.xml
##########
@@ -36,6 +36,7 @@ under the License.
<properties>
<fs.azure.sdk.version>1.16.0</fs.azure.sdk.version>
<fs.jackson.core.version>2.9.4</fs.jackson.core.version>
+ <jetty.version>9.3.24.v20180605</jetty.version>
Review comment:
The `NOTICE` file needs to be updated as well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot commented on issue #10830: [FLINK-15554][azure]
Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot commented on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:UNKNOWN URL:TBD TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #10830:
[FLINK-15554][azure] Bump jetty-util to 3.1.2
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #10830: [FLINK-15554][azure] Bump jetty-util to 3.1.2
URL: https://github.com/apache/flink/pull/10830#issuecomment-573052596
<!--
Meta data
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://travis-ci.com/flink-ci/flink/builds/143899788 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:8aba8ccd54ff402b95b302453317d534febb5df9 Status:SUCCESS URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260 TriggerType:PUSH TriggerID:8aba8ccd54ff402b95b302453317d534febb5df9
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:PENDING URL:https://travis-ci.com/flink-ci/flink/builds/144073760 TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
Hash:600e84d3d506226d2361f5037f84210b97164e72 Status:PENDING URL:https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4273 TriggerType:PUSH TriggerID:600e84d3d506226d2361f5037f84210b97164e72
-->
## CI report:
* 8aba8ccd54ff402b95b302453317d534febb5df9 Travis: [SUCCESS](https://travis-ci.com/flink-ci/flink/builds/143899788) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4260)
* 600e84d3d506226d2361f5037f84210b97164e72 Travis: [PENDING](https://travis-ci.com/flink-ci/flink/builds/144073760) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=4273)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services