You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/01/27 02:05:05 UTC
[GitHub] [druid] clintropolis opened a new pull request #9259: fix build by
updating kafka client to 2.2.2 for CVE-2019-12399
clintropolis opened a new pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259
Travis seems to be failing due to https://nvd.nist.gov/vuln/detail/CVE-2019-12399, though a quick glance doesn't look like something that would affect us, other than the build failure.
To resolve, updates kafka-client to 2.2.2 which is not listed in the CVE, which required a minor change in `druid-kafka-extraction-namespace` tests.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] clintropolis commented on a change in pull request #9259:
fix build by updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#discussion_r371060958
##########
File path: pom.xml
##########
@@ -78,7 +78,7 @@
<aether.version>0.9.0.M2</aether.version>
<apache.curator.version>4.1.0</apache.curator.version>
<apache.curator.test.version>2.12.0</apache.curator.test.version>
- <apache.kafka.version>2.1.1</apache.kafka.version>
+ <apache.kafka.version>2.2.2</apache.kafka.version>
Review comment:
Ah, missed that it still had it's own version defined, removed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] clintropolis commented on a change in pull request #9259:
fix build by updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#discussion_r371075985
##########
File path: licenses.yaml
##########
@@ -3093,9 +3093,9 @@ libraries:
---
name: Apache Kafka
-version: 2.2.1
+version: 2.2.2
license_category: binary
-module: extensions/druid-kafka-indexing-service
+module: extensions/druid-kafkakafka-indexing-service
Review comment:
hah oops, my search panel must not have opened when searching for other kafkas in this file... actually we need to update the notice section of this file too since this version was released 2019
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] suneet-s commented on a change in pull request #9259: fix
build by updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#discussion_r371055894
##########
File path: pom.xml
##########
@@ -78,7 +78,7 @@
<aether.version>0.9.0.M2</aether.version>
<apache.curator.version>4.1.0</apache.curator.version>
<apache.curator.test.version>2.12.0</apache.curator.test.version>
- <apache.kafka.version>2.1.1</apache.kafka.version>
+ <apache.kafka.version>2.2.2</apache.kafka.version>
Review comment:
Can you also update extensions-core/kafka-indexing-service to use this version as well please
I had a PR to consolidate the kafka version, but never got around to fully testing it - https://github.com/apache/druid/pull/9117/files
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] clintropolis commented on a change in pull request #9259:
fix build by updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#discussion_r371060958
##########
File path: pom.xml
##########
@@ -78,7 +78,7 @@
<aether.version>0.9.0.M2</aether.version>
<apache.curator.version>4.1.0</apache.curator.version>
<apache.curator.test.version>2.12.0</apache.curator.test.version>
- <apache.kafka.version>2.1.1</apache.kafka.version>
+ <apache.kafka.version>2.2.2</apache.kafka.version>
Review comment:
Ah, missed that it still had a special version property defined distinct from the parent pom, removed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] suneet-s commented on a change in pull request #9259: fix
build by updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#discussion_r371070702
##########
File path: licenses.yaml
##########
@@ -3093,9 +3093,9 @@ libraries:
---
name: Apache Kafka
-version: 2.2.1
+version: 2.2.2
license_category: binary
-module: extensions/druid-kafka-indexing-service
+module: extensions/druid-kafkakafka-indexing-service
Review comment:
typo in the module name?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] ccaominh commented on issue #9259: fix build by updating
kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
ccaominh commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#issuecomment-578603403
Didn't see this and made a similar PR (https://github.com/apache/druid/pull/9261) that has a slightly different change to TestKafkaExtractionCluster.java and doesn't have a typo in licenses.yaml
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] clintropolis commented on issue #9259: fix build by
updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#issuecomment-578587036
I wonder if there is a better way we can handle this than randomly failing unrelated PRs whenever a CVE pops up, because that is sort of lame behavior ...
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] clintropolis commented on issue #9259: fix build by
updating kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#issuecomment-578608393
>Didn't see this and made a similar PR (#9261) that has a slightly different change to TestKafkaExtractionCluster.java and doesn't have a typo in licenses.yaml
Any idea which is the correct way to fix `TestKafkaExtractionCluster`? I suppose it doesn't matter so much since it's just for tests
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] ccaominh commented on issue #9259: fix build by updating
kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
ccaominh commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259#issuecomment-578876989
I think the changes to`TestKafkaExtractionCluster` are equivalent, but we can address that later if needed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] jihoonson merged pull request #9259: fix build by updating
kafka client to 2.2.2 for CVE-2019-12399
Posted by GitBox <gi...@apache.org>.
jihoonson merged pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399
URL: https://github.com/apache/druid/pull/9259
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org