You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2022/03/16 14:59:51 UTC
[GitHub] [zeppelin] pjfanning opened a new pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
pjfanning opened a new pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317
### What is this PR for?
https://issues.apache.org/jira/browse/ZEPPELIN-5685
Security concern over existing jar
### What type of PR is it?
Bug Fix
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-5685
### How should this be tested?
* Strongly recommended: add automated unit tests for any new or changed behavior
* Outline any manual steps to test the PR here.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update?
* Is there breaking changes for older versions?
* Does this needs documentation?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] Reamer commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
Reamer commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1073624517
The PR needs a rebase to current master.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] zjffdu commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
zjffdu commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1070774454
LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] zjffdu commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
zjffdu commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081654998
@pjfanning shiro depends on bouncycastle?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081008218
not sure - it may that there is an issue with the shiro upgrade affecting the spark 3.7 test (but not spark 3.8 test)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081055303
@jongyoul @zjffdu I ran this change with bouncycastle also updated to 1.68 (again) on my fork and the spark 3.7 tests pass there - https://github.com/pjfanning/zeppelin/runs/5725316041?check_suite_focus=true
Would it make sense to try to upgrade shiro and bouncycastle in the same PR?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081652246
@zjffdu you already reverted the bouncycastle upgrade in https://github.com/apache/zeppelin/commit/49b2e59625f54e29d787e94c8483980a90952014 but it appears that for when upgrading shiro it is better to have the bouncycastle upgrade put back
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] zjffdu commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
zjffdu commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081644568
Thanks @pjfanning , I think it is better to separate them in different PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1070836425
@Reamer thanks - I updated those 2 entries just now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] zjffdu commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
zjffdu commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1082639622
LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] jongyoul merged pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
jongyoul merged pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning edited a comment on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning edited a comment on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081652246
@zjffdu you already reverted the bouncycastle upgrade in https://github.com/apache/zeppelin/commit/49b2e59625f54e29d787e94c8483980a90952014 but it appears that for when upgrading shiro it is better to have the bouncycastle upgrade put back - let's see what happens with https://github.com/apache/zeppelin/runs/5734697725?check_suite_focus=true
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] zjffdu closed pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
zjffdu closed pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1073797539
@Reamer I did the rebase
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] jongyoul commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
jongyoul commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1080770838
The failed CI is unrelated?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] zjffdu commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
zjffdu commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1080292871
@pjfanning Could you do rebase do solve the conflict?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1081733597
@zjffdu looks like the rerun passed - so it does look like bouncycastle has no effect
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zeppelin] pjfanning commented on pull request #4317: [ZEPPELIN-5685] upgrade shiro due to cve
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #4317:
URL: https://github.com/apache/zeppelin/pull/4317#issuecomment-1070836425
@Reamer thanks - I updated those 2 entries just now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org