You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by GitBox <gi...@apache.org> on 2021/12/17 09:57:16 UTC

[GitHub] [brooklyn-server] ahgittin opened a new pull request #1285: Bump karaf to 434 staging

ahgittin opened a new pull request #1285:
URL: https://github.com/apache/brooklyn-server/pull/1285


   This bumps Karaf to a pre-release Karaf 4.3.4 which uses log4j 2.16.0 which avoids the CVE-2021-44228 vulnerability.
   
   This uses the staging repo for that version of karaf.  When released we should remove the two references to the repo `orgapachekaraf-1165` as they will no longer be necessary and will eventually become unavailable.
   
   The new version of Karaf appears to work fine, but two things should be checked:
   
   * Newer version of bouncycastle used by this Karaf -- does SSH via jclouds still work?  Previously upgrading this version has been problematic.
   * Older version of Jackson used -- less than what Karaf wants -- seems not to cause problems though there is a new `ERROR  BundleWiring is null for: javax.mail [3]` in the log; more testing is needed, or update Brooklyn code to work with the newer version of Jackson (the issue is that the jackson method overridden by our `AsPropertyIfAmbiguous._deserializeTypedForId` is no longer available, and deseriailzation requires this in some cases; there is a unit test which fails if this is not invoked)
   
   We will merge this as the log4j bug is severe and @jcabrerizo has reviewed (actually he did most the work and I reviewed!) -- and we will do testing on the release.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@brooklyn.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [brooklyn-server] asfgit closed pull request #1285: Bump karaf to 434 staging

Posted by GitBox <gi...@apache.org>.

asfgit closed pull request #1285:
URL: https://github.com/apache/brooklyn-server/pull/1285


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@brooklyn.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org