You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pinot.apache.org by "abhioncbr (via GitHub)" <gi...@apache.org> on 2023/07/12 02:25:32 UTC

[GitHub] [pinot] abhioncbr opened a new issue, #11085: Upgrade commons-configuration to commons-configuration2

abhioncbr opened a new issue, #11085:
URL: https://github.com/apache/pinot/issues/11085

   We use `commons-configuration 1.10` in the Pinot project to save and manage all different properties. `Commons-configuration` latest(1.10) release was in 2023, and the project made many breaking changes. It is now known as `commons-configuration2`
   
   As per the documentation, there are some significant enhancements like 
   - [Improved Thread-Safety](https://commons.apache.org/proper/commons-configuration/userguide/howto_concurrency.html): The library has improved its design to support multithreaded environments better, making it more reliable in applications that use multiple threads.
   - Another area in which significant changes took place is the support for [event notifications](https://commons.apache.org/proper/commons-configuration/userguide/howto_events.html). Commons Configuration 1.x had two types of event listeners for configuration update events and error events. Version 2.0 adds some more event sources - events generated by configuration builders and reloading events
   - Supports more features than the original, including improved XML configurations, JSON configuration, and combined configuration.
   
   Also, `commons-configuration` has the following vulnerabilities(As per [maven-repository](https://mvnrepository.com/artifact/commons-configuration/commons-configuration/1.10)). 
   Vulnerabilities | Vulnerabilities from dependencies:CVE-2022-41852CVE-2022-40161CVE-2022-40160CVE-2022-40159CVE-2022-40158CVE-2022-40157CVE-2022-23437CVE-2022-23307CVE-2022-23305CVE-2022-23302CVE-2021-4104CVE-2020-15250CVE-2020-14338CVE-2019-17571CVE-2019-10086CVE-2018-8088CVE-2015-7501CVE-2015-6420CVE-2014-0114CVE-2013-4002CVE-2012-0881CVE-2009-2625
   -- | --
   
   However, the upgrade isn't straightforward and requires significant codebase changes. I plan to work on this if the proposal for upgrading the version looks good. 
   
   cc: @Jackie-Jiang @mayankshriv 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

Re: [I] Upgrade commons-configuration to commons-configuration2 [pinot]

Posted by "Jackie-Jiang (via GitHub)" <gi...@apache.org>.

Jackie-Jiang closed issue #11085: Upgrade commons-configuration to commons-configuration2
URL: https://github.com/apache/pinot/issues/11085


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

Re: [I] Upgrade commons-configuration to commons-configuration2 [pinot]

Posted by "abhioncbr (via GitHub)" <gi...@apache.org>.

abhioncbr commented on issue #11085:
URL: https://github.com/apache/pinot/issues/11085#issuecomment-1753754861

   Here is the updated [doc](https://docs.google.com/document/d/1otWfqRp8zdKmg9kKijYKJLZAigYeasxi7fXMP3v2hPQ/edit) related to the code changes. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

Re: [I] Upgrade commons-configuration to commons-configuration2 [pinot]

Posted by "abhioncbr (via GitHub)" <gi...@apache.org>.

abhioncbr commented on issue #11085:
URL: https://github.com/apache/pinot/issues/11085#issuecomment-1758579927

   I am creating the tasks to track the progress based on the above doc
   
   - [ ] Add `commons-configurations2` dependency in parent pom file
   - [ ] Upgrade PinotConfiguration to use `commons-configurations2`
   - [ ] Upgrade Metadata files to use `commons-configurations2`
   - [ ] Remove/clean the `commons-configurations1` code
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org