You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2020/12/24 14:35:29 UTC
[GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020
crazywen opened a new pull request #2517:
URL: https://github.com/apache/rocketmq/pull/2517
netty-tcnative-boringssl-static really need? or upgrade it to the latest to fix CVE-2019-16869, CVE-2018-8020 ...
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>1.1.33.Fork26</version>
</dependency>
**Make sure set the target branch to `develop`**
## What is the purpose of the change
XXXXX
## Brief changelog
XX
## Verifying this change
XXXX
Follow this checklist to help us incorporate your contribution quickly and easily. Notice, `it would be helpful if you could finish the following 5 checklist(the last one is not necessary)before request the community to review your PR`.
- [x] Make sure there is a [Github issue](https://github.com/apache/rocketmq/issues) filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
- [x] Format the pull request title like `[ISSUE #123] Fix UnknownException when host config not exist`. Each commit in the pull request should have a meaningful subject line and body.
- [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
- [x] Write necessary unit-test(over 80% coverage) to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in [test module](https://github.com/apache/rocketmq/tree/master/test).
- [x] Run `mvn -B clean apache-rat:check findbugs:findbugs checkstyle:checkstyle` to make sure basic checks pass. Run `mvn clean install -DskipITs` to make sure unit-test pass. Run `mvn clean test-compile failsafe:integration-test` to make sure integration-test pass.
- [ ] If this contribution is large, please file an [Apache Individual Contributor License Agreement](http://www.apache.org/licenses/#clas).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] RongtongJin merged pull request #2517: Remove useless netty-tcnative-boringssl-static dependencies
Posted by GitBox <gi...@apache.org>.
RongtongJin merged pull request #2517:
URL: https://github.com/apache/rocketmq/pull/2517
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] codecov-io commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020
Posted by GitBox <gi...@apache.org>.
codecov-io commented on pull request #2517:
URL: https://github.com/apache/rocketmq/pull/2517#issuecomment-750905409
# [Codecov](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=h1) Report
> Merging [#2517](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=desc) (7988333) into [develop](https://codecov.io/gh/apache/rocketmq/commit/39bb9386f10d5d8dfe81183c172a3a86f6d313bd?el=desc) (39bb938) will **decrease** coverage by `0.13%`.
> The diff coverage is `n/a`.
[](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## develop #2517 +/- ##
=============================================
- Coverage 46.08% 45.94% -0.14%
+ Complexity 4330 4316 -14
=============================================
Files 547 547
Lines 36236 36236
Branches 4808 4808
=============================================
- Hits 16699 16649 -50
- Misses 17459 17498 +39
- Partials 2078 2089 +11
```
| [Impacted Files](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=tree) | Coverage Δ | Complexity Δ | |
|---|---|---|---|
| [...rocketmq/broker/filtersrv/FilterServerManager.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-YnJva2VyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9icm9rZXIvZmlsdGVyc3J2L0ZpbHRlclNlcnZlck1hbmFnZXIuamF2YQ==) | `20.00% <0.00%> (-14.29%)` | `5.00% <0.00%> (-2.00%)` | |
| [...org/apache/rocketmq/common/stats/StatsItemSet.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-Y29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9jb21tb24vc3RhdHMvU3RhdHNJdGVtU2V0LmphdmE=) | `41.79% <0.00%> (-10.45%)` | `16.00% <0.00%> (-4.00%)` | |
| [...tmq/logappender/log4j2/RocketmqLog4j2Appender.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-bG9nYXBwZW5kZXIvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL2xvZ2FwcGVuZGVyL2xvZzRqMi9Sb2NrZXRtcUxvZzRqMkFwcGVuZGVyLmphdmE=) | `35.00% <0.00%> (-10.00%)` | `3.00% <0.00%> (-1.00%)` | |
| [...org/apache/rocketmq/store/ha/WaitNotifyObject.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-c3RvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3N0b3JlL2hhL1dhaXROb3RpZnlPYmplY3QuamF2YQ==) | `75.00% <0.00%> (-9.62%)` | `10.00% <0.00%> (-2.00%)` | |
| [...ain/java/org/apache/rocketmq/test/util/MQWait.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-dGVzdC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcm9ja2V0bXEvdGVzdC91dGlsL01RV2FpdC5qYXZh) | `43.24% <0.00%> (-5.41%)` | `3.00% <0.00%> (ø%)` | |
| [...mq/client/impl/consumer/RebalanceLitePullImpl.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-Y2xpZW50L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9jbGllbnQvaW1wbC9jb25zdW1lci9SZWJhbGFuY2VMaXRlUHVsbEltcGwuamF2YQ==) | `49.15% <0.00%> (-5.09%)` | `10.00% <0.00%> (-1.00%)` | |
| [...ketmq/client/impl/consumer/PullMessageService.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-Y2xpZW50L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9jbGllbnQvaW1wbC9jb25zdW1lci9QdWxsTWVzc2FnZVNlcnZpY2UuamF2YQ==) | `71.11% <0.00%> (-4.45%)` | `8.00% <0.00%> (-1.00%)` | |
| [...ache/rocketmq/common/stats/MomentStatsItemSet.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-Y29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9jb21tb24vc3RhdHMvTW9tZW50U3RhdHNJdGVtU2V0LmphdmE=) | `39.13% <0.00%> (-4.35%)` | `5.00% <0.00%> (-1.00%)` | |
| [...rg/apache/rocketmq/remoting/netty/NettyLogger.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-cmVtb3Rpbmcvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3JlbW90aW5nL25ldHR5L05ldHR5TG9nZ2VyLmphdmE=) | `17.46% <0.00%> (-3.18%)` | `2.00% <0.00%> (ø%)` | |
| [...client/consumer/store/RemoteBrokerOffsetStore.java](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree#diff-Y2xpZW50L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9jbGllbnQvY29uc3VtZXIvc3RvcmUvUmVtb3RlQnJva2VyT2Zmc2V0U3RvcmUuamF2YQ==) | `67.56% <0.00%> (-1.81%)` | `20.00% <0.00%> (-2.00%)` | |
| ... and [13 more](https://codecov.io/gh/apache/rocketmq/pull/2517/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=footer). Last update [39bb938...7988333](https://codecov.io/gh/apache/rocketmq/pull/2517?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] coveralls commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020
Posted by GitBox <gi...@apache.org>.
coveralls commented on pull request #2517:
URL: https://github.com/apache/rocketmq/pull/2517#issuecomment-750905371
[](https://coveralls.io/builds/35936587)
Coverage increased (+0.03%) to 51.78% when pulling **7988333269ecdfcef9b83b2f41425d30b54020ed on crazywen:patch-2** into **87dd390ee15873c68353c13fb404d8d32e612fd0 on apache:develop**.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org