You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flume.apache.org by GitBox <gi...@apache.org> on 2022/03/19 12:05:49 UTC

[GitHub] [flume] pjfanning opened a new pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

pjfanning opened a new pull request #352:
URL: https://github.com/apache/flume/pull/352


   https://issues.apache.org/jira/browse/FLUME-3408


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flume] pjfanning edited a comment on pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

Posted by GitBox <gi...@apache.org>.

pjfanning edited a comment on pull request #352:
URL: https://github.com/apache/flume/pull/352#issuecomment-1075729601


   @busbey it looks like the version of Tika used by Flume uses an ancient version of Rome and that uses the ancient version of jdom - https://mvnrepository.com/artifact/com.rometools/rome/1.18.0 is a more up to date version of Rome.
   
   Ultimately - Flume NG Morphline Solr Sink will probably need to use a newer version of Solr (so that Tika etc get upgraded)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flume] busbey commented on pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

Posted by GitBox <gi...@apache.org>.

busbey commented on pull request #352:
URL: https://github.com/apache/flume/pull/352#issuecomment-1075606946


   please run the github actions tests again. You can do this by pushing an empty commit or if you have write access to the repository using the github ui


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flume] rgoers commented on pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

Posted by GitBox <gi...@apache.org>.

rgoers commented on pull request #352:
URL: https://github.com/apache/flume/pull/352#issuecomment-1079997618


   Flume NG Morphline Solr Sink uses KiteSDK, which is what brings in Tika. Unfortunately, Kite has been abandoned. Extracting the bits needed to upgrade jdom is more than we can do for 1.10.0.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flume] pjfanning commented on pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #352:
URL: https://github.com/apache/flume/pull/352#issuecomment-1075729601


   @busbey it looks like the version of Tika used by Flume uses an ancient version of Rome and that uses the ancient version of jdom - https://mvnrepository.com/artifact/com.rometools/rome/1.18.0 is a more up to date version of Rome.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flume] pjfanning commented on pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #352:
URL: https://github.com/apache/flume/pull/352#issuecomment-1080003724


   @rgoers I'll close this and raise a new issue for later


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flume] pjfanning closed pull request #352: FLUME-3408: use jdom2 to avoid xxe issue

Posted by GitBox <gi...@apache.org>.

pjfanning closed pull request #352:
URL: https://github.com/apache/flume/pull/352


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@flume.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org