You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@eventmesh.apache.org by GitBox <gi...@apache.org> on 2022/05/09 09:27:46 UTC
[GitHub] [incubator-eventmesh] misselvexu opened a new pull request, #852: Upgrade rocketmq libs version to fix CVEs
misselvexu opened a new pull request, #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852
### Contribution Checklist
Fixes ISSUE #755 .
### Motivation
- Upgrade `rocketmq libs` because current version brings in jars with CVEs.
### Modifications
1. Edit `eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties` file .
2. Edit `eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties` file .
```
// Upgrade rocketmq version from 4.7.1 to 4.9.3
rocketmq_version=4.9.3
```
3. Removed unused dependencies.
- `logback-core:1.0.13`
- `netty-tcnative-boringssl-static:1.1.33.Fork26`
4. Add `bc-java` dependencies .
- `bcpkix-jdk15on:1.69`
- `bcprov-jdk15on:1.69`
- `bcutil-jdk15on:1.69`
### Documentation
none.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org
[GitHub] [incubator-eventmesh] xwm1992 commented on pull request #852: Upgrade rocketmq libs version to fix CVEs
Posted by GitBox <gi...@apache.org>.
xwm1992 commented on PR #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852#issuecomment-1133879535
`bc-java` what is this dependency used for ? Are these jars used in rocketmq for security ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org
[GitHub] [incubator-eventmesh] qqeasonchen merged pull request #852: Upgrade rocketmq libs version to fix CVEs
Posted by GitBox <gi...@apache.org>.
qqeasonchen merged PR #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org
[GitHub] [incubator-eventmesh] misselvexu commented on pull request #852: Upgrade rocketmq libs version to fix CVEs
Posted by GitBox <gi...@apache.org>.
misselvexu commented on PR #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852#issuecomment-1134253244
> `bc-java` what is this dependency used for ? Are these jars used in rocketmq for security ?
Yes .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org
[GitHub] [incubator-eventmesh] xwm1992 commented on pull request #852: Upgrade rocketmq libs version to fix CVEs
Posted by GitBox <gi...@apache.org>.
xwm1992 commented on PR #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852#issuecomment-1135336440
Are there any compatibility issues with EventMesh for upgrading RocketMQ version to 4.9.3 ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org
[GitHub] [incubator-eventmesh] misselvexu commented on pull request #852: Upgrade rocketmq libs version to fix CVEs
Posted by GitBox <gi...@apache.org>.
misselvexu commented on PR #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852#issuecomment-1137272081
> Are there any compatibility issues with EventMesh for upgrading RocketMQ version to 4.9.3 ?
Already tested.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org
[GitHub] [incubator-eventmesh] codecov[bot] commented on pull request #852: Upgrade rocketmq libs version to fix CVEs
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on PR #852:
URL: https://github.com/apache/incubator-eventmesh/pull/852#issuecomment-1120882671
# [Codecov](https://codecov.io/gh/apache/incubator-eventmesh/pull/852?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#852](https://codecov.io/gh/apache/incubator-eventmesh/pull/852?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (543c749) into [master](https://codecov.io/gh/apache/incubator-eventmesh/commit/aded3b20f341e6cc6e5001f537fa2cb22d812325?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (aded3b2) will **decrease** coverage by `0.06%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #852 +/- ##
===========================================
- Coverage 6.89% 6.82% -0.07%
+ Complexity 437 432 -5
===========================================
Files 345 345
Lines 21621 21608 -13
Branches 2404 2402 -2
===========================================
- Hits 1490 1474 -16
- Misses 20017 20020 +3
Partials 114 114
```
| [Impacted Files](https://codecov.io/gh/apache/incubator-eventmesh/pull/852?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...tandalone/broker/task/HistoryMessageClearTask.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLWNvbm5lY3Rvci1wbHVnaW4vZXZlbnRtZXNoLWNvbm5lY3Rvci1zdGFuZGFsb25lL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9ldmVudG1lc2gvY29ubmVjdG9yL3N0YW5kYWxvbmUvYnJva2VyL3Rhc2svSGlzdG9yeU1lc3NhZ2VDbGVhclRhc2suamF2YQ==) | `29.41% <0.00%> (-17.65%)` | :arrow_down: |
| [...mesh/connector/standalone/broker/MessageQueue.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLWNvbm5lY3Rvci1wbHVnaW4vZXZlbnRtZXNoLWNvbm5lY3Rvci1zdGFuZGFsb25lL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9ldmVudG1lc2gvY29ubmVjdG9yL3N0YW5kYWxvbmUvYnJva2VyL01lc3NhZ2VRdWV1ZS5qYXZh) | `32.46% <0.00%> (-7.80%)` | :arrow_down: |
| [...ava/org/apache/eventmesh/common/utils/IPUtils.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLWNvbW1vbi9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZXZlbnRtZXNoL2NvbW1vbi91dGlscy9JUFV0aWxzLmphdmE=) | `33.33% <0.00%> (-6.49%)` | :arrow_down: |
| [...che/eventmesh/runtime/boot/AbstractHTTPServer.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLXJ1bnRpbWUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2V2ZW50bWVzaC9ydW50aW1lL2Jvb3QvQWJzdHJhY3RIVFRQU2VydmVyLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...che/eventmesh/runtime/boot/EventMeshTCPServer.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLXJ1bnRpbWUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2V2ZW50bWVzaC9ydW50aW1lL2Jvb3QvRXZlbnRNZXNoVENQU2VydmVyLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...sh/client/http/producer/EventMeshHttpProducer.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLXNkay1qYXZhL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9ldmVudG1lc2gvY2xpZW50L2h0dHAvcHJvZHVjZXIvRXZlbnRNZXNoSHR0cFByb2R1Y2VyLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...core/protocol/http/consumer/EventMeshConsumer.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLXJ1bnRpbWUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2V2ZW50bWVzaC9ydW50aW1lL2NvcmUvcHJvdG9jb2wvaHR0cC9jb25zdW1lci9FdmVudE1lc2hDb25zdW1lci5qYXZh) | `0.00% <0.00%> (ø)` | |
| [.../protocol/tcp/client/group/ClientGroupWrapper.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLXJ1bnRpbWUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2V2ZW50bWVzaC9ydW50aW1lL2NvcmUvcHJvdG9jb2wvdGNwL2NsaWVudC9ncm91cC9DbGllbnRHcm91cFdyYXBwZXIuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [...ol/tcp/client/session/send/UpStreamMsgContext.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLXJ1bnRpbWUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2V2ZW50bWVzaC9ydW50aW1lL2NvcmUvcHJvdG9jb2wvdGNwL2NsaWVudC9zZXNzaW9uL3NlbmQvVXBTdHJlYW1Nc2dDb250ZXh0LmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...pl/consumer/ConsumeMessageConcurrentlyService.java](https://codecov.io/gh/apache/incubator-eventmesh/pull/852/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZXZlbnRtZXNoLWNvbm5lY3Rvci1wbHVnaW4vZXZlbnRtZXNoLWNvbm5lY3Rvci1yb2NrZXRtcS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcm9ja2V0bXEvY2xpZW50L2ltcGwvY29uc3VtZXIvQ29uc3VtZU1lc3NhZ2VDb25jdXJyZW50bHlTZXJ2aWNlLmphdmE=) | `0.00% <0.00%> (ø)` | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-eventmesh/pull/852?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-eventmesh/pull/852?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [aded3b2...543c749](https://codecov.io/gh/apache/incubator-eventmesh/pull/852?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org