Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Ivan Rakov <iv...@gmail.com>]

Maxim M. and anyone who is interested,

I suggest to include this fix to 2.8 release:
https://issues.apache.org/jira/browse/IGNITE-12225
Basically, it's a result of the following discussion:
http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html

The fix affects public API: IgniteCluster#readOnly methods that work with
boolean are replaced with ones that work with enum.
If we include it, we won't be obliged to keep deprecated boolean version of
API in the code (which is currently present in 2.8 branch) as it wasn't
published in any release.

On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <il...@gmail.com>
wrote:

> Hello!
>
> I have ran dependency checker plugin and quote the following:
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-urideploy:
> One or more dependencies were identified with known vulnerabilities in
> ignite-spring:
> One or more dependencies were identified with known vulnerabilities in
> ignite-spring-data:
> One or more dependencies were identified with known vulnerabilities in
> ignite-aop:
> One or more dependencies were identified with known vulnerabilities in
> ignite-visor-console:
>
> spring-core-4.3.18.RELEASE.jar
> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) :
> CVE-2018-15756
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-spring-data_2.0:
>
> spring-core-5.0.8.RELEASE.jar
> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> CVE-2018-15756
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-rest-http:
>
> jetty-server-9.4.11.v20180605.jar
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> jackson-databind-2.9.6.jar
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-kubernetes:
> One or more dependencies were identified with known vulnerabilities in
> ignite-aws:
>
> jackson-databind-2.9.6.jar
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> bcprov-ext-jdk15on-1.54.jar
> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) : CVE-2015-6644,
> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341,
> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345,
> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098,
> CVE-2018-1000180, CVE-2018-1000613
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-gce:
>
> httpclient-4.0.1.jar (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> ,
> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> CVE-2014-3577, CVE-2015-5262
> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-cloud:
>
> openstack-keystone-2.0.0.jar
> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2014,
> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476, CVE-2014-3520,
> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432, CVE-2018-20170
> cloudstack-2.0.0.jar (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0,
> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> CVE-2019-5736
> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3,
> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> CVE-2019-16884, CVE-2019-5736
> jsch.agentproxy.core-0.0.8.jar
> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> bcprov-ext-jdk15on-1.49.jar
> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) : CVE-2015-6644,
> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000341,
> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345,
> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000613
> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-mesos:
>
> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> jetty-server-9.4.11.v20180605.jar
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> jackson-databind-2.9.6.jar
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-kafka:
>
> kafka-clients-2.0.1.jar (pkg:maven/org.apache.kafka/kafka-clients@2.0.1,
> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> connect-api-2.0.1.jar (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-flume:
>
> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> jackson-core-asl-1.8.8.jar
> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) : CVE-2017-15095,
> CVE-2017-17485, CVE-2017-7525
> jackson-mapper-asl-1.8.8.jar
> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> CVE-2019-16335, CVE-2019-17267
> commons-collections-3.2.1.jar
> (pkg:maven/commons-collections/commons-collections@3.2.1,
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : CVE-2015-6420,
> CVE-2017-15708, Remote code execution
> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156, CVE-2019-16869,
> POODLE vulnerability in SSLv3.0 support
> servlet-api-2.5-20110124.jar
> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) : CVE-2005-3747,
> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048, CVE-2009-5049,
> CVE-2011-4461
> jetty-util-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26,
> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> CVE-2011-4461
> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> CVE-2019-10241, CVE-2019-10247
> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0) :
> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> httpclient-4.1.3.jar (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> ,
> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> CVE-2015-5262
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-twitter:
>
> httpclient-4.2.5.jar (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> ,
> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> CVE-2015-5262
> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-zookeeper:
>
> jackson-databind-2.9.8.jar
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) : CVE-2019-12086,
> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> CVE-2019-17267, CVE-2019-17531
> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> jackson-mapper-asl-1.9.13.jar
> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> netty-all-4.1.29.Final.jar (pkg:maven/io.netty/netty-all@4.1.29.Final,
> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-camel:
>
> camel-core-2.22.0.jar (pkg:maven/org.apache.camel/camel-core@2.22.0,
> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> CVE-2019-0188, CVE-2019-0194
>
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> CVE-2019-0188, CVE-2019-0194
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-storm:
>
> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1,
> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2019-10247
>
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> CVE-2015-5262
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> (pkg:maven/com.google.guava/guava@16.0.1,
> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> (pkg:maven/io.netty/netty@3.9.0.Final,
> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193, CVE-2014-3488,
> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0 support
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2011-4461,
> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735, CVE-2019-10241,
> CVE-2019-10247
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2011-4461,
> CVE-2019-10247
>
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) : CVE-2016-1000031
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811, CVE-2017-15713,
> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768, CVE-2018-1296,
> CVE-2018-8009, CVE-2018-8029
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-cassandra-store:
> One or more dependencies were identified with known vulnerabilities in
> ignite-cassandra-serializers:
>
> commons-beanutils-1.9.2.jar
> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) : CVE-2019-10086
> commons-collections-3.2.1.jar
> (pkg:maven/commons-collections/commons-collections@3.2.1,
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : CVE-2015-6420,
> CVE-2017-15708, Remote code execution
> spring-core-4.3.18.RELEASE.jar
> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) :
> CVE-2018-15756
> netty-transport-4.1.27.Final.jar
> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-flink:
>
> flink-hadoop-fs-1.5.0.jar (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> ,
> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> CVE-2017-3161, CVE-2017-3162
>
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156, CVE-2016-4970,
> CVE-2019-16869
>
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) : CVE-2017-15095,
> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> CVE-2019-17267, CVE-2019-17531
>
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> (pkg:maven/com.google.guava/guava@18.0,
> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
>
> One or more dependencies were identified with known vulnerabilities in
> ignite-rocketmq:
>
> netty-all-4.0.42.Final.jar (pkg:maven/io.netty/netty-all@4.0.42.Final,
> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26,
> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838, CVE-2006-7196,
> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696, CVE-2012-5568,
> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444, CVE-2013-4590,
> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119,
> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
>
> Main offenders seem to be "jackson-databind" and old maintenance releases
> of Spring. I think we can bump most of that.
>
> Some integrations also clearly suffer, through it's a problem of their
> users, since they need to declare their own libraries' versions by
> convention.
>
> Regards,
> --
> Ilya Kasnacheev
>
>
> пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
>
> > Ilya, no I see, thanks for the explanation. Agree with you, let's update
> > the versions of the dependencies to the latest.
> >
> > -
> > Denis
> >
> >
> > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > ilya.kasnacheev@gmail.com>
> > wrote:
> >
> > > Hello!
> > >
> > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > >
> > > By bumping versisons I mean the following:
> > >         <slf4j.version>1.7.*7*</slf4j.version>
> > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > >         <snappy.version>1.1.7.*2*</snappy.version>
> > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > >         <spark.version>2.3.*0*</spark.version>
> > >         <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> <!--
> > > don't forget to update spring version -->
> > >         <spring.version>4.3.*18*.RELEASE</spring.version><!-- don't
> > forget
> > > to update spring-data version -->
> > >
> >  <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > <!-- don't forget to update spring-5.0 version -->
> > >         <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > don't
> > > forget to update spring-data-2.0 version -->
> > >
> > > All these libraries have maintenance release (such as our 2.7.*6*) and
> I
> > > think it would be beneficial to upgrade these dependencies to the
> latest
> > > maintenance version found in Maven Central.
> > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > >
> > > Regards,
> > > --
> > > Ilya Kasnacheev
> > >
> > >
> > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dm...@apache.org>:
> > >
> > > > A huge +1 for adding Spring Data related fixes/improvements. Ilya is
> > > right
> > > > that Spring Data related questions sparked last time due to missing
> > > support
> > > > of 2.2 version.
> > > >
> > > > Ilya, could you elaborate on what you mean under "bumping the
> > versions"?
> > > Do
> > > > you suggest performing a straightforward upgrade of
> > "ignite-spring-data"
> > > to
> > > > version 2.2 and introducing "ignite-spring-data-{old-version"} for
> the
> > > > previous versions? If it's so, I fully agree with the proposal.
> > > >
> > > > -
> > > > Denis
> > > >
> > > >
> > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > ilya.kasnacheev@gmail.com
> > > > >
> > > > wrote:
> > > >
> > > > > Hello!
> > > > >
> > > > > I propose to add the following ticket to the scope:
> > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3 commits, be
> > > > careful
> > > > > with release version)
> > > > >
> > > > > Adding tickets to scope surely seems crazy now, but I will provide
> > the
> > > > > following considerations:
> > > > > * This is Spring Data 2.2 integration, which we currently do not
> > have,
> > > > > leading to lots of confused questions on stack overflow and mailing
> > > list.
> > > > > Spring Data is important to our public image since many people may
> > > learn
> > > > > about out project by starting with Spring Data.
> > > > >
> > > > > * It has zero code impact outside of its own module (just 2 POM
> file
> > > > > touched and that's all).
> > > > >
> > > > > * The core was ready since early November but, due to gmail quirk,
> we
> > > did
> > > > > not react to it in time.
> > > > >
> > > > > WDYT?
> > > > >
> > > > > Another semi-related question. *Should we bump our dependencies'
> > > versions
> > > > > before releasing 2.8?* I talk mainly about spring and hibernate
> > > > > dependencies. We could switch them to their latest maintenance
> > versions
> > > > to
> > > > > avoid shipping default links to outdated packages.
> > > > >
> > > > > I think this is one of things that are very hard to do between
> > > releases,
> > > > so
> > > > > I think this dependencies bumping should be a part of a formal
> > > > > release/testing cycle, and then be backported to master.
> > > > >
> > > > > I could volunteer to do that myself, if we agree to merge these
> > version
> > > > > upgrades to ignite-2.8 and then re-test.
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Ilya Kasnacheev
> > > > >
> > > > >
> > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > <arzamas123@mail.ru.invalid
> > > > > >:
> > > > >
> > > > > >
> > > > > > Igniters, i`l try to compare 2.8 release candidate vs 2.7.6,
> > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > i use yardstick benchmarks, 4 bare machine with:  2x Xeon X5570
> > 96Gb
> > > > > 512GB
> > > > > > SSD 2048GB HDD 10GB/s
> > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > this mappings for graphs and real yardstick tests:
> > > > > >
> > > > > > atomic-put: IgnitePutBenchmark
> > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > atomic-get: IgniteGetBenchmark
> > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > >
> > > > > > cacheMode — partitioned
> > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > 1 backup
> > > > > >
> > > > > > 1. wal = log_only 2. wal = none 3. persistence disabled.
> > > > > > Thanks Maxim for wiki page [1]
> > > > > >
> > > > > >
> > > > > > [1]
> > > > > >
> > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > >
> > > > > > do we need some bisect or other work here ?
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > >------- Forwarded message -------
> > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > >To:  dev@ignite.apache.org
> > > > > > >Cc:
> > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]
> > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > >
> > > > > > >Igniters,
> > > > > > >
> > > > > > >
> > > > > > >It's almost a year has passed since the last major Apache Ignite
> > 2.7
> > > > > > >has been released. We've accumulated a lot of performance
> > > improvements
> > > > > > >and a lot of new features which are waiting for their release
> > date.
> > > > > > >Here is my list of the most interesting things from my point
> since
> > > the
> > > > > > >last major release:
> > > > > > >
> > > > > > >Service Grid,
> > > > > > >Monitoring,
> > > > > > >Recovery Read
> > > > > > >BLT auto-adjust,
> > > > > > >PDS compression,
> > > > > > >WAL page compression,
> > > > > > >Thin client: best effort affinity,
> > > > > > >Thin client: transactions support (not yet)
> > > > > > >SQL query history
> > > > > > >SQL statistics
> > > > > > >
> > > > > > >I think we should no longer wait and freeze the master branch
> > > anymore
> > > > > > >and prepare the next major release by the end of the year.
> > > > > > >
> > > > > > >
> > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8 release
> and
> > > also
> > > > > > >I want to propose myself to be the release manager of the
> planning
> > > > > > >release.
> > > > > > >
> > > > > > >Scope Freeze: November 4, 2019
> > > > > > >Code Freeze: November 18, 2019
> > > > > > >Voting Date: December 10, 2019
> > > > > > >Release Date: December 17, 2019
> > > > > > >
> > > > > > >
> > > > > > >WDYT?
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Maxim Muzafarov <mm...@apache.org>]

Alexey,

I think yes. Otherwise, we will never finish.

On Tue, 14 Jan 2020 at 12:01, Alexey Goncharuk
<al...@gmail.com> wrote:
>
> Folks,
>
> While I agree with Ivan that IGNITE-12531
> <https://issues.apache.org/jira/browse/IGNITE-12531> should be fixed in
> 2.8, I also share Nikolay's concern regarding the 2.8 scope inflation.
> Should we consider fixing only blockers for 2.8.0 and moving the
> remaining tickets to a maintenance releases 2.8.1, 2.8.2, etc?
>
> --AG
>
> вт, 14 янв. 2020 г. в 11:08, Alexei Scherbakov <alexey.scherbakoff@gmail.com
> >:
>
> > This looks really bad.
> >
> > Let's fix it before releasing.
> >
> > пн, 13 янв. 2020 г. в 18:50, Ivan Rakov <iv...@gmail.com>:
> >
> > > Igniters,
> > >
> > > Seems like we have another blocker for 2.8 [1].
> > > Impact: after migration of persistent cluster from 2.7- to 2.8 any
> > updates
> > > of baseline topology are not persisted.
> > >
> > > [1]: https://issues.apache.org/jira/browse/IGNITE-12531
> > >
> > > On Mon, Jan 13, 2020 at 6:14 PM Sergey Antonov <
> > antonovsergey93@gmail.com>
> > > wrote:
> > >
> > > > Igniters, I got green TC Bit visas [1] [2] for patch and commit revert.
> > > >
> > > > [1]
> > > >
> > > >
> > >
> > https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7238%2Fhead&action=Latest
> > > >
> > > > [2]
> > > >
> > > >
> > >
> > https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7239%2Fhead&action=Latest
> > > >
> > > > пн, 13 янв. 2020 г., 17:51 Maxim Muzafarov <mm...@apache.org>:
> > > >
> > > > > Sergey,
> > > > >
> > > > > Thank you. I also do not support @IgniteExperemental annotation only
> > > > > for solving the current case of compatibility issues.
> > > > >
> > > > > I like your second suggestion to revert the issue [2] from 2.8
> > release
> > > > > by applying [1] PR. I'm going to apply this patch [1] within the next
> > > > > three days.
> > > > >
> > > > > Any objections?
> > > > >
> > > > > [1] https://github.com/apache/ignite/pull/7238
> > > > > [2] https://issues.apache.org/jira/browse/IGNITE-11256
> > > > >
> > > > > On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <
> > > antonovsergey93@gmail.com>
> > > > > wrote:
> > > > > >
> > > > > > Guys, I created two pull requests [1] [2] for 2.8 release.
> > > > > >
> > > > > > First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> > > > > > Second [2] is a revert of ticket [4] from 2.8 release.
> > > > > >
> > > > > > I'm waiting TC run all nightly results for both PRs. I'll write
> > > update
> > > > > when
> > > > > > TC runs will be ok.
> > > > > > I'm okay with both proposals (add ticket [1] to release, remove
> > > > read-only
> > > > > > feature from 2.8 release scope). But I'm not okay with
> > > > > @IgniteExperemental
> > > > > > annotation.
> > > > > >
> > > > > > [1] https://github.com/apache/ignite/pull/7239
> > > > > > [2] https://github.com/apache/ignite/pull/7238
> > > > > > [3] https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > [4] https://issues.apache.org/jira/browse/IGNITE-11256
> > > > > >
> > > > > >
> > > > > > пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky
> > > > > <arzamas123@mail.ru.invalid
> > > > > > >:
> > > > > >
> > > > > > >
> > > > > > > Ivan, if i correctly understand, you suggest additional
> > > > «expiremental»
> > > > > > > stuff only for hiding already leaked RO interface ?
> > > > > > > poor approach as for me.
> > > > > > >
> > > > > > > >Folks,
> > > > > > > >
> > > > > > > >Some thoughts:
> > > > > > > >* Releasing an API with known fallacies sounds really bad thing
> > to
> > > > me.
> > > > > > > >It can have a negative consequences for a whole project for
> > years.
> > > > My
> > > > > > > >opinion here that we should resolve the problem with this API
> > > > somehow
> > > > > > > >before release.
> > > > > > > >* We can mark cluster read-only API (without enum) as
> > experimental
> > > > and
> > > > > > > >change the API in e.g. 2.8.1.
> > > > > > > >* We can try to exclude read-only API from 2.8 at all.
> > > > > > > >
> > > > > > > >What do you think?
> > > > > > > >
> > > > > > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <
> > > > plehanov.alex@gmail.com
> > > > > >:
> > > > > > > >>
> > > > > > > >> Guys,
> > > > > > > >>
> > > > > > > >> There is also an issue with cluster activation by thin
> > clients.
> > > > This
> > > > > > > >> feature (.NET thin client API change and protocol change) was
> > > > added
> > > > > by
> > > > > > > [1]
> > > > > > > >> without any discussion on dev-list. Sergey's patch [2]
> > deprecate
> > > > > methods
> > > > > > > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()",
> > > but
> > > > > > > didn't do
> > > > > > > >> this for thin clients. If we want to include IGNITE-12225 to
> > 2.8
> > > > we
> > > > > also
> > > > > > > >> should not forget about thin client changes, since it will be
> > > > > strange
> > > > > > > if we
> > > > > > > >> introduce some methods to thin client API and protocol and in
> > > the
> > > > > same
> > > > > > > >> Ignite version deprecate these methods for servers and thick
> > > > > clients.
> > > > > > > >>
> > > > > > > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > > > > > > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > > >>
> > > > > > > >>
> > > > > > > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > > > > > > arzamas123@mail.ru.invalid
> > > > > > > >> >:
> > > > > > > >>
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> > Agree with Nikolay, -1 from me, too.
> > > > > > > >> >
> > > > > > > >> > >Hello, Igniters.
> > > > > > > >> > >
> > > > > > > >> > >I’m -1 to include the read-only patch to 2.8.
> > > > > > > >> > >I think we shouldn’t accept any patches to 2.8 except bug
> > > fixes
> > > > > for
> > > > > > > >> > blockers and major issues.
> > > > > > > >> > >
> > > > > > > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > > > >> > >We should focus on the release and make it ASAP.
> > > > > > > >> > >
> > > > > > > >> > >We can’t extend the scope anymore.
> > > > > > > >> > >
> > > > > > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > > > > > antonovsergey93@gmail.com >
> > > > > > > >> > написал(а):
> > > > > > > >> > >>
> > > > > > > >> > >> Hello, Maxim!
> > > > > > > >> > >>
> > > > > > > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038,
> > 111
> > > > > files
> > > > > > > >> > >> changed.
> > > > > > > >> > >> Yes, PR is huge, but I wrote a lot of new tests and
> > > reworked
> > > > > > > already
> > > > > > > >> > >> presented. Changes in product code are minimal - only 30
> > > > > changed
> > > > > > > files
> > > > > > > >> > in
> > > > > > > >> > >> /src/main/ part. And most of them are new control.sh
> > > commands
> > > > > and
> > > > > > > >> > >> configuration.
> > > > > > > >> > >>
> > > > > > > >> > >>> Do we have customer requests for this feature or maybe
> > > users
> > > > > who
> > > > > > > are
> > > > > > > >> > >> waiting for exactly that ENUM values exactly in 2.8
> > release
> > > > > (not
> > > > > > > the
> > > > > > > >> > 2.8.1
> > > > > > > >> > >> for instance)?
> > > > > > > >> > >> Can we introduce in new features in maintanance release
> > > > > (2.8.1)?
> > > > > > > Cluster
> > > > > > > >> > >> read-only mode will be new feature, if we remove
> > > > > > > IgniteCluster#readOnly
> > > > > > > >> > in
> > > > > > > >> > >> 2.8 release. If all ok with that, lets remove
> > > > > > > IgniteCluster#readOnly and
> > > > > > > >> > >> move ticket [1] to 2.8.1 release.
> > > > > > > >> > >>
> > > > > > > >> > >>> Do we have extended test results report (on just only
> > > TC.Bot
> > > > > green
> > > > > > > >> > visa)
> > > > > > > >> > >> on this feature to be sure that we will not add any
> > blocker
> > > > > issues
> > > > > > > to
> > > > > > > >> > the
> > > > > > > >> > >> release?
> > > > > > > >> > >> I'm preparing patch for 2.8 release and I will get new TC
> > > Bot
> > > > > visa
> > > > > > > vs
> > > > > > > >> > >> release branch.
> > > > > > > >> > >>
> > > > > > > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > > >> > >>
> > > > > > > >> > >>
> > > > > > > >> > >>
> > > > > > > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> > > > > mmuzaf@apache.org
> > > > > > > >:
> > > > > > > >> > >>
> > > > > > > >> > >>> Folks,
> > > > > > > >> > >>>
> > > > > > > >> > >>>
> > > > > > > >> > >>> Let me remind you that we are working on the 2.8 release
> > > > > branch
> > > > > > > >> > >>> stabilization currently (please, keep it in mind).
> > > > > > > >> > >>>
> > > > > > > >> > >>>
> > > > > > > >> > >>> Do we have a really STRONG reason for adding such a
> > change
> > > > > [1] to
> > > > > > > the
> > > > > > > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very
> > simple
> > > > > +5,517
> > > > > > > >> > >>> −2,038, 111 files changed.
> > > > > > > >> > >>> Do we have customer requests for this feature or maybe
> > > users
> > > > > who
> > > > > > > are
> > > > > > > >> > >>> waiting for exactly that ENUM values exactly in 2.8
> > > release
> > > > > (not
> > > > > > > the
> > > > > > > >> > >>> 2.8.1 for instance)?
> > > > > > > >> > >>> Can we just simply remove IgniteCluster#readOnly to
> > > > eliminate
> > > > > any
> > > > > > > >> > >>> backward compatibility issues between 2.8 and 2.9
> > > releases?
> > > > > > > >> > >>> Do we have extended test results report (on just only
> > > TC.Bot
> > > > > green
> > > > > > > >> > >>> visa) on this feature to be sure that we will not add
> > any
> > > > > blocker
> > > > > > > >> > >>> issues to the release? For instance, on pre-production
> > > > > > > environment.
> > > > > > > >> > >>>
> > > > > > > >> > >>> I'd like to notice that we also have more than enough
> > the
> > > > > release
> > > > > > > >> > >>> blocker issues [3] which are still `in progress` and
> > such
> > > a
> > > > > > > release
> > > > > > > >> > >>> run becomes endless. Such changes without strong reasons
> > > > > looks too
> > > > > > > >> > >>> scary for me a special after scope and code freeze
> > dates.
> > > > > > > >> > >>>
> > > > > > > >> > >>> Please, dispel my doubts.
> > > > > > > >> > >>>
> > > > > > > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > > > >> > >>> [3]
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > > > >> > )
> > > > > > > >> > >>>
> > > > > > > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > > > > > zaleslaw.sin@gmail.com
> > > > > > > >> > >
> > > > > > > >> > >>> wrote:
> > > > > > > >> > >>>>
> > > > > > > >> > >>>> +1
> > > > > > > >> > >>>>
> > > > > > > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > > > >> >  antonovsergey93@gmail.com >:
> > > > > > > >> > >>>>
> > > > > > > >> > >>>>> +1
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa
> > for
> > > > 2.8
> > > > > > > branch
> > > > > > > >> > >>> will be
> > > > > > > >> > >>>>> at 13 Jan
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> > > > > vololo100@gmail.com
> > > > > > > >:
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>>>> +1
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > > > > > ivan.glukos@gmail.com >:
> > > > > > > >> > >>>>>>>
> > > > > > > >> > >>>>>>> Maxim M. and anyone who is interested,
> > > > > > > >> > >>>>>>>
> > > > > > > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > > > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > > >> > >>>>>>> Basically, it's a result of the following
> > discussion:
> > > > > > > >> > >>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > > > >> > >>>>>>>
> > > > > > > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly
> > > > methods
> > > > > > > that
> > > > > > > >> > >>> work
> > > > > > > >> > >>>>> with
> > > > > > > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > > > >> > >>>>>>> If we include it, we won't be obliged to keep
> > > deprecated
> > > > > > > boolean
> > > > > > > >> > >>>>> version
> > > > > > > >> > >>>>>> of
> > > > > > > >> > >>>>>>> API in the code (which is currently present in 2.8
> > > > > branch) as
> > > > > > > it
> > > > > > > >> > >>> wasn't
> > > > > > > >> > >>>>>>> published in any release.
> > > > > > > >> > >>>>>>>
> > > > > > > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > > > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > > > > >> > >>>>>>> wrote:
> > > > > > > >> > >>>>>>>
> > > > > > > >> > >>>>>>>> Hello!
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> I have ran dependency checker plugin and quote the
> > > > > following:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-urideploy:
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-spring:
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-spring-data:
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-aop:
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-visor-console:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > > > > ,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > > >
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > > >
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > > >> > >>>>> :
> > > > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-spring-data_2.0:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> > > > > ,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > > >
> > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > > >
> > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-rest-http:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > > > CVE-2018-14720,
> > > > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > > CVE-2018-19362,
> > > > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > > > CVE-2019-14379,
> > > > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > > > CVE-2019-16942,
> > > > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-kubernetes:
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-aws:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > > > CVE-2018-14720,
> > > > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > > CVE-2018-19362,
> > > > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > > > CVE-2019-14379,
> > > > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > > > CVE-2019-16942,
> > > > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54
> > )
> > > :
> > > > > > > >> > >>>>> CVE-2015-6644,
> > > > > > > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339,
> > CVE-2016-1000340,
> > > > > > > >> > >>>>> CVE-2016-1000341,
> > > > > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343,
> > CVE-2016-1000344,
> > > > > > > >> > >>>>> CVE-2016-1000345,
> > > > > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > > > >> > >>> CVE-2017-13098,
> > > > > > > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-gce:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> httpclient-4.0.1.jar
> > > > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > > > >> > >>>>>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > > > > > CVE-2011-1498,
> > > > > > > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > > > >> > >>>>>>>> guava-jdk5-17.0.jar
> > > > > > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-cloud:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*)
> > :
> > > > > > > >> > >>> CVE-2013-2014,
> > > > > > > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> > > > > CVE-2014-3476,
> > > > > > > >> > >>>>>> CVE-2014-3520,
> > > > > > > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> > > > > CVE-2018-14432,
> > > > > > > >> > >>>>>> CVE-2018-20170
> > > > > > > >> > >>>>>>>> cloudstack-2.0.0.jar
> > > > > > > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > > > >> > >>>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > > > CVE-2013-2136,
> > > > > > > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> > > > > CVE-2015-3252
> > > > > > > >> > >>>>>>>> docker-2.0.0.jar
> > > > > > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > > > > > CVE-2018-10892,
> > > > > > > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > > > > CVE-2019-16884,
> > > > > > > >> > >>>>>>>> CVE-2019-5736
> > > > > > > >> > >>>>>>>> guava-16.0.1.jar
> > > > (pkg:maven/com.google.guava/guava@16.0.1
> > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>> docker-1.9.3.jar
> > > > > > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > > > >> > >>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > > > > CVE-2016-3697,
> > > > > > > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > > > > > CVE-2019-15752,
> > > > > > > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > > > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > > > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> > > > > CVE-2016-5725
> > > > > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49
> > )
> > > :
> > > > > > > >> > >>>>> CVE-2015-6644,
> > > > > > > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > > > >> > >>> CVE-2016-1000341,
> > > > > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343,
> > CVE-2016-1000344,
> > > > > > > >> > >>>>> CVE-2016-1000345,
> > > > > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > > > >> > >>> CVE-2018-1000613
> > > > > > > >> > >>>>>>>> okhttp-2.2.0.jar
> > > > > (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > > > > > CVE-2016-2402
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-mesos:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> mesos-1.5.0.jar
> > > (pkg:maven/org.apache.mesos/mesos@1.5.0
> > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > > > > CVE-2018-11793,
> > > > > > > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> > > > > CVE-2019-5736
> > > > > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > > > CVE-2018-14720,
> > > > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > > CVE-2018-19362,
> > > > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > > > CVE-2019-14379,
> > > > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > > > CVE-2019-16942,
> > > > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-kafka:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > > > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > > > >> > >>>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-17196
> > > > > > > >> > >>>>>>>> connect-api-2.0.1.jar
> > > > > > > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-17196
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-flume:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> guava-11.0.2.jar
> > > > (pkg:maven/com.google.guava/guava@11.0.2
> > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8
> > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > > > >> > >>> CVE-2017-15095,
> > > > > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > > > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > > > > CVE-2018-1000873,
> > > > > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > > > CVE-2019-14540,
> > > > > > > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/commons-collections/commons-collections@3.2.1
> > > > > ,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>> CVE-2015-6420,
> > > > > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > > >> > >>>>>>>> netty-3.9.4.Final.jar
> > > > > (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> > > > > CVE-2015-2156,
> > > > > > > >> > >>>>>> CVE-2019-16869,
> > > > > > > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > > > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > > > >> > >>>>>>>>
> > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124
> > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>> CVE-2005-3747,
> > > > > > > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> > > > > CVE-2009-5048,
> > > > > > > >> > >>>>>> CVE-2009-5049,
> > > > > > > >> > >>>>>>>> CVE-2011-4461
> > > > > > > >> > >>>>>>>> jetty-util-6.1.26.jar
> > > > > > > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > > > >> > >>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > > >> > >>> CVE-2009-1523,
> > > > > > > >> > >>>>>>>> CVE-2011-4461
> > > > > > > >> > >>>>>>>> jetty-6.1.26.jar
> > > > > (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > > >> > >>> CVE-2009-1523,
> > > > > > > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> > > > > CVE-2017-7658,
> > > > > > > >> > >>>>>> CVE-2017-9735,
> > > > > > > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > > > >> > >>>>>>>> libthrift-0.9.0.jar
> > > > > > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > > > >> > >>> :
> > > > > > > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> > > > > CVE-2019-0205
> > > > > > > >> > >>>>>>>> httpclient-4.1.3.jar
> > > > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > > > >> > >>>>>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > > > > > CVE-2014-3577,
> > > > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-twitter:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> httpclient-4.2.5.jar
> > > > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > > > >> > >>>>>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > > > > > CVE-2014-3577,
> > > > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > > > >> > >>>>>>>> guava-14.0.1.jar
> > > > (pkg:maven/com.google.guava/guava@14.0.1
> > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-zookeeper:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>> CVE-2019-12086,
> > > > > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > > CVE-2019-14439,
> > > > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > > CVE-2019-16943,
> > > > > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > > >> > >>>>>>>> guava-16.0.1.jar
> > > > (pkg:maven/com.google.guava/guava@16.0.1
> > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > > > > > > :
> > > > > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > > > > CVE-2018-1000873,
> > > > > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > > > CVE-2019-10172,
> > > > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > > > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > > > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > > > > >> > >>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> > > > > CVE-2019-16869
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-camel:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> camel-core-2.22.0.jar
> > > > > > > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > > > CVE-2018-8041,
> > > > > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > > > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0
> > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > > > CVE-2018-8041,
> > > > > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-storm:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> storm-core-1.1.1.jar
> > > > > > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > > > >> > >>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-11779,
> > > > > > > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> > > > > CVE-2019-0202
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>> CVE-2019-10247
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > > > >> > >>>>>>>>
> > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3
> > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > > > > > CVE-2014-3577,
> > > > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>>
> > > > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> > > > > CVE-2014-0193,
> > > > > > > >> > >>>>>> CVE-2014-3488,
> > > > > > > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability
> > > in
> > > > > > > SSLv3.0
> > > > > > > >> > >>>>> support
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>> CVE-2011-4461,
> > > > > > > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > > > CVE-2017-9735,
> > > > > > > >> > >>>>>> CVE-2019-10241,
> > > > > > > >> > >>>>>>>> CVE-2019-10247
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> > > > > ,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>> CVE-2011-4461,
> > > > > > > >> > >>>>>>>> CVE-2019-10247
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > > > >> > >>>>>>>>
> > > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2
> > > > ,
> > > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*)
> > > > > :
> > > > > > > >> > >>>>>> CVE-2016-1000031
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > > > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > > > > CVE-2015-1776,
> > > > > > > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> > > > > CVE-2016-6811,
> > > > > > > >> > >>>>>> CVE-2017-15713,
> > > > > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> > > > > CVE-2018-11768,
> > > > > > > >> > >>>>>> CVE-2018-1296,
> > > > > > > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-cassandra-store:
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-cassandra-serializers:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > > > >> > >>>>>>>>
> > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2
> > > ,
> > > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>> CVE-2019-10086
> > > > > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/commons-collections/commons-collections@3.2.1
> > > > > ,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>> CVE-2015-6420,
> > > > > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > > > > ,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > > >
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>
> > > > > > >
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > > >> > >>>>> :
> > > > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > > > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> > > > > CVE-2019-16869
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-flink:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > > > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > > > >> > >>>>>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > > > > CVE-2016-5001,
> > > > > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> > > > > CVE-2015-2156,
> > > > > > > >> > >>>>>> CVE-2016-4970,
> > > > > > > >> > >>>>>>>> CVE-2019-16869
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > > > >> > >>>>>>>>
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > > > > > ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>> CVE-2017-15095,
> > > > > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > > > CVE-2018-11307,
> > > > > > > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > > > > > CVE-2018-14719,
> > > > > > > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > > > > > CVE-2018-19361,
> > > > > > > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > > > > CVE-2019-12086,
> > > > > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > > CVE-2019-14439,
> > > > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > > CVE-2019-16943,
> > > > > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10237
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > > >> > >>> vulnerabilities
> > > > > > > >> > >>>>> in
> > > > > > > >> > >>>>>>>> ignite-rocketmq:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > > > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > > > > >> > >>>>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> > > > > CVE-2019-16869
> > > > > > > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > > > >> > >>>>>>>>
> > > > > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > > > >> > >>> ,
> > > > > > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > > > > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> > > > > CVE-2005-4838,
> > > > > > > >> > >>>>>> CVE-2006-7196,
> > > > > > > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> > > > > CVE-2009-2696,
> > > > > > > >> > >>>>>> CVE-2012-5568,
> > > > > > > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> > > > > CVE-2013-4444,
> > > > > > > >> > >>>>>> CVE-2013-4590,
> > > > > > > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> > > > > CVE-2014-0099,
> > > > > > > >> > >>>>>> CVE-2014-0119,
> > > > > > > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> > > > > CVE-2018-8020
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and
> > old
> > > > > > > maintenance
> > > > > > > >> > >>>>>> releases
> > > > > > > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> Some integrations also clearly suffer, through
> > it's a
> > > > > > > problem of
> > > > > > > >> > >>>>> their
> > > > > > > >> > >>>>>>>> users, since they need to declare their own
> > > libraries'
> > > > > > > versions
> > > > > > > >> > >>> by
> > > > > > > >> > >>>>>>>> convention.
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> Regards,
> > > > > > > >> > >>>>>>>> --
> > > > > > > >> > >>>>>>>> Ilya Kasnacheev
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > > > > > dmagda@apache.org >:
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree
> > > with
> > > > > you,
> > > > > > > >> > >>> let's
> > > > > > > >> > >>>>>> update
> > > > > > > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>>>>>>> -
> > > > > > > >> > >>>>>>>>> Denis
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > > > > >> > >>>>>>>>> wrote:
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>>>>>>>> Hello!
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to
> > > > ignite-2.8.
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > > > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > > >> > >>>>>>>>>>
> > > <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > > > >> > >>>>>>>> <!--
> > > > > > > >> > >>>>>>>>>> don't forget to update spring version -->
> > > > > > > >> > >>>>>>>>>>
> > > <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > > > >> > >>>>> don't
> > > > > > > >> > >>>>>>>>> forget
> > > > > > > >> > >>>>>>>>>> to update spring-data version -->
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>
> > > > > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version
> > -->
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > > >> > >>>>>>>>> don't
> > > > > > > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>> All these libraries have maintenance release
> > (such
> > > as
> > > > > our
> > > > > > > >> > >>>>> 2.7.*6*)
> > > > > > > >> > >>>>>> and
> > > > > > > >> > >>>>>>>> I
> > > > > > > >> > >>>>>>>>>> think it would be beneficial to upgrade these
> > > > > dependencies
> > > > > > > >> > >>> to the
> > > > > > > >> > >>>>>>>> latest
> > > > > > > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > > > >> > >>>>>>>>>> For example, there is spring.data-2.0
> > > > 2.0.*14*.RELEASE.
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>> Regards,
> > > > > > > >> > >>>>>>>>>> --
> > > > > > > >> > >>>>>>>>>> Ilya Kasnacheev
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > > > > > dmagda@apache.org
> > > > > > > >> > >>>> :
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > > > >> > >>> fixes/improvements.
> > > > > > > >> > >>>>>> Ilya is
> > > > > > > >> > >>>>>>>>>> right
> > > > > > > >> > >>>>>>>>>>> that Spring Data related questions sparked last
> > > time
> > > > > due
> > > > > > > to
> > > > > > > >> > >>>>>> missing
> > > > > > > >> > >>>>>>>>>> support
> > > > > > > >> > >>>>>>>>>>> of 2.2 version.
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> > > > > "bumping
> > > > > > > >> > >>> the
> > > > > > > >> > >>>>>>>>> versions"?
> > > > > > > >> > >>>>>>>>>> Do
> > > > > > > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade
> > > of
> > > > > > > >> > >>>>>>>>> "ignite-spring-data"
> > > > > > > >> > >>>>>>>>>> to
> > > > > > > >> > >>>>>>>>>>> version 2.2 and introducing
> > > > > > > >> > >>> "ignite-spring-data-{old-version"}
> > > > > > > >> > >>>>>> for
> > > > > > > >> > >>>>>>>> the
> > > > > > > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree
> > with
> > > > the
> > > > > > > >> > >>> proposal.
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>> -
> > > > > > > >> > >>>>>>>>>>> Denis
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev
> > <
> > > > > > > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>> wrote:
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> Hello!
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> I propose to add the following ticket to the
> > > scope:
> > > > > > > >> > >>>>>>>>>>>>
> > > > https://issues.apache.org/jira/browse/IGNITE-12259
> > > > > (3
> > > > > > > >> > >>>>>> commits, be
> > > > > > > >> > >>>>>>>>>>> careful
> > > > > > > >> > >>>>>>>>>>>> with release version)
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now,
> > > > but I
> > > > > > > >> > >>> will
> > > > > > > >> > >>>>>> provide
> > > > > > > >> > >>>>>>>>> the
> > > > > > > >> > >>>>>>>>>>>> following considerations:
> > > > > > > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > > > >> > >>> currently do
> > > > > > > >> > >>>>>> not
> > > > > > > >> > >>>>>>>>> have,
> > > > > > > >> > >>>>>>>>>>>> leading to lots of confused questions on stack
> > > > > overflow
> > > > > > > >> > >>> and
> > > > > > > >> > >>>>>> mailing
> > > > > > > >> > >>>>>>>>>> list.
> > > > > > > >> > >>>>>>>>>>>> Spring Data is important to our public image
> > > since
> > > > > many
> > > > > > > >> > >>>>> people
> > > > > > > >> > >>>>>> may
> > > > > > > >> > >>>>>>>>>> learn
> > > > > > > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> * It has zero code impact outside of its own
> > > module
> > > > > > > >> > >>> (just 2
> > > > > > > >> > >>>>> POM
> > > > > > > >> > >>>>>>>> file
> > > > > > > >> > >>>>>>>>>>>> touched and that's all).
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> * The core was ready since early November but,
> > > due
> > > > to
> > > > > > > >> > >>> gmail
> > > > > > > >> > >>>>>> quirk,
> > > > > > > >> > >>>>>>>> we
> > > > > > > >> > >>>>>>>>>> did
> > > > > > > >> > >>>>>>>>>>>> not react to it in time.
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> WDYT?
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump
> > > our
> > > > > > > >> > >>>>>> dependencies'
> > > > > > > >> > >>>>>>>>>> versions
> > > > > > > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about
> > spring
> > > > and
> > > > > > > >> > >>>>> hibernate
> > > > > > > >> > >>>>>>>>>>>> dependencies. We could switch them to their
> > > latest
> > > > > > > >> > >>>>> maintenance
> > > > > > > >> > >>>>>>>>> versions
> > > > > > > >> > >>>>>>>>>>> to
> > > > > > > >> > >>>>>>>>>>>> avoid shipping default links to outdated
> > > packages.
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> I think this is one of things that are very
> > hard
> > > to
> > > > > do
> > > > > > > >> > >>>>> between
> > > > > > > >> > >>>>>>>>>> releases,
> > > > > > > >> > >>>>>>>>>>> so
> > > > > > > >> > >>>>>>>>>>>> I think this dependencies bumping should be a
> > > part
> > > > > of a
> > > > > > > >> > >>>>> formal
> > > > > > > >> > >>>>>>>>>>>> release/testing cycle, and then be backported
> > to
> > > > > master.
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we
> > agree
> > > to
> > > > > merge
> > > > > > > >> > >>>>> these
> > > > > > > >> > >>>>>>>>> version
> > > > > > > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> Regards,
> > > > > > > >> > >>>>>>>>>>>> --
> > > > > > > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > > > > > > >> > >>>>>>>>>>>>> :
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release
> > > candidate
> > > > > vs
> > > > > > > >> > >>>>> 2.7.6,
> > > > > > > >> > >>>>>>>>>>>>> last sha 2.8 was build from :
> > > > 9d114f3137f92aebc2562a
> > > > > > > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine
> > with:
> > > > 2x
> > > > > > > >> > >>> Xeon
> > > > > > > >> > >>>>>> X5570
> > > > > > > >> > >>>>>>>>> 96Gb
> > > > > > > >> > >>>>>>>>>>>> 512GB
> > > > > > > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > > > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > > > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick
> > > tests:
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > > > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > > > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > > > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > > > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > > > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > >> > >>>>>>>>>>>>> 1 backup
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > > > >> > >>> disabled.
> > > > > > > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>> [1]
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> >
> > > > > > >
> > > > >
> > > >
> > >
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > > > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org
> > >
> > > > > > > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > > > > >> > >>>>>>>>>>>>>> Cc:
> > > > > > > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time,
> > > Scope,
> > > > > > > >> > >>> Manager]
> > > > > > > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> Igniters,
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last
> > > > major
> > > > > > > >> > >>> Apache
> > > > > > > >> > >>>>>> Ignite
> > > > > > > >> > >>>>>>>>> 2.7
> > > > > > > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > > > >> > >>> performance
> > > > > > > >> > >>>>>>>>>> improvements
> > > > > > > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting
> > for
> > > > > their
> > > > > > > >> > >>>>>> release
> > > > > > > >> > >>>>>>>>> date.
> > > > > > > >> > >>>>>>>>>>>>>> Here is my list of the most interesting
> > things
> > > > > from my
> > > > > > > >> > >>>>> point
> > > > > > > >> > >>>>>>>> since
> > > > > > > >> > >>>>>>>>>> the
> > > > > > > >> > >>>>>>>>>>>>>> last major release:
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> Service Grid,
> > > > > > > >> > >>>>>>>>>>>>>> Monitoring,
> > > > > > > >> > >>>>>>>>>>>>>> Recovery Read
> > > > > > > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > > > >> > >>>>>>>>>>>>>> PDS compression,
> > > > > > > >> > >>>>>>>>>>>>>> WAL page compression,
> > > > > > > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > > > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > > > >> > >>>>>>>>>>>>>> SQL query history
> > > > > > > >> > >>>>>>>>>>>>>> SQL statistics
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze
> > the
> > > > > master
> > > > > > > >> > >>>>>> branch
> > > > > > > >> > >>>>>>>>>> anymore
> > > > > > > >> > >>>>>>>>>>>>>> and prepare the next major release by the end
> > > of
> > > > > the
> > > > > > > >> > >>> year.
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache
> > > Ignite
> > > > > 2.8
> > > > > > > >> > >>>>>> release
> > > > > > > >> > >>>>>>>> and
> > > > > > > >> > >>>>>>>>>> also
> > > > > > > >> > >>>>>>>>>>>>>> I want to propose myself to be the release
> > > > manager
> > > > > of
> > > > > > > >> > >>> the
> > > > > > > >> > >>>>>>>> planning
> > > > > > > >> > >>>>>>>>>>>>>> release.
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > > > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > > > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > > > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>> WDYT?
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>>
> > > > > > > >> > >>>>>>>>>>
> > > > > > > >> > >>>>>>>>>
> > > > > > > >> > >>>>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>> --
> > > > > > > >> > >>>>>> Best regards,
> > > > > > > >> > >>>>>> Ivan Pavlukhin
> > > > > > > >> > >>>>>>
> > > > > > > >> > >>>>>
> > > > > > > >> > >>>
> > > > > > > >> > >>
> > > > > > > >> > >>
> > > > > > > >> > >> --
> > > > > > > >> > >> BR, Sergey Antonov
> > > > > > > >> > >
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >
> > > > > > > >
> > > > > > > >--
> > > > > > > >Best regards,
> > > > > > > >Ivan Pavlukhin
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > BR, Sergey Antonov
> > > > >
> > > >
> > >
> >
> >
> > --
> >
> > Best regards,
> > Alexei Scherbakov
> >

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Alexey Goncharuk <al...@gmail.com>]

Folks,

While I agree with Ivan that IGNITE-12531
<https://issues.apache.org/jira/browse/IGNITE-12531> should be fixed in
2.8, I also share Nikolay's concern regarding the 2.8 scope inflation.
Should we consider fixing only blockers for 2.8.0 and moving the
remaining tickets to a maintenance releases 2.8.1, 2.8.2, etc?

--AG

вт, 14 янв. 2020 г. в 11:08, Alexei Scherbakov <alexey.scherbakoff@gmail.com
>:

> This looks really bad.
>
> Let's fix it before releasing.
>
> пн, 13 янв. 2020 г. в 18:50, Ivan Rakov <iv...@gmail.com>:
>
> > Igniters,
> >
> > Seems like we have another blocker for 2.8 [1].
> > Impact: after migration of persistent cluster from 2.7- to 2.8 any
> updates
> > of baseline topology are not persisted.
> >
> > [1]: https://issues.apache.org/jira/browse/IGNITE-12531
> >
> > On Mon, Jan 13, 2020 at 6:14 PM Sergey Antonov <
> antonovsergey93@gmail.com>
> > wrote:
> >
> > > Igniters, I got green TC Bit visas [1] [2] for patch and commit revert.
> > >
> > > [1]
> > >
> > >
> >
> https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7238%2Fhead&action=Latest
> > >
> > > [2]
> > >
> > >
> >
> https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7239%2Fhead&action=Latest
> > >
> > > пн, 13 янв. 2020 г., 17:51 Maxim Muzafarov <mm...@apache.org>:
> > >
> > > > Sergey,
> > > >
> > > > Thank you. I also do not support @IgniteExperemental annotation only
> > > > for solving the current case of compatibility issues.
> > > >
> > > > I like your second suggestion to revert the issue [2] from 2.8
> release
> > > > by applying [1] PR. I'm going to apply this patch [1] within the next
> > > > three days.
> > > >
> > > > Any objections?
> > > >
> > > > [1] https://github.com/apache/ignite/pull/7238
> > > > [2] https://issues.apache.org/jira/browse/IGNITE-11256
> > > >
> > > > On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <
> > antonovsergey93@gmail.com>
> > > > wrote:
> > > > >
> > > > > Guys, I created two pull requests [1] [2] for 2.8 release.
> > > > >
> > > > > First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> > > > > Second [2] is a revert of ticket [4] from 2.8 release.
> > > > >
> > > > > I'm waiting TC run all nightly results for both PRs. I'll write
> > update
> > > > when
> > > > > TC runs will be ok.
> > > > > I'm okay with both proposals (add ticket [1] to release, remove
> > > read-only
> > > > > feature from 2.8 release scope). But I'm not okay with
> > > > @IgniteExperemental
> > > > > annotation.
> > > > >
> > > > > [1] https://github.com/apache/ignite/pull/7239
> > > > > [2] https://github.com/apache/ignite/pull/7238
> > > > > [3] https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > [4] https://issues.apache.org/jira/browse/IGNITE-11256
> > > > >
> > > > >
> > > > > пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky
> > > > <arzamas123@mail.ru.invalid
> > > > > >:
> > > > >
> > > > > >
> > > > > > Ivan, if i correctly understand, you suggest additional
> > > «expiremental»
> > > > > > stuff only for hiding already leaked RO interface ?
> > > > > > poor approach as for me.
> > > > > >
> > > > > > >Folks,
> > > > > > >
> > > > > > >Some thoughts:
> > > > > > >* Releasing an API with known fallacies sounds really bad thing
> to
> > > me.
> > > > > > >It can have a negative consequences for a whole project for
> years.
> > > My
> > > > > > >opinion here that we should resolve the problem with this API
> > > somehow
> > > > > > >before release.
> > > > > > >* We can mark cluster read-only API (without enum) as
> experimental
> > > and
> > > > > > >change the API in e.g. 2.8.1.
> > > > > > >* We can try to exclude read-only API from 2.8 at all.
> > > > > > >
> > > > > > >What do you think?
> > > > > > >
> > > > > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <
> > > plehanov.alex@gmail.com
> > > > >:
> > > > > > >>
> > > > > > >> Guys,
> > > > > > >>
> > > > > > >> There is also an issue with cluster activation by thin
> clients.
> > > This
> > > > > > >> feature (.NET thin client API change and protocol change) was
> > > added
> > > > by
> > > > > > [1]
> > > > > > >> without any discussion on dev-list. Sergey's patch [2]
> deprecate
> > > > methods
> > > > > > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()",
> > but
> > > > > > didn't do
> > > > > > >> this for thin clients. If we want to include IGNITE-12225 to
> 2.8
> > > we
> > > > also
> > > > > > >> should not forget about thin client changes, since it will be
> > > > strange
> > > > > > if we
> > > > > > >> introduce some methods to thin client API and protocol and in
> > the
> > > > same
> > > > > > >> Ignite version deprecate these methods for servers and thick
> > > > clients.
> > > > > > >>
> > > > > > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > > > > > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>
> > > > > > >>
> > > > > > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > > > > > arzamas123@mail.ru.invalid
> > > > > > >> >:
> > > > > > >>
> > > > > > >> >
> > > > > > >> >
> > > > > > >> > Agree with Nikolay, -1 from me, too.
> > > > > > >> >
> > > > > > >> > >Hello, Igniters.
> > > > > > >> > >
> > > > > > >> > >I’m -1 to include the read-only patch to 2.8.
> > > > > > >> > >I think we shouldn’t accept any patches to 2.8 except bug
> > fixes
> > > > for
> > > > > > >> > blockers and major issues.
> > > > > > >> > >
> > > > > > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > > >> > >We should focus on the release and make it ASAP.
> > > > > > >> > >
> > > > > > >> > >We can’t extend the scope anymore.
> > > > > > >> > >
> > > > > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > > > > antonovsergey93@gmail.com >
> > > > > > >> > написал(а):
> > > > > > >> > >>
> > > > > > >> > >> Hello, Maxim!
> > > > > > >> > >>
> > > > > > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038,
> 111
> > > > files
> > > > > > >> > >> changed.
> > > > > > >> > >> Yes, PR is huge, but I wrote a lot of new tests and
> > reworked
> > > > > > already
> > > > > > >> > >> presented. Changes in product code are minimal - only 30
> > > > changed
> > > > > > files
> > > > > > >> > in
> > > > > > >> > >> /src/main/ part. And most of them are new control.sh
> > commands
> > > > and
> > > > > > >> > >> configuration.
> > > > > > >> > >>
> > > > > > >> > >>> Do we have customer requests for this feature or maybe
> > users
> > > > who
> > > > > > are
> > > > > > >> > >> waiting for exactly that ENUM values exactly in 2.8
> release
> > > > (not
> > > > > > the
> > > > > > >> > 2.8.1
> > > > > > >> > >> for instance)?
> > > > > > >> > >> Can we introduce in new features in maintanance release
> > > > (2.8.1)?
> > > > > > Cluster
> > > > > > >> > >> read-only mode will be new feature, if we remove
> > > > > > IgniteCluster#readOnly
> > > > > > >> > in
> > > > > > >> > >> 2.8 release. If all ok with that, lets remove
> > > > > > IgniteCluster#readOnly and
> > > > > > >> > >> move ticket [1] to 2.8.1 release.
> > > > > > >> > >>
> > > > > > >> > >>> Do we have extended test results report (on just only
> > TC.Bot
> > > > green
> > > > > > >> > visa)
> > > > > > >> > >> on this feature to be sure that we will not add any
> blocker
> > > > issues
> > > > > > to
> > > > > > >> > the
> > > > > > >> > >> release?
> > > > > > >> > >> I'm preparing patch for 2.8 release and I will get new TC
> > Bot
> > > > visa
> > > > > > vs
> > > > > > >> > >> release branch.
> > > > > > >> > >>
> > > > > > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >> > >>
> > > > > > >> > >>
> > > > > > >> > >>
> > > > > > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> > > > mmuzaf@apache.org
> > > > > > >:
> > > > > > >> > >>
> > > > > > >> > >>> Folks,
> > > > > > >> > >>>
> > > > > > >> > >>>
> > > > > > >> > >>> Let me remind you that we are working on the 2.8 release
> > > > branch
> > > > > > >> > >>> stabilization currently (please, keep it in mind).
> > > > > > >> > >>>
> > > > > > >> > >>>
> > > > > > >> > >>> Do we have a really STRONG reason for adding such a
> change
> > > > [1] to
> > > > > > the
> > > > > > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very
> simple
> > > > +5,517
> > > > > > >> > >>> −2,038, 111 files changed.
> > > > > > >> > >>> Do we have customer requests for this feature or maybe
> > users
> > > > who
> > > > > > are
> > > > > > >> > >>> waiting for exactly that ENUM values exactly in 2.8
> > release
> > > > (not
> > > > > > the
> > > > > > >> > >>> 2.8.1 for instance)?
> > > > > > >> > >>> Can we just simply remove IgniteCluster#readOnly to
> > > eliminate
> > > > any
> > > > > > >> > >>> backward compatibility issues between 2.8 and 2.9
> > releases?
> > > > > > >> > >>> Do we have extended test results report (on just only
> > TC.Bot
> > > > green
> > > > > > >> > >>> visa) on this feature to be sure that we will not add
> any
> > > > blocker
> > > > > > >> > >>> issues to the release? For instance, on pre-production
> > > > > > environment.
> > > > > > >> > >>>
> > > > > > >> > >>> I'd like to notice that we also have more than enough
> the
> > > > release
> > > > > > >> > >>> blocker issues [3] which are still `in progress` and
> such
> > a
> > > > > > release
> > > > > > >> > >>> run becomes endless. Such changes without strong reasons
> > > > looks too
> > > > > > >> > >>> scary for me a special after scope and code freeze
> dates.
> > > > > > >> > >>>
> > > > > > >> > >>> Please, dispel my doubts.
> > > > > > >> > >>>
> > > > > > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > > >> > >>> [3]
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > > >> > )
> > > > > > >> > >>>
> > > > > > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > > > > zaleslaw.sin@gmail.com
> > > > > > >> > >
> > > > > > >> > >>> wrote:
> > > > > > >> > >>>>
> > > > > > >> > >>>> +1
> > > > > > >> > >>>>
> > > > > > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > > >> >  antonovsergey93@gmail.com >:
> > > > > > >> > >>>>
> > > > > > >> > >>>>> +1
> > > > > > >> > >>>>>
> > > > > > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa
> for
> > > 2.8
> > > > > > branch
> > > > > > >> > >>> will be
> > > > > > >> > >>>>> at 13 Jan
> > > > > > >> > >>>>>
> > > > > > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> > > > vololo100@gmail.com
> > > > > > >:
> > > > > > >> > >>>>>
> > > > > > >> > >>>>>> +1
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > > > > ivan.glukos@gmail.com >:
> > > > > > >> > >>>>>>>
> > > > > > >> > >>>>>>> Maxim M. and anyone who is interested,
> > > > > > >> > >>>>>>>
> > > > > > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >> > >>>>>>> Basically, it's a result of the following
> discussion:
> > > > > > >> > >>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > > >> > >>>>>>>
> > > > > > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly
> > > methods
> > > > > > that
> > > > > > >> > >>> work
> > > > > > >> > >>>>> with
> > > > > > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > > >> > >>>>>>> If we include it, we won't be obliged to keep
> > deprecated
> > > > > > boolean
> > > > > > >> > >>>>> version
> > > > > > >> > >>>>>> of
> > > > > > >> > >>>>>>> API in the code (which is currently present in 2.8
> > > > branch) as
> > > > > > it
> > > > > > >> > >>> wasn't
> > > > > > >> > >>>>>>> published in any release.
> > > > > > >> > >>>>>>>
> > > > > > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > > > >> > >>>>>>> wrote:
> > > > > > >> > >>>>>>>
> > > > > > >> > >>>>>>>> Hello!
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> I have ran dependency checker plugin and quote the
> > > > following:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-urideploy:
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-spring:
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-spring-data:
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-aop:
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-visor-console:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > > > ,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > > >
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > > >
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > >> > >>>>> :
> > > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-spring-data_2.0:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> > > > ,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > > >
> > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > > >
> > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-rest-http:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > > CVE-2018-14720,
> > > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > CVE-2018-19362,
> > > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > > CVE-2019-14379,
> > > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > > CVE-2019-16942,
> > > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-kubernetes:
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-aws:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > > CVE-2018-14720,
> > > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > CVE-2018-19362,
> > > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > > CVE-2019-14379,
> > > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > > CVE-2019-16942,
> > > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54
> )
> > :
> > > > > > >> > >>>>> CVE-2015-6644,
> > > > > > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339,
> CVE-2016-1000340,
> > > > > > >> > >>>>> CVE-2016-1000341,
> > > > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343,
> CVE-2016-1000344,
> > > > > > >> > >>>>> CVE-2016-1000345,
> > > > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > > >> > >>> CVE-2017-13098,
> > > > > > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-gce:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> httpclient-4.0.1.jar
> > > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > > >> > >>>>>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > > > > CVE-2011-1498,
> > > > > > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > > >> > >>>>>>>> guava-jdk5-17.0.jar
> > > > > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-cloud:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > > > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*)
> :
> > > > > > >> > >>> CVE-2013-2014,
> > > > > > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> > > > CVE-2014-3476,
> > > > > > >> > >>>>>> CVE-2014-3520,
> > > > > > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> > > > CVE-2018-14432,
> > > > > > >> > >>>>>> CVE-2018-20170
> > > > > > >> > >>>>>>>> cloudstack-2.0.0.jar
> > > > > > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > > >> > >>>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > > CVE-2013-2136,
> > > > > > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> > > > CVE-2015-3252
> > > > > > >> > >>>>>>>> docker-2.0.0.jar
> > > > > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-10892,
> > > > > > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > > > CVE-2019-16884,
> > > > > > >> > >>>>>>>> CVE-2019-5736
> > > > > > >> > >>>>>>>> guava-16.0.1.jar
> > > (pkg:maven/com.google.guava/guava@16.0.1
> > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>> docker-1.9.3.jar
> > > > > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > > >> > >>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > > > CVE-2016-3697,
> > > > > > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > > > > CVE-2019-15752,
> > > > > > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> > > > CVE-2016-5725
> > > > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49
> )
> > :
> > > > > > >> > >>>>> CVE-2015-6644,
> > > > > > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > > >> > >>> CVE-2016-1000341,
> > > > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343,
> CVE-2016-1000344,
> > > > > > >> > >>>>> CVE-2016-1000345,
> > > > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > > >> > >>> CVE-2018-1000613
> > > > > > >> > >>>>>>>> okhttp-2.2.0.jar
> > > > (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > > > > CVE-2016-2402
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-mesos:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> mesos-1.5.0.jar
> > (pkg:maven/org.apache.mesos/mesos@1.5.0
> > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > > > CVE-2018-11793,
> > > > > > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> > > > CVE-2019-5736
> > > > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > > CVE-2018-14720,
> > > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > CVE-2018-19362,
> > > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > > CVE-2019-14379,
> > > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > > CVE-2019-16942,
> > > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-kafka:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > > >> > >>>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-17196
> > > > > > >> > >>>>>>>> connect-api-2.0.1.jar
> > > > > > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-17196
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-flume:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> guava-11.0.2.jar
> > > (pkg:maven/com.google.guava/guava@11.0.2
> > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > > >> > >>>>>>>>
> > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8
> > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > > >> > >>> CVE-2017-15095,
> > > > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > > > CVE-2018-1000873,
> > > > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > > CVE-2019-14540,
> > > > > > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/commons-collections/commons-collections@3.2.1
> > > > ,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>> CVE-2015-6420,
> > > > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > >> > >>>>>>>> netty-3.9.4.Final.jar
> > > > (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> > > > CVE-2015-2156,
> > > > > > >> > >>>>>> CVE-2019-16869,
> > > > > > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > > >> > >>>>>>>>
> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124
> > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>> CVE-2005-3747,
> > > > > > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> > > > CVE-2009-5048,
> > > > > > >> > >>>>>> CVE-2009-5049,
> > > > > > >> > >>>>>>>> CVE-2011-4461
> > > > > > >> > >>>>>>>> jetty-util-6.1.26.jar
> > > > > > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > > >> > >>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > >> > >>> CVE-2009-1523,
> > > > > > >> > >>>>>>>> CVE-2011-4461
> > > > > > >> > >>>>>>>> jetty-6.1.26.jar
> > > > (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > >> > >>> CVE-2009-1523,
> > > > > > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> > > > CVE-2017-7658,
> > > > > > >> > >>>>>> CVE-2017-9735,
> > > > > > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > > >> > >>>>>>>> libthrift-0.9.0.jar
> > > > > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > > >> > >>> :
> > > > > > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> > > > CVE-2019-0205
> > > > > > >> > >>>>>>>> httpclient-4.1.3.jar
> > > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > > >> > >>>>>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > > > > CVE-2014-3577,
> > > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-twitter:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> httpclient-4.2.5.jar
> > > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > > >> > >>>>>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > > > > CVE-2014-3577,
> > > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > > >> > >>>>>>>> guava-14.0.1.jar
> > > (pkg:maven/com.google.guava/guava@14.0.1
> > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-zookeeper:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>> CVE-2019-12086,
> > > > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439,
> > > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943,
> > > > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > >> > >>>>>>>> guava-16.0.1.jar
> > > (pkg:maven/com.google.guava/guava@16.0.1
> > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > > > > > :
> > > > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > > > CVE-2018-1000873,
> > > > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > > CVE-2019-10172,
> > > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > > > >> > >>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> > > > CVE-2019-16869
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-camel:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> camel-core-2.22.0.jar
> > > > > > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > > CVE-2018-8041,
> > > > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0
> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > > CVE-2018-8041,
> > > > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-storm:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> storm-core-1.1.1.jar
> > > > > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > > >> > >>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-11779,
> > > > > > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> > > > CVE-2019-0202
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>> CVE-2019-10247
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > > >> > >>>>>>>>
> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3
> > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > > > > CVE-2014-3577,
> > > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>>
> > > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> > > > CVE-2014-0193,
> > > > > > >> > >>>>>> CVE-2014-3488,
> > > > > > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability
> > in
> > > > > > SSLv3.0
> > > > > > >> > >>>>> support
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>> CVE-2011-4461,
> > > > > > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > > CVE-2017-9735,
> > > > > > >> > >>>>>> CVE-2019-10241,
> > > > > > >> > >>>>>>>> CVE-2019-10247
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> > > > ,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>> CVE-2011-4461,
> > > > > > >> > >>>>>>>> CVE-2019-10247
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > > >> > >>>>>>>>
> > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2
> > > ,
> > > > > > >> > >>>>>>>>
> > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*)
> > > > :
> > > > > > >> > >>>>>> CVE-2016-1000031
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > > > CVE-2015-1776,
> > > > > > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> > > > CVE-2016-6811,
> > > > > > >> > >>>>>> CVE-2017-15713,
> > > > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> > > > CVE-2018-11768,
> > > > > > >> > >>>>>> CVE-2018-1296,
> > > > > > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-cassandra-store:
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-cassandra-serializers:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > > >> > >>>>>>>>
> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2
> > ,
> > > > > > >> > >>>>>>>>
> > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>> CVE-2019-10086
> > > > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/commons-collections/commons-collections@3.2.1
> > > > ,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>> CVE-2015-6420,
> > > > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > >> > >>>>>>>>
> > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > > > ,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > > >
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>
> > > > > >
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > >> > >>>>> :
> > > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> > > > CVE-2019-16869
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-flink:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > > >> > >>>>>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > > > CVE-2016-5001,
> > > > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> > > > CVE-2015-2156,
> > > > > > >> > >>>>>> CVE-2016-4970,
> > > > > > >> > >>>>>>>> CVE-2019-16869
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > > >> > >>>>>>>>
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > > > > ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>> CVE-2017-15095,
> > > > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > > CVE-2018-11307,
> > > > > > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > > > > CVE-2018-14719,
> > > > > > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > > > > CVE-2018-19361,
> > > > > > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > > > CVE-2019-12086,
> > > > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439,
> > > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943,
> > > > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> > > > CVE-2018-10237
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > > >> > >>> vulnerabilities
> > > > > > >> > >>>>> in
> > > > > > >> > >>>>>>>> ignite-rocketmq:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > > > >> > >>>>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> > > > CVE-2019-16869
> > > > > > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > > >> > >>>>>>>>
> > > > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > > >> > >>> ,
> > > > > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > >> > >>>>>>>>
> > > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > > > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> > > > CVE-2005-4838,
> > > > > > >> > >>>>>> CVE-2006-7196,
> > > > > > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> > > > CVE-2009-2696,
> > > > > > >> > >>>>>> CVE-2012-5568,
> > > > > > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> > > > CVE-2013-4444,
> > > > > > >> > >>>>>> CVE-2013-4590,
> > > > > > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> > > > CVE-2014-0099,
> > > > > > >> > >>>>>> CVE-2014-0119,
> > > > > > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> > > > CVE-2018-8020
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and
> old
> > > > > > maintenance
> > > > > > >> > >>>>>> releases
> > > > > > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> Some integrations also clearly suffer, through
> it's a
> > > > > > problem of
> > > > > > >> > >>>>> their
> > > > > > >> > >>>>>>>> users, since they need to declare their own
> > libraries'
> > > > > > versions
> > > > > > >> > >>> by
> > > > > > >> > >>>>>>>> convention.
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> Regards,
> > > > > > >> > >>>>>>>> --
> > > > > > >> > >>>>>>>> Ilya Kasnacheev
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > > > > dmagda@apache.org >:
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree
> > with
> > > > you,
> > > > > > >> > >>> let's
> > > > > > >> > >>>>>> update
> > > > > > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>>>>>>> -
> > > > > > >> > >>>>>>>>> Denis
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > > > >> > >>>>>>>>> wrote:
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>>>>>>>> Hello!
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to
> > > ignite-2.8.
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > >> > >>>>>>>>>>
> > <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>
> > > > <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > > >> > >>>>>>>> <!--
> > > > > > >> > >>>>>>>>>> don't forget to update spring version -->
> > > > > > >> > >>>>>>>>>>
> > <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > > >> > >>>>> don't
> > > > > > >> > >>>>>>>>> forget
> > > > > > >> > >>>>>>>>>> to update spring-data version -->
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>
> > > > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version
> -->
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>
> > > > <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > >> > >>>>>>>>> don't
> > > > > > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>> All these libraries have maintenance release
> (such
> > as
> > > > our
> > > > > > >> > >>>>> 2.7.*6*)
> > > > > > >> > >>>>>> and
> > > > > > >> > >>>>>>>> I
> > > > > > >> > >>>>>>>>>> think it would be beneficial to upgrade these
> > > > dependencies
> > > > > > >> > >>> to the
> > > > > > >> > >>>>>>>> latest
> > > > > > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > > >> > >>>>>>>>>> For example, there is spring.data-2.0
> > > 2.0.*14*.RELEASE.
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>> Regards,
> > > > > > >> > >>>>>>>>>> --
> > > > > > >> > >>>>>>>>>> Ilya Kasnacheev
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > > > > dmagda@apache.org
> > > > > > >> > >>>> :
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > > >> > >>> fixes/improvements.
> > > > > > >> > >>>>>> Ilya is
> > > > > > >> > >>>>>>>>>> right
> > > > > > >> > >>>>>>>>>>> that Spring Data related questions sparked last
> > time
> > > > due
> > > > > > to
> > > > > > >> > >>>>>> missing
> > > > > > >> > >>>>>>>>>> support
> > > > > > >> > >>>>>>>>>>> of 2.2 version.
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> > > > "bumping
> > > > > > >> > >>> the
> > > > > > >> > >>>>>>>>> versions"?
> > > > > > >> > >>>>>>>>>> Do
> > > > > > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade
> > of
> > > > > > >> > >>>>>>>>> "ignite-spring-data"
> > > > > > >> > >>>>>>>>>> to
> > > > > > >> > >>>>>>>>>>> version 2.2 and introducing
> > > > > > >> > >>> "ignite-spring-data-{old-version"}
> > > > > > >> > >>>>>> for
> > > > > > >> > >>>>>>>> the
> > > > > > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree
> with
> > > the
> > > > > > >> > >>> proposal.
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>> -
> > > > > > >> > >>>>>>>>>>> Denis
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev
> <
> > > > > > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>> wrote:
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> Hello!
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> I propose to add the following ticket to the
> > scope:
> > > > > > >> > >>>>>>>>>>>>
> > > https://issues.apache.org/jira/browse/IGNITE-12259
> > > > (3
> > > > > > >> > >>>>>> commits, be
> > > > > > >> > >>>>>>>>>>> careful
> > > > > > >> > >>>>>>>>>>>> with release version)
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now,
> > > but I
> > > > > > >> > >>> will
> > > > > > >> > >>>>>> provide
> > > > > > >> > >>>>>>>>> the
> > > > > > >> > >>>>>>>>>>>> following considerations:
> > > > > > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > > >> > >>> currently do
> > > > > > >> > >>>>>> not
> > > > > > >> > >>>>>>>>> have,
> > > > > > >> > >>>>>>>>>>>> leading to lots of confused questions on stack
> > > > overflow
> > > > > > >> > >>> and
> > > > > > >> > >>>>>> mailing
> > > > > > >> > >>>>>>>>>> list.
> > > > > > >> > >>>>>>>>>>>> Spring Data is important to our public image
> > since
> > > > many
> > > > > > >> > >>>>> people
> > > > > > >> > >>>>>> may
> > > > > > >> > >>>>>>>>>> learn
> > > > > > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> * It has zero code impact outside of its own
> > module
> > > > > > >> > >>> (just 2
> > > > > > >> > >>>>> POM
> > > > > > >> > >>>>>>>> file
> > > > > > >> > >>>>>>>>>>>> touched and that's all).
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> * The core was ready since early November but,
> > due
> > > to
> > > > > > >> > >>> gmail
> > > > > > >> > >>>>>> quirk,
> > > > > > >> > >>>>>>>> we
> > > > > > >> > >>>>>>>>>> did
> > > > > > >> > >>>>>>>>>>>> not react to it in time.
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> WDYT?
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump
> > our
> > > > > > >> > >>>>>> dependencies'
> > > > > > >> > >>>>>>>>>> versions
> > > > > > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about
> spring
> > > and
> > > > > > >> > >>>>> hibernate
> > > > > > >> > >>>>>>>>>>>> dependencies. We could switch them to their
> > latest
> > > > > > >> > >>>>> maintenance
> > > > > > >> > >>>>>>>>> versions
> > > > > > >> > >>>>>>>>>>> to
> > > > > > >> > >>>>>>>>>>>> avoid shipping default links to outdated
> > packages.
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> I think this is one of things that are very
> hard
> > to
> > > > do
> > > > > > >> > >>>>> between
> > > > > > >> > >>>>>>>>>> releases,
> > > > > > >> > >>>>>>>>>>> so
> > > > > > >> > >>>>>>>>>>>> I think this dependencies bumping should be a
> > part
> > > > of a
> > > > > > >> > >>>>> formal
> > > > > > >> > >>>>>>>>>>>> release/testing cycle, and then be backported
> to
> > > > master.
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we
> agree
> > to
> > > > merge
> > > > > > >> > >>>>> these
> > > > > > >> > >>>>>>>>> version
> > > > > > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> Regards,
> > > > > > >> > >>>>>>>>>>>> --
> > > > > > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > > > > > >> > >>>>>>>>>>>>> :
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release
> > candidate
> > > > vs
> > > > > > >> > >>>>> 2.7.6,
> > > > > > >> > >>>>>>>>>>>>> last sha 2.8 was build from :
> > > 9d114f3137f92aebc2562a
> > > > > > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine
> with:
> > > 2x
> > > > > > >> > >>> Xeon
> > > > > > >> > >>>>>> X5570
> > > > > > >> > >>>>>>>>> 96Gb
> > > > > > >> > >>>>>>>>>>>> 512GB
> > > > > > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick
> > tests:
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > >> > >>>>>>>>>>>>> 1 backup
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > > >> > >>> disabled.
> > > > > > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>> [1]
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> >
> > > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org
> >
> > > > > > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > > > >> > >>>>>>>>>>>>>> Cc:
> > > > > > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time,
> > Scope,
> > > > > > >> > >>> Manager]
> > > > > > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> Igniters,
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last
> > > major
> > > > > > >> > >>> Apache
> > > > > > >> > >>>>>> Ignite
> > > > > > >> > >>>>>>>>> 2.7
> > > > > > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > > >> > >>> performance
> > > > > > >> > >>>>>>>>>> improvements
> > > > > > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting
> for
> > > > their
> > > > > > >> > >>>>>> release
> > > > > > >> > >>>>>>>>> date.
> > > > > > >> > >>>>>>>>>>>>>> Here is my list of the most interesting
> things
> > > > from my
> > > > > > >> > >>>>> point
> > > > > > >> > >>>>>>>> since
> > > > > > >> > >>>>>>>>>> the
> > > > > > >> > >>>>>>>>>>>>>> last major release:
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> Service Grid,
> > > > > > >> > >>>>>>>>>>>>>> Monitoring,
> > > > > > >> > >>>>>>>>>>>>>> Recovery Read
> > > > > > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > > >> > >>>>>>>>>>>>>> PDS compression,
> > > > > > >> > >>>>>>>>>>>>>> WAL page compression,
> > > > > > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > > >> > >>>>>>>>>>>>>> SQL query history
> > > > > > >> > >>>>>>>>>>>>>> SQL statistics
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze
> the
> > > > master
> > > > > > >> > >>>>>> branch
> > > > > > >> > >>>>>>>>>> anymore
> > > > > > >> > >>>>>>>>>>>>>> and prepare the next major release by the end
> > of
> > > > the
> > > > > > >> > >>> year.
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache
> > Ignite
> > > > 2.8
> > > > > > >> > >>>>>> release
> > > > > > >> > >>>>>>>> and
> > > > > > >> > >>>>>>>>>> also
> > > > > > >> > >>>>>>>>>>>>>> I want to propose myself to be the release
> > > manager
> > > > of
> > > > > > >> > >>> the
> > > > > > >> > >>>>>>>> planning
> > > > > > >> > >>>>>>>>>>>>>> release.
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>> WDYT?
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>>
> > > > > > >> > >>>>>>>>>>
> > > > > > >> > >>>>>>>>>
> > > > > > >> > >>>>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>> --
> > > > > > >> > >>>>>> Best regards,
> > > > > > >> > >>>>>> Ivan Pavlukhin
> > > > > > >> > >>>>>>
> > > > > > >> > >>>>>
> > > > > > >> > >>>
> > > > > > >> > >>
> > > > > > >> > >>
> > > > > > >> > >> --
> > > > > > >> > >> BR, Sergey Antonov
> > > > > > >> > >
> > > > > > >> >
> > > > > > >> >
> > > > > > >> >
> > > > > > >> >
> > > > > > >
> > > > > > >
> > > > > > >--
> > > > > > >Best regards,
> > > > > > >Ivan Pavlukhin
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > BR, Sergey Antonov
> > > >
> > >
> >
>
>
> --
>
> Best regards,
> Alexei Scherbakov
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Alexei Scherbakov <al...@gmail.com>]

This looks really bad.

Let's fix it before releasing.

пн, 13 янв. 2020 г. в 18:50, Ivan Rakov <iv...@gmail.com>:

> Igniters,
>
> Seems like we have another blocker for 2.8 [1].
> Impact: after migration of persistent cluster from 2.7- to 2.8 any updates
> of baseline topology are not persisted.
>
> [1]: https://issues.apache.org/jira/browse/IGNITE-12531
>
> On Mon, Jan 13, 2020 at 6:14 PM Sergey Antonov <an...@gmail.com>
> wrote:
>
> > Igniters, I got green TC Bit visas [1] [2] for patch and commit revert.
> >
> > [1]
> >
> >
> https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7238%2Fhead&action=Latest
> >
> > [2]
> >
> >
> https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7239%2Fhead&action=Latest
> >
> > пн, 13 янв. 2020 г., 17:51 Maxim Muzafarov <mm...@apache.org>:
> >
> > > Sergey,
> > >
> > > Thank you. I also do not support @IgniteExperemental annotation only
> > > for solving the current case of compatibility issues.
> > >
> > > I like your second suggestion to revert the issue [2] from 2.8 release
> > > by applying [1] PR. I'm going to apply this patch [1] within the next
> > > three days.
> > >
> > > Any objections?
> > >
> > > [1] https://github.com/apache/ignite/pull/7238
> > > [2] https://issues.apache.org/jira/browse/IGNITE-11256
> > >
> > > On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <
> antonovsergey93@gmail.com>
> > > wrote:
> > > >
> > > > Guys, I created two pull requests [1] [2] for 2.8 release.
> > > >
> > > > First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> > > > Second [2] is a revert of ticket [4] from 2.8 release.
> > > >
> > > > I'm waiting TC run all nightly results for both PRs. I'll write
> update
> > > when
> > > > TC runs will be ok.
> > > > I'm okay with both proposals (add ticket [1] to release, remove
> > read-only
> > > > feature from 2.8 release scope). But I'm not okay with
> > > @IgniteExperemental
> > > > annotation.
> > > >
> > > > [1] https://github.com/apache/ignite/pull/7239
> > > > [2] https://github.com/apache/ignite/pull/7238
> > > > [3] https://issues.apache.org/jira/browse/IGNITE-12225
> > > > [4] https://issues.apache.org/jira/browse/IGNITE-11256
> > > >
> > > >
> > > > пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky
> > > <arzamas123@mail.ru.invalid
> > > > >:
> > > >
> > > > >
> > > > > Ivan, if i correctly understand, you suggest additional
> > «expiremental»
> > > > > stuff only for hiding already leaked RO interface ?
> > > > > poor approach as for me.
> > > > >
> > > > > >Folks,
> > > > > >
> > > > > >Some thoughts:
> > > > > >* Releasing an API with known fallacies sounds really bad thing to
> > me.
> > > > > >It can have a negative consequences for a whole project for years.
> > My
> > > > > >opinion here that we should resolve the problem with this API
> > somehow
> > > > > >before release.
> > > > > >* We can mark cluster read-only API (without enum) as experimental
> > and
> > > > > >change the API in e.g. 2.8.1.
> > > > > >* We can try to exclude read-only API from 2.8 at all.
> > > > > >
> > > > > >What do you think?
> > > > > >
> > > > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <
> > plehanov.alex@gmail.com
> > > >:
> > > > > >>
> > > > > >> Guys,
> > > > > >>
> > > > > >> There is also an issue with cluster activation by thin clients.
> > This
> > > > > >> feature (.NET thin client API change and protocol change) was
> > added
> > > by
> > > > > [1]
> > > > > >> without any discussion on dev-list. Sergey's patch [2] deprecate
> > > methods
> > > > > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()",
> but
> > > > > didn't do
> > > > > >> this for thin clients. If we want to include IGNITE-12225 to 2.8
> > we
> > > also
> > > > > >> should not forget about thin client changes, since it will be
> > > strange
> > > > > if we
> > > > > >> introduce some methods to thin client API and protocol and in
> the
> > > same
> > > > > >> Ignite version deprecate these methods for servers and thick
> > > clients.
> > > > > >>
> > > > > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > > > > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>
> > > > > >>
> > > > > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > > > > arzamas123@mail.ru.invalid
> > > > > >> >:
> > > > > >>
> > > > > >> >
> > > > > >> >
> > > > > >> > Agree with Nikolay, -1 from me, too.
> > > > > >> >
> > > > > >> > >Hello, Igniters.
> > > > > >> > >
> > > > > >> > >I’m -1 to include the read-only patch to 2.8.
> > > > > >> > >I think we shouldn’t accept any patches to 2.8 except bug
> fixes
> > > for
> > > > > >> > blockers and major issues.
> > > > > >> > >
> > > > > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > >> > >We should focus on the release and make it ASAP.
> > > > > >> > >
> > > > > >> > >We can’t extend the scope anymore.
> > > > > >> > >
> > > > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > > > antonovsergey93@gmail.com >
> > > > > >> > написал(а):
> > > > > >> > >>
> > > > > >> > >> Hello, Maxim!
> > > > > >> > >>
> > > > > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111
> > > files
> > > > > >> > >> changed.
> > > > > >> > >> Yes, PR is huge, but I wrote a lot of new tests and
> reworked
> > > > > already
> > > > > >> > >> presented. Changes in product code are minimal - only 30
> > > changed
> > > > > files
> > > > > >> > in
> > > > > >> > >> /src/main/ part. And most of them are new control.sh
> commands
> > > and
> > > > > >> > >> configuration.
> > > > > >> > >>
> > > > > >> > >>> Do we have customer requests for this feature or maybe
> users
> > > who
> > > > > are
> > > > > >> > >> waiting for exactly that ENUM values exactly in 2.8 release
> > > (not
> > > > > the
> > > > > >> > 2.8.1
> > > > > >> > >> for instance)?
> > > > > >> > >> Can we introduce in new features in maintanance release
> > > (2.8.1)?
> > > > > Cluster
> > > > > >> > >> read-only mode will be new feature, if we remove
> > > > > IgniteCluster#readOnly
> > > > > >> > in
> > > > > >> > >> 2.8 release. If all ok with that, lets remove
> > > > > IgniteCluster#readOnly and
> > > > > >> > >> move ticket [1] to 2.8.1 release.
> > > > > >> > >>
> > > > > >> > >>> Do we have extended test results report (on just only
> TC.Bot
> > > green
> > > > > >> > visa)
> > > > > >> > >> on this feature to be sure that we will not add any blocker
> > > issues
> > > > > to
> > > > > >> > the
> > > > > >> > >> release?
> > > > > >> > >> I'm preparing patch for 2.8 release and I will get new TC
> Bot
> > > visa
> > > > > vs
> > > > > >> > >> release branch.
> > > > > >> > >>
> > > > > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >> > >>
> > > > > >> > >>
> > > > > >> > >>
> > > > > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> > > mmuzaf@apache.org
> > > > > >:
> > > > > >> > >>
> > > > > >> > >>> Folks,
> > > > > >> > >>>
> > > > > >> > >>>
> > > > > >> > >>> Let me remind you that we are working on the 2.8 release
> > > branch
> > > > > >> > >>> stabilization currently (please, keep it in mind).
> > > > > >> > >>>
> > > > > >> > >>>
> > > > > >> > >>> Do we have a really STRONG reason for adding such a change
> > > [1] to
> > > > > the
> > > > > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> > > +5,517
> > > > > >> > >>> −2,038, 111 files changed.
> > > > > >> > >>> Do we have customer requests for this feature or maybe
> users
> > > who
> > > > > are
> > > > > >> > >>> waiting for exactly that ENUM values exactly in 2.8
> release
> > > (not
> > > > > the
> > > > > >> > >>> 2.8.1 for instance)?
> > > > > >> > >>> Can we just simply remove IgniteCluster#readOnly to
> > eliminate
> > > any
> > > > > >> > >>> backward compatibility issues between 2.8 and 2.9
> releases?
> > > > > >> > >>> Do we have extended test results report (on just only
> TC.Bot
> > > green
> > > > > >> > >>> visa) on this feature to be sure that we will not add any
> > > blocker
> > > > > >> > >>> issues to the release? For instance, on pre-production
> > > > > environment.
> > > > > >> > >>>
> > > > > >> > >>> I'd like to notice that we also have more than enough the
> > > release
> > > > > >> > >>> blocker issues [3] which are still `in progress` and such
> a
> > > > > release
> > > > > >> > >>> run becomes endless. Such changes without strong reasons
> > > looks too
> > > > > >> > >>> scary for me a special after scope and code freeze dates.
> > > > > >> > >>>
> > > > > >> > >>> Please, dispel my doubts.
> > > > > >> > >>>
> > > > > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > >> > >>> [3]
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > >> > )
> > > > > >> > >>>
> > > > > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > > > zaleslaw.sin@gmail.com
> > > > > >> > >
> > > > > >> > >>> wrote:
> > > > > >> > >>>>
> > > > > >> > >>>> +1
> > > > > >> > >>>>
> > > > > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > >> >  antonovsergey93@gmail.com >:
> > > > > >> > >>>>
> > > > > >> > >>>>> +1
> > > > > >> > >>>>>
> > > > > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for
> > 2.8
> > > > > branch
> > > > > >> > >>> will be
> > > > > >> > >>>>> at 13 Jan
> > > > > >> > >>>>>
> > > > > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> > > vololo100@gmail.com
> > > > > >:
> > > > > >> > >>>>>
> > > > > >> > >>>>>> +1
> > > > > >> > >>>>>>
> > > > > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > > > ivan.glukos@gmail.com >:
> > > > > >> > >>>>>>>
> > > > > >> > >>>>>>> Maxim M. and anyone who is interested,
> > > > > >> > >>>>>>>
> > > > > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >> > >>>>>>> Basically, it's a result of the following discussion:
> > > > > >> > >>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > >> > >>>>>>>
> > > > > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly
> > methods
> > > > > that
> > > > > >> > >>> work
> > > > > >> > >>>>> with
> > > > > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > >> > >>>>>>> If we include it, we won't be obliged to keep
> deprecated
> > > > > boolean
> > > > > >> > >>>>> version
> > > > > >> > >>>>>> of
> > > > > >> > >>>>>>> API in the code (which is currently present in 2.8
> > > branch) as
> > > > > it
> > > > > >> > >>> wasn't
> > > > > >> > >>>>>>> published in any release.
> > > > > >> > >>>>>>>
> > > > > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > > >> > >>>>>>> wrote:
> > > > > >> > >>>>>>>
> > > > > >> > >>>>>>>> Hello!
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> I have ran dependency checker plugin and quote the
> > > following:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-urideploy:
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-spring:
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-spring-data:
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-aop:
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-visor-console:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > > ,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > > >
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > >> > >>>>> :
> > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-spring-data_2.0:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> > > ,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > > >
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-rest-http:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > CVE-2018-14720,
> > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > CVE-2018-19362,
> > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > CVE-2019-14379,
> > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > CVE-2019-16942,
> > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-kubernetes:
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-aws:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > CVE-2018-14720,
> > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > CVE-2018-19362,
> > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > CVE-2019-14379,
> > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > CVE-2019-16942,
> > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54)
> :
> > > > > >> > >>>>> CVE-2015-6644,
> > > > > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > > >> > >>>>> CVE-2016-1000341,
> > > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > >> > >>>>> CVE-2016-1000345,
> > > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > >> > >>> CVE-2017-13098,
> > > > > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-gce:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> httpclient-4.0.1.jar
> > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > >> > >>>>>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > > > CVE-2011-1498,
> > > > > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > >> > >>>>>>>> guava-jdk5-17.0.jar
> > > > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-cloud:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > >> > >>> CVE-2013-2014,
> > > > > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> > > CVE-2014-3476,
> > > > > >> > >>>>>> CVE-2014-3520,
> > > > > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> > > CVE-2018-14432,
> > > > > >> > >>>>>> CVE-2018-20170
> > > > > >> > >>>>>>>> cloudstack-2.0.0.jar
> > > > > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > >> > >>>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > CVE-2013-2136,
> > > > > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> > > CVE-2015-3252
> > > > > >> > >>>>>>>> docker-2.0.0.jar
> > > > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > > > CVE-2018-10892,
> > > > > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > > CVE-2019-16884,
> > > > > >> > >>>>>>>> CVE-2019-5736
> > > > > >> > >>>>>>>> guava-16.0.1.jar
> > (pkg:maven/com.google.guava/guava@16.0.1
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>> docker-1.9.3.jar
> > > > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > >> > >>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > > CVE-2016-3697,
> > > > > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > > > CVE-2019-15752,
> > > > > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> > > CVE-2016-5725
> > > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49)
> :
> > > > > >> > >>>>> CVE-2015-6644,
> > > > > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > >> > >>> CVE-2016-1000341,
> > > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > >> > >>>>> CVE-2016-1000345,
> > > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > >> > >>> CVE-2018-1000613
> > > > > >> > >>>>>>>> okhttp-2.2.0.jar
> > > (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > > > CVE-2016-2402
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-mesos:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> mesos-1.5.0.jar
> (pkg:maven/org.apache.mesos/mesos@1.5.0
> > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > > CVE-2018-11793,
> > > > > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> > > CVE-2019-5736
> > > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > > CVE-2018-14720,
> > > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > CVE-2018-19362,
> > > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > > CVE-2019-14379,
> > > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > > CVE-2019-16942,
> > > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-kafka:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > >> > >>>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-17196
> > > > > >> > >>>>>>>> connect-api-2.0.1.jar
> > > > > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-17196
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-flume:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> guava-11.0.2.jar
> > (pkg:maven/com.google.guava/guava@11.0.2
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > >> > >>>>>>>>
> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8
> > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > >> > >>> CVE-2017-15095,
> > > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > > CVE-2018-1000873,
> > > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-14540,
> > > > > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/commons-collections/commons-collections@3.2.1
> > > ,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>> CVE-2015-6420,
> > > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > >> > >>>>>>>> netty-3.9.4.Final.jar
> > > (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> > > CVE-2015-2156,
> > > > > >> > >>>>>> CVE-2019-16869,
> > > > > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124
> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>> CVE-2005-3747,
> > > > > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> > > CVE-2009-5048,
> > > > > >> > >>>>>> CVE-2009-5049,
> > > > > >> > >>>>>>>> CVE-2011-4461
> > > > > >> > >>>>>>>> jetty-util-6.1.26.jar
> > > > > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > >> > >>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > >> > >>> CVE-2009-1523,
> > > > > >> > >>>>>>>> CVE-2011-4461
> > > > > >> > >>>>>>>> jetty-6.1.26.jar
> > > (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > >> > >>> CVE-2009-1523,
> > > > > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> > > CVE-2017-7658,
> > > > > >> > >>>>>> CVE-2017-9735,
> > > > > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > >> > >>>>>>>> libthrift-0.9.0.jar
> > > > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > >> > >>> :
> > > > > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> > > CVE-2019-0205
> > > > > >> > >>>>>>>> httpclient-4.1.3.jar
> > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > >> > >>>>>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > > > CVE-2014-3577,
> > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-twitter:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> httpclient-4.2.5.jar
> > > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > >> > >>>>>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > > > CVE-2014-3577,
> > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > >> > >>>>>>>> guava-14.0.1.jar
> > (pkg:maven/com.google.guava/guava@14.0.1
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-zookeeper:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > >> > >>>>>>>>
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>> CVE-2019-12086,
> > > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > CVE-2019-14439,
> > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > CVE-2019-16943,
> > > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > >> > >>>>>>>> guava-16.0.1.jar
> > (pkg:maven/com.google.guava/guava@16.0.1
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > > > > :
> > > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > > CVE-2018-1000873,
> > > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-10172,
> > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > > >> > >>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> > > CVE-2019-16869
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-camel:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> camel-core-2.22.0.jar
> > > > > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > CVE-2018-8041,
> > > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > CVE-2018-8041,
> > > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-storm:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> storm-core-1.1.1.jar
> > > > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > >> > >>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > > CVE-2018-11779,
> > > > > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> > > CVE-2019-0202
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > >> > >>>>>>>>
> > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >> > >>>>> CVE-2019-10247
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3
> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > > > CVE-2014-3577,
> > > > > >> > >>>>>>>> CVE-2015-5262
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>>
> > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> > > CVE-2014-0193,
> > > > > >> > >>>>>> CVE-2014-3488,
> > > > > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability
> in
> > > > > SSLv3.0
> > > > > >> > >>>>> support
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > >> > >>>>>>>>
> > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >> > >>>>> CVE-2011-4461,
> > > > > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > CVE-2017-9735,
> > > > > >> > >>>>>> CVE-2019-10241,
> > > > > >> > >>>>>>>> CVE-2019-10247
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > >> > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >> > >>>>> CVE-2011-4461,
> > > > > >> > >>>>>>>> CVE-2019-10247
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > >> > >>>>>>>>
> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2
> > ,
> > > > > >> > >>>>>>>>
> > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*)
> > > :
> > > > > >> > >>>>>> CVE-2016-1000031
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > > CVE-2015-1776,
> > > > > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> > > CVE-2016-6811,
> > > > > >> > >>>>>> CVE-2017-15713,
> > > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> > > CVE-2018-11768,
> > > > > >> > >>>>>> CVE-2018-1296,
> > > > > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-cassandra-store:
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-cassandra-serializers:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2
> ,
> > > > > >> > >>>>>>>>
> > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>> CVE-2019-10086
> > > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/commons-collections/commons-collections@3.2.1
> > > ,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>> CVE-2015-6420,
> > > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > >> > >>>>>>>>
> > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > > ,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > > >
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > >> > >>>
> > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > >> > >>>>> :
> > > > > >> > >>>>>>>> CVE-2018-15756
> > > > > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> > > CVE-2019-16869
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-flink:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > >> > >>>>>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > > CVE-2016-5001,
> > > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> > > CVE-2015-2156,
> > > > > >> > >>>>>> CVE-2016-4970,
> > > > > >> > >>>>>>>> CVE-2019-16869
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > >> > >>>>>>>>
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > > > ,
> > > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>> CVE-2017-15095,
> > > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > CVE-2018-11307,
> > > > > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > > > CVE-2018-14719,
> > > > > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > > > CVE-2018-19361,
> > > > > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-12086,
> > > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > CVE-2019-14439,
> > > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > CVE-2019-16943,
> > > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > > >> > >>> vulnerabilities
> > > > > >> > >>>>> in
> > > > > >> > >>>>>>>> ignite-rocketmq:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > > >> > >>>>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> > > CVE-2019-16869
> > > > > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > >> > >>>>>>>>
> > > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > >> > >>> ,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > >> > >>>>>>>>
> > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> > > CVE-2005-4838,
> > > > > >> > >>>>>> CVE-2006-7196,
> > > > > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> > > CVE-2009-2696,
> > > > > >> > >>>>>> CVE-2012-5568,
> > > > > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> > > CVE-2013-4444,
> > > > > >> > >>>>>> CVE-2013-4590,
> > > > > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> > > CVE-2014-0099,
> > > > > >> > >>>>>> CVE-2014-0119,
> > > > > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> > > CVE-2018-8020
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > > > maintenance
> > > > > >> > >>>>>> releases
> > > > > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> Some integrations also clearly suffer, through it's a
> > > > > problem of
> > > > > >> > >>>>> their
> > > > > >> > >>>>>>>> users, since they need to declare their own
> libraries'
> > > > > versions
> > > > > >> > >>> by
> > > > > >> > >>>>>>>> convention.
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> Regards,
> > > > > >> > >>>>>>>> --
> > > > > >> > >>>>>>>> Ilya Kasnacheev
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > > > dmagda@apache.org >:
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree
> with
> > > you,
> > > > > >> > >>> let's
> > > > > >> > >>>>>> update
> > > > > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>>>>>>> -
> > > > > >> > >>>>>>>>> Denis
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > > >> > >>>>>>>>> wrote:
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>>>>>>>> Hello!
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to
> > ignite-2.8.
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > >> > >>>>>>>>>>
> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>
> > > <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > >> > >>>>>>>> <!--
> > > > > >> > >>>>>>>>>> don't forget to update spring version -->
> > > > > >> > >>>>>>>>>>
> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > >> > >>>>> don't
> > > > > >> > >>>>>>>>> forget
> > > > > >> > >>>>>>>>>> to update spring-data version -->
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>
> > > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>
> > > <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > >> > >>>>>>>>> don't
> > > > > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>> All these libraries have maintenance release (such
> as
> > > our
> > > > > >> > >>>>> 2.7.*6*)
> > > > > >> > >>>>>> and
> > > > > >> > >>>>>>>> I
> > > > > >> > >>>>>>>>>> think it would be beneficial to upgrade these
> > > dependencies
> > > > > >> > >>> to the
> > > > > >> > >>>>>>>> latest
> > > > > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > >> > >>>>>>>>>> For example, there is spring.data-2.0
> > 2.0.*14*.RELEASE.
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>> Regards,
> > > > > >> > >>>>>>>>>> --
> > > > > >> > >>>>>>>>>> Ilya Kasnacheev
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > > > dmagda@apache.org
> > > > > >> > >>>> :
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > >> > >>> fixes/improvements.
> > > > > >> > >>>>>> Ilya is
> > > > > >> > >>>>>>>>>> right
> > > > > >> > >>>>>>>>>>> that Spring Data related questions sparked last
> time
> > > due
> > > > > to
> > > > > >> > >>>>>> missing
> > > > > >> > >>>>>>>>>> support
> > > > > >> > >>>>>>>>>>> of 2.2 version.
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> > > "bumping
> > > > > >> > >>> the
> > > > > >> > >>>>>>>>> versions"?
> > > > > >> > >>>>>>>>>> Do
> > > > > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade
> of
> > > > > >> > >>>>>>>>> "ignite-spring-data"
> > > > > >> > >>>>>>>>>> to
> > > > > >> > >>>>>>>>>>> version 2.2 and introducing
> > > > > >> > >>> "ignite-spring-data-{old-version"}
> > > > > >> > >>>>>> for
> > > > > >> > >>>>>>>> the
> > > > > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with
> > the
> > > > > >> > >>> proposal.
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>> -
> > > > > >> > >>>>>>>>>>> Denis
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>> wrote:
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> Hello!
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> I propose to add the following ticket to the
> scope:
> > > > > >> > >>>>>>>>>>>>
> > https://issues.apache.org/jira/browse/IGNITE-12259
> > > (3
> > > > > >> > >>>>>> commits, be
> > > > > >> > >>>>>>>>>>> careful
> > > > > >> > >>>>>>>>>>>> with release version)
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now,
> > but I
> > > > > >> > >>> will
> > > > > >> > >>>>>> provide
> > > > > >> > >>>>>>>>> the
> > > > > >> > >>>>>>>>>>>> following considerations:
> > > > > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > >> > >>> currently do
> > > > > >> > >>>>>> not
> > > > > >> > >>>>>>>>> have,
> > > > > >> > >>>>>>>>>>>> leading to lots of confused questions on stack
> > > overflow
> > > > > >> > >>> and
> > > > > >> > >>>>>> mailing
> > > > > >> > >>>>>>>>>> list.
> > > > > >> > >>>>>>>>>>>> Spring Data is important to our public image
> since
> > > many
> > > > > >> > >>>>> people
> > > > > >> > >>>>>> may
> > > > > >> > >>>>>>>>>> learn
> > > > > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> * It has zero code impact outside of its own
> module
> > > > > >> > >>> (just 2
> > > > > >> > >>>>> POM
> > > > > >> > >>>>>>>> file
> > > > > >> > >>>>>>>>>>>> touched and that's all).
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> * The core was ready since early November but,
> due
> > to
> > > > > >> > >>> gmail
> > > > > >> > >>>>>> quirk,
> > > > > >> > >>>>>>>> we
> > > > > >> > >>>>>>>>>> did
> > > > > >> > >>>>>>>>>>>> not react to it in time.
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> WDYT?
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump
> our
> > > > > >> > >>>>>> dependencies'
> > > > > >> > >>>>>>>>>> versions
> > > > > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring
> > and
> > > > > >> > >>>>> hibernate
> > > > > >> > >>>>>>>>>>>> dependencies. We could switch them to their
> latest
> > > > > >> > >>>>> maintenance
> > > > > >> > >>>>>>>>> versions
> > > > > >> > >>>>>>>>>>> to
> > > > > >> > >>>>>>>>>>>> avoid shipping default links to outdated
> packages.
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> I think this is one of things that are very hard
> to
> > > do
> > > > > >> > >>>>> between
> > > > > >> > >>>>>>>>>> releases,
> > > > > >> > >>>>>>>>>>> so
> > > > > >> > >>>>>>>>>>>> I think this dependencies bumping should be a
> part
> > > of a
> > > > > >> > >>>>> formal
> > > > > >> > >>>>>>>>>>>> release/testing cycle, and then be backported to
> > > master.
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree
> to
> > > merge
> > > > > >> > >>>>> these
> > > > > >> > >>>>>>>>> version
> > > > > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> Regards,
> > > > > >> > >>>>>>>>>>>> --
> > > > > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > > > > >> > >>>>>>>>>>>>> :
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release
> candidate
> > > vs
> > > > > >> > >>>>> 2.7.6,
> > > > > >> > >>>>>>>>>>>>> last sha 2.8 was build from :
> > 9d114f3137f92aebc2562a
> > > > > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with:
> > 2x
> > > > > >> > >>> Xeon
> > > > > >> > >>>>>> X5570
> > > > > >> > >>>>>>>>> 96Gb
> > > > > >> > >>>>>>>>>>>> 512GB
> > > > > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick
> tests:
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > >> > >>>>>>>>>>>>> 1 backup
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > >> > >>> disabled.
> > > > > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>> [1]
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> >
> > > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > > > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > > >> > >>>>>>>>>>>>>> Cc:
> > > > > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time,
> Scope,
> > > > > >> > >>> Manager]
> > > > > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> Igniters,
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last
> > major
> > > > > >> > >>> Apache
> > > > > >> > >>>>>> Ignite
> > > > > >> > >>>>>>>>> 2.7
> > > > > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > >> > >>> performance
> > > > > >> > >>>>>>>>>> improvements
> > > > > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> > > their
> > > > > >> > >>>>>> release
> > > > > >> > >>>>>>>>> date.
> > > > > >> > >>>>>>>>>>>>>> Here is my list of the most interesting things
> > > from my
> > > > > >> > >>>>> point
> > > > > >> > >>>>>>>> since
> > > > > >> > >>>>>>>>>> the
> > > > > >> > >>>>>>>>>>>>>> last major release:
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> Service Grid,
> > > > > >> > >>>>>>>>>>>>>> Monitoring,
> > > > > >> > >>>>>>>>>>>>>> Recovery Read
> > > > > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > >> > >>>>>>>>>>>>>> PDS compression,
> > > > > >> > >>>>>>>>>>>>>> WAL page compression,
> > > > > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > >> > >>>>>>>>>>>>>> SQL query history
> > > > > >> > >>>>>>>>>>>>>> SQL statistics
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> > > master
> > > > > >> > >>>>>> branch
> > > > > >> > >>>>>>>>>> anymore
> > > > > >> > >>>>>>>>>>>>>> and prepare the next major release by the end
> of
> > > the
> > > > > >> > >>> year.
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache
> Ignite
> > > 2.8
> > > > > >> > >>>>>> release
> > > > > >> > >>>>>>>> and
> > > > > >> > >>>>>>>>>> also
> > > > > >> > >>>>>>>>>>>>>> I want to propose myself to be the release
> > manager
> > > of
> > > > > >> > >>> the
> > > > > >> > >>>>>>>> planning
> > > > > >> > >>>>>>>>>>>>>> release.
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>> WDYT?
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>>
> > > > > >> > >>>>>>>>>>>
> > > > > >> > >>>>>>>>>>
> > > > > >> > >>>>>>>>>
> > > > > >> > >>>>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>>
> > > > > >> > >>>>>> --
> > > > > >> > >>>>>> Best regards,
> > > > > >> > >>>>>> Ivan Pavlukhin
> > > > > >> > >>>>>>
> > > > > >> > >>>>>
> > > > > >> > >>>
> > > > > >> > >>
> > > > > >> > >>
> > > > > >> > >> --
> > > > > >> > >> BR, Sergey Antonov
> > > > > >> > >
> > > > > >> >
> > > > > >> >
> > > > > >> >
> > > > > >> >
> > > > > >
> > > > > >
> > > > > >--
> > > > > >Best regards,
> > > > > >Ivan Pavlukhin
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > BR, Sergey Antonov
> > >
> >
>


-- 

Best regards,
Alexei Scherbakov

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Ivan Rakov <iv...@gmail.com>]

Igniters,

Seems like we have another blocker for 2.8 [1].
Impact: after migration of persistent cluster from 2.7- to 2.8 any updates
of baseline topology are not persisted.

[1]: https://issues.apache.org/jira/browse/IGNITE-12531

On Mon, Jan 13, 2020 at 6:14 PM Sergey Antonov <an...@gmail.com>
wrote:

> Igniters, I got green TC Bit visas [1] [2] for patch and commit revert.
>
> [1]
>
> https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7238%2Fhead&action=Latest
>
> [2]
>
> https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7239%2Fhead&action=Latest
>
> пн, 13 янв. 2020 г., 17:51 Maxim Muzafarov <mm...@apache.org>:
>
> > Sergey,
> >
> > Thank you. I also do not support @IgniteExperemental annotation only
> > for solving the current case of compatibility issues.
> >
> > I like your second suggestion to revert the issue [2] from 2.8 release
> > by applying [1] PR. I'm going to apply this patch [1] within the next
> > three days.
> >
> > Any objections?
> >
> > [1] https://github.com/apache/ignite/pull/7238
> > [2] https://issues.apache.org/jira/browse/IGNITE-11256
> >
> > On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <an...@gmail.com>
> > wrote:
> > >
> > > Guys, I created two pull requests [1] [2] for 2.8 release.
> > >
> > > First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> > > Second [2] is a revert of ticket [4] from 2.8 release.
> > >
> > > I'm waiting TC run all nightly results for both PRs. I'll write update
> > when
> > > TC runs will be ok.
> > > I'm okay with both proposals (add ticket [1] to release, remove
> read-only
> > > feature from 2.8 release scope). But I'm not okay with
> > @IgniteExperemental
> > > annotation.
> > >
> > > [1] https://github.com/apache/ignite/pull/7239
> > > [2] https://github.com/apache/ignite/pull/7238
> > > [3] https://issues.apache.org/jira/browse/IGNITE-12225
> > > [4] https://issues.apache.org/jira/browse/IGNITE-11256
> > >
> > >
> > > пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky
> > <arzamas123@mail.ru.invalid
> > > >:
> > >
> > > >
> > > > Ivan, if i correctly understand, you suggest additional
> «expiremental»
> > > > stuff only for hiding already leaked RO interface ?
> > > > poor approach as for me.
> > > >
> > > > >Folks,
> > > > >
> > > > >Some thoughts:
> > > > >* Releasing an API with known fallacies sounds really bad thing to
> me.
> > > > >It can have a negative consequences for a whole project for years.
> My
> > > > >opinion here that we should resolve the problem with this API
> somehow
> > > > >before release.
> > > > >* We can mark cluster read-only API (without enum) as experimental
> and
> > > > >change the API in e.g. 2.8.1.
> > > > >* We can try to exclude read-only API from 2.8 at all.
> > > > >
> > > > >What do you think?
> > > > >
> > > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <
> plehanov.alex@gmail.com
> > >:
> > > > >>
> > > > >> Guys,
> > > > >>
> > > > >> There is also an issue with cluster activation by thin clients.
> This
> > > > >> feature (.NET thin client API change and protocol change) was
> added
> > by
> > > > [1]
> > > > >> without any discussion on dev-list. Sergey's patch [2] deprecate
> > methods
> > > > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > > > didn't do
> > > > >> this for thin clients. If we want to include IGNITE-12225 to 2.8
> we
> > also
> > > > >> should not forget about thin client changes, since it will be
> > strange
> > > > if we
> > > > >> introduce some methods to thin client API and protocol and in the
> > same
> > > > >> Ignite version deprecate these methods for servers and thick
> > clients.
> > > > >>
> > > > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > > > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>
> > > > >>
> > > > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > > > arzamas123@mail.ru.invalid
> > > > >> >:
> > > > >>
> > > > >> >
> > > > >> >
> > > > >> > Agree with Nikolay, -1 from me, too.
> > > > >> >
> > > > >> > >Hello, Igniters.
> > > > >> > >
> > > > >> > >I’m -1 to include the read-only patch to 2.8.
> > > > >> > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> > for
> > > > >> > blockers and major issues.
> > > > >> > >
> > > > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > > > >> > >We should focus on the release and make it ASAP.
> > > > >> > >
> > > > >> > >We can’t extend the scope anymore.
> > > > >> > >
> > > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > > antonovsergey93@gmail.com >
> > > > >> > написал(а):
> > > > >> > >>
> > > > >> > >> Hello, Maxim!
> > > > >> > >>
> > > > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111
> > files
> > > > >> > >> changed.
> > > > >> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > > > already
> > > > >> > >> presented. Changes in product code are minimal - only 30
> > changed
> > > > files
> > > > >> > in
> > > > >> > >> /src/main/ part. And most of them are new control.sh commands
> > and
> > > > >> > >> configuration.
> > > > >> > >>
> > > > >> > >>> Do we have customer requests for this feature or maybe users
> > who
> > > > are
> > > > >> > >> waiting for exactly that ENUM values exactly in 2.8 release
> > (not
> > > > the
> > > > >> > 2.8.1
> > > > >> > >> for instance)?
> > > > >> > >> Can we introduce in new features in maintanance release
> > (2.8.1)?
> > > > Cluster
> > > > >> > >> read-only mode will be new feature, if we remove
> > > > IgniteCluster#readOnly
> > > > >> > in
> > > > >> > >> 2.8 release. If all ok with that, lets remove
> > > > IgniteCluster#readOnly and
> > > > >> > >> move ticket [1] to 2.8.1 release.
> > > > >> > >>
> > > > >> > >>> Do we have extended test results report (on just only TC.Bot
> > green
> > > > >> > visa)
> > > > >> > >> on this feature to be sure that we will not add any blocker
> > issues
> > > > to
> > > > >> > the
> > > > >> > >> release?
> > > > >> > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> > visa
> > > > vs
> > > > >> > >> release branch.
> > > > >> > >>
> > > > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >> > >>
> > > > >> > >>
> > > > >> > >>
> > > > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> > mmuzaf@apache.org
> > > > >:
> > > > >> > >>
> > > > >> > >>> Folks,
> > > > >> > >>>
> > > > >> > >>>
> > > > >> > >>> Let me remind you that we are working on the 2.8 release
> > branch
> > > > >> > >>> stabilization currently (please, keep it in mind).
> > > > >> > >>>
> > > > >> > >>>
> > > > >> > >>> Do we have a really STRONG reason for adding such a change
> > [1] to
> > > > the
> > > > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> > +5,517
> > > > >> > >>> −2,038, 111 files changed.
> > > > >> > >>> Do we have customer requests for this feature or maybe users
> > who
> > > > are
> > > > >> > >>> waiting for exactly that ENUM values exactly in 2.8 release
> > (not
> > > > the
> > > > >> > >>> 2.8.1 for instance)?
> > > > >> > >>> Can we just simply remove IgniteCluster#readOnly to
> eliminate
> > any
> > > > >> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > >> > >>> Do we have extended test results report (on just only TC.Bot
> > green
> > > > >> > >>> visa) on this feature to be sure that we will not add any
> > blocker
> > > > >> > >>> issues to the release? For instance, on pre-production
> > > > environment.
> > > > >> > >>>
> > > > >> > >>> I'd like to notice that we also have more than enough the
> > release
> > > > >> > >>> blocker issues [3] which are still `in progress` and such a
> > > > release
> > > > >> > >>> run becomes endless. Such changes without strong reasons
> > looks too
> > > > >> > >>> scary for me a special after scope and code freeze dates.
> > > > >> > >>>
> > > > >> > >>> Please, dispel my doubts.
> > > > >> > >>>
> > > > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > >> > >>> [3]
> > > > >> > >>>
> > > > >> >
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > >> > )
> > > > >> > >>>
> > > > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > > zaleslaw.sin@gmail.com
> > > > >> > >
> > > > >> > >>> wrote:
> > > > >> > >>>>
> > > > >> > >>>> +1
> > > > >> > >>>>
> > > > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > >> >  antonovsergey93@gmail.com >:
> > > > >> > >>>>
> > > > >> > >>>>> +1
> > > > >> > >>>>>
> > > > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for
> 2.8
> > > > branch
> > > > >> > >>> will be
> > > > >> > >>>>> at 13 Jan
> > > > >> > >>>>>
> > > > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> > vololo100@gmail.com
> > > > >:
> > > > >> > >>>>>
> > > > >> > >>>>>> +1
> > > > >> > >>>>>>
> > > > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > > ivan.glukos@gmail.com >:
> > > > >> > >>>>>>>
> > > > >> > >>>>>>> Maxim M. and anyone who is interested,
> > > > >> > >>>>>>>
> > > > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >> > >>>>>>> Basically, it's a result of the following discussion:
> > > > >> > >>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > >> > >>>>>>>
> > > > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly
> methods
> > > > that
> > > > >> > >>> work
> > > > >> > >>>>> with
> > > > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > > > >> > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > > boolean
> > > > >> > >>>>> version
> > > > >> > >>>>>> of
> > > > >> > >>>>>>> API in the code (which is currently present in 2.8
> > branch) as
> > > > it
> > > > >> > >>> wasn't
> > > > >> > >>>>>>> published in any release.
> > > > >> > >>>>>>>
> > > > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > >> > >>>>>>> wrote:
> > > > >> > >>>>>>>
> > > > >> > >>>>>>>> Hello!
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> I have ran dependency checker plugin and quote the
> > following:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-urideploy:
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-spring:
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-spring-data:
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-aop:
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-visor-console:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > >> > >>>>>>>>
> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > ,
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > >> > >>>>> :
> > > > >> > >>>>>>>> CVE-2018-15756
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-spring-data_2.0:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > >> > >>>>>>>>
> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> > ,
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2018-15756
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-rest-http:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-kubernetes:
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-aws:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > >> > >>>>> CVE-2015-6644,
> > > > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > >> > >>>>> CVE-2016-1000341,
> > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > >> > >>>>> CVE-2016-1000345,
> > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > >> > >>> CVE-2017-13098,
> > > > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-gce:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> httpclient-4.0.1.jar
> > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > >> > >>>>>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2011-1498,
> > > > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > >> > >>>>>>>> guava-jdk5-17.0.jar
> > > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-cloud:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > >> > >>> CVE-2013-2014,
> > > > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> > CVE-2014-3476,
> > > > >> > >>>>>> CVE-2014-3520,
> > > > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> > CVE-2018-14432,
> > > > >> > >>>>>> CVE-2018-20170
> > > > >> > >>>>>>>> cloudstack-2.0.0.jar
> > > > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > >> > >>>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > > CVE-2013-2136,
> > > > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> > CVE-2015-3252
> > > > >> > >>>>>>>> docker-2.0.0.jar
> > > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > > CVE-2018-10892,
> > > > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > CVE-2019-16884,
> > > > >> > >>>>>>>> CVE-2019-5736
> > > > >> > >>>>>>>> guava-16.0.1.jar
> (pkg:maven/com.google.guava/guava@16.0.1
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>> docker-1.9.3.jar
> > > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > >> > >>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > CVE-2016-3697,
> > > > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > > CVE-2019-15752,
> > > > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> > CVE-2016-5725
> > > > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > >> > >>>>> CVE-2015-6644,
> > > > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > >> > >>> CVE-2016-1000341,
> > > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > >> > >>>>> CVE-2016-1000345,
> > > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > >> > >>> CVE-2018-1000613
> > > > >> > >>>>>>>> okhttp-2.2.0.jar
> > (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > > ,
> > > > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > > CVE-2016-2402
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-mesos:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0
> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > CVE-2018-11793,
> > > > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> > CVE-2019-5736
> > > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-kafka:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > > > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > >> > >>>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-17196
> > > > >> > >>>>>>>> connect-api-2.0.1.jar
> > > > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-17196
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-flume:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> guava-11.0.2.jar
> (pkg:maven/com.google.guava/guava@11.0.2
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8
> ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > >> > >>> CVE-2017-15095,
> > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > >> > >>>>>>>>
> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > CVE-2018-1000873,
> > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-14540,
> > > > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > >> > >>>>>>>>
> (pkg:maven/commons-collections/commons-collections@3.2.1
> > ,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > >> > >>>>>> CVE-2015-6420,
> > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > >> > >>>>>>>> netty-3.9.4.Final.jar
> > (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> > CVE-2015-2156,
> > > > >> > >>>>>> CVE-2019-16869,
> > > > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > >> > >>>>>> CVE-2005-3747,
> > > > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> > CVE-2009-5048,
> > > > >> > >>>>>> CVE-2009-5049,
> > > > >> > >>>>>>>> CVE-2011-4461
> > > > >> > >>>>>>>> jetty-util-6.1.26.jar
> > > > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > >> > >>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > >> > >>> CVE-2009-1523,
> > > > >> > >>>>>>>> CVE-2011-4461
> > > > >> > >>>>>>>> jetty-6.1.26.jar
> > (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > >> > >>> CVE-2009-1523,
> > > > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> > CVE-2017-7658,
> > > > >> > >>>>>> CVE-2017-9735,
> > > > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > >> > >>>>>>>> libthrift-0.9.0.jar
> > > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > >> > >>> :
> > > > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> > CVE-2019-0205
> > > > >> > >>>>>>>> httpclient-4.1.3.jar
> > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > >> > >>>>>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > >> > >>>>>>>> CVE-2015-5262
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-twitter:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> httpclient-4.2.5.jar
> > > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > >> > >>>>>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > >> > >>>>>>>> CVE-2015-5262
> > > > >> > >>>>>>>> guava-14.0.1.jar
> (pkg:maven/com.google.guava/guava@14.0.1
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-zookeeper:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > > > >> > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > >> > >>>>>> CVE-2019-12086,
> > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439,
> > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943,
> > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > >> > >>>>>>>> guava-16.0.1.jar
> (pkg:maven/com.google.guava/guava@16.0.1
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > >> > >>>>>>>>
> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > > > :
> > > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > CVE-2018-1000873,
> > > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-10172,
> > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > >> > >>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-camel:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> camel-core-2.22.0.jar
> > > > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > CVE-2018-8041,
> > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > CVE-2018-8041,
> > > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-storm:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> storm-core-1.1.1.jar
> > > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > >> > >>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > CVE-2018-11779,
> > > > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> > CVE-2019-0202
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > >> > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >> > >>>>> CVE-2019-10247
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > >> > >>>>>>>> CVE-2015-5262
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>>
> > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> > CVE-2014-0193,
> > > > >> > >>>>>> CVE-2014-3488,
> > > > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > > > SSLv3.0
> > > > >> > >>>>> support
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > >> > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >> > >>>>> CVE-2011-4461,
> > > > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > CVE-2017-9735,
> > > > >> > >>>>>> CVE-2019-10241,
> > > > >> > >>>>>>>> CVE-2019-10247
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> > ,
> > > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >> > >>>>> CVE-2011-4461,
> > > > >> > >>>>>>>> CVE-2019-10247
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2
> ,
> > > > >> > >>>>>>>>
> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*)
> > :
> > > > >> > >>>>>> CVE-2016-1000031
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > CVE-2015-1776,
> > > > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> > CVE-2016-6811,
> > > > >> > >>>>>> CVE-2017-15713,
> > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> > CVE-2018-11768,
> > > > >> > >>>>>> CVE-2018-1296,
> > > > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-cassandra-store:
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-cassandra-serializers:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > >> > >>>>>>>>
> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > >> > >>>>>> CVE-2019-10086
> > > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > > >> > >>>>>>>>
> (pkg:maven/commons-collections/commons-collections@3.2.1
> > ,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > >> > >>>>>> CVE-2015-6420,
> > > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > >> > >>>>>>>>
> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > ,
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > >> > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > >> > >>>>> :
> > > > >> > >>>>>>>> CVE-2018-15756
> > > > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-flink:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > >> > >>>>>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > CVE-2016-5001,
> > > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> > CVE-2015-2156,
> > > > >> > >>>>>> CVE-2016-4970,
> > > > >> > >>>>>>>> CVE-2019-16869
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > >> > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > > ,
> > > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > >> > >>>>>> CVE-2017-15095,
> > > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > CVE-2018-11307,
> > > > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > > CVE-2018-14719,
> > > > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > > CVE-2018-19361,
> > > > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-12086,
> > > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439,
> > > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943,
> > > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> One or more dependencies were identified with known
> > > > >> > >>> vulnerabilities
> > > > >> > >>>>> in
> > > > >> > >>>>>>>> ignite-rocketmq:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > >> > >>>>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > >> > >>>>>>>>
> > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > >> > >>> ,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > >> > >>>>>>>>
> > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> > CVE-2005-4838,
> > > > >> > >>>>>> CVE-2006-7196,
> > > > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> > CVE-2009-2696,
> > > > >> > >>>>>> CVE-2012-5568,
> > > > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> > CVE-2013-4444,
> > > > >> > >>>>>> CVE-2013-4590,
> > > > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> > CVE-2014-0099,
> > > > >> > >>>>>> CVE-2014-0119,
> > > > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> > CVE-2018-8020
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > > maintenance
> > > > >> > >>>>>> releases
> > > > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> Some integrations also clearly suffer, through it's a
> > > > problem of
> > > > >> > >>>>> their
> > > > >> > >>>>>>>> users, since they need to declare their own libraries'
> > > > versions
> > > > >> > >>> by
> > > > >> > >>>>>>>> convention.
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> Regards,
> > > > >> > >>>>>>>> --
> > > > >> > >>>>>>>> Ilya Kasnacheev
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > > dmagda@apache.org >:
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> > you,
> > > > >> > >>> let's
> > > > >> > >>>>>> update
> > > > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > > > >> > >>>>>>>>>
> > > > >> > >>>>>>>>> -
> > > > >> > >>>>>>>>> Denis
> > > > >> > >>>>>>>>>
> > > > >> > >>>>>>>>>
> > > > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > >> > >>>>>>>>> wrote:
> > > > >> > >>>>>>>>>
> > > > >> > >>>>>>>>>> Hello!
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to
> ignite-2.8.
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > > > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > >> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>
> > <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > >> > >>>>>>>> <!--
> > > > >> > >>>>>>>>>> don't forget to update spring version -->
> > > > >> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > >> > >>>>> don't
> > > > >> > >>>>>>>>> forget
> > > > >> > >>>>>>>>>> to update spring-data version -->
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>
> > > > >> > >>>
> > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>
> > <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > >> > >>>>>>>>> don't
> > > > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>> All these libraries have maintenance release (such as
> > our
> > > > >> > >>>>> 2.7.*6*)
> > > > >> > >>>>>> and
> > > > >> > >>>>>>>> I
> > > > >> > >>>>>>>>>> think it would be beneficial to upgrade these
> > dependencies
> > > > >> > >>> to the
> > > > >> > >>>>>>>> latest
> > > > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > > > >> > >>>>>>>>>> For example, there is spring.data-2.0
> 2.0.*14*.RELEASE.
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>> Regards,
> > > > >> > >>>>>>>>>> --
> > > > >> > >>>>>>>>>> Ilya Kasnacheev
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > > dmagda@apache.org
> > > > >> > >>>> :
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > >> > >>> fixes/improvements.
> > > > >> > >>>>>> Ilya is
> > > > >> > >>>>>>>>>> right
> > > > >> > >>>>>>>>>>> that Spring Data related questions sparked last time
> > due
> > > > to
> > > > >> > >>>>>> missing
> > > > >> > >>>>>>>>>> support
> > > > >> > >>>>>>>>>>> of 2.2 version.
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> > "bumping
> > > > >> > >>> the
> > > > >> > >>>>>>>>> versions"?
> > > > >> > >>>>>>>>>> Do
> > > > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > >> > >>>>>>>>> "ignite-spring-data"
> > > > >> > >>>>>>>>>> to
> > > > >> > >>>>>>>>>>> version 2.2 and introducing
> > > > >> > >>> "ignite-spring-data-{old-version"}
> > > > >> > >>>>>> for
> > > > >> > >>>>>>>> the
> > > > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with
> the
> > > > >> > >>> proposal.
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>> -
> > > > >> > >>>>>>>>>>> Denis
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>> wrote:
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> Hello!
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > >> > >>>>>>>>>>>>
> https://issues.apache.org/jira/browse/IGNITE-12259
> > (3
> > > > >> > >>>>>> commits, be
> > > > >> > >>>>>>>>>>> careful
> > > > >> > >>>>>>>>>>>> with release version)
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now,
> but I
> > > > >> > >>> will
> > > > >> > >>>>>> provide
> > > > >> > >>>>>>>>> the
> > > > >> > >>>>>>>>>>>> following considerations:
> > > > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > >> > >>> currently do
> > > > >> > >>>>>> not
> > > > >> > >>>>>>>>> have,
> > > > >> > >>>>>>>>>>>> leading to lots of confused questions on stack
> > overflow
> > > > >> > >>> and
> > > > >> > >>>>>> mailing
> > > > >> > >>>>>>>>>> list.
> > > > >> > >>>>>>>>>>>> Spring Data is important to our public image since
> > many
> > > > >> > >>>>> people
> > > > >> > >>>>>> may
> > > > >> > >>>>>>>>>> learn
> > > > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > >> > >>> (just 2
> > > > >> > >>>>> POM
> > > > >> > >>>>>>>> file
> > > > >> > >>>>>>>>>>>> touched and that's all).
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> * The core was ready since early November but, due
> to
> > > > >> > >>> gmail
> > > > >> > >>>>>> quirk,
> > > > >> > >>>>>>>> we
> > > > >> > >>>>>>>>>> did
> > > > >> > >>>>>>>>>>>> not react to it in time.
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> WDYT?
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > >> > >>>>>> dependencies'
> > > > >> > >>>>>>>>>> versions
> > > > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring
> and
> > > > >> > >>>>> hibernate
> > > > >> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > >> > >>>>> maintenance
> > > > >> > >>>>>>>>> versions
> > > > >> > >>>>>>>>>>> to
> > > > >> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> I think this is one of things that are very hard to
> > do
> > > > >> > >>>>> between
> > > > >> > >>>>>>>>>> releases,
> > > > >> > >>>>>>>>>>> so
> > > > >> > >>>>>>>>>>>> I think this dependencies bumping should be a part
> > of a
> > > > >> > >>>>> formal
> > > > >> > >>>>>>>>>>>> release/testing cycle, and then be backported to
> > master.
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> > merge
> > > > >> > >>>>> these
> > > > >> > >>>>>>>>> version
> > > > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> Regards,
> > > > >> > >>>>>>>>>>>> --
> > > > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > > > >> > >>>>>>>>>>>>> :
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate
> > vs
> > > > >> > >>>>> 2.7.6,
> > > > >> > >>>>>>>>>>>>> last sha 2.8 was build from :
> 9d114f3137f92aebc2562a
> > > > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with:
> 2x
> > > > >> > >>> Xeon
> > > > >> > >>>>>> X5570
> > > > >> > >>>>>>>>> 96Gb
> > > > >> > >>>>>>>>>>>> 512GB
> > > > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > > > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > >> > >>>>>>>>>>>>> 1 backup
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > >> > >>> disabled.
> > > > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>> [1]
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> >
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > >> > >>>>>>>>>>>>>> Cc:
> > > > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > >> > >>> Manager]
> > > > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> Igniters,
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last
> major
> > > > >> > >>> Apache
> > > > >> > >>>>>> Ignite
> > > > >> > >>>>>>>>> 2.7
> > > > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > >> > >>> performance
> > > > >> > >>>>>>>>>> improvements
> > > > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> > their
> > > > >> > >>>>>> release
> > > > >> > >>>>>>>>> date.
> > > > >> > >>>>>>>>>>>>>> Here is my list of the most interesting things
> > from my
> > > > >> > >>>>> point
> > > > >> > >>>>>>>> since
> > > > >> > >>>>>>>>>> the
> > > > >> > >>>>>>>>>>>>>> last major release:
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> Service Grid,
> > > > >> > >>>>>>>>>>>>>> Monitoring,
> > > > >> > >>>>>>>>>>>>>> Recovery Read
> > > > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > >> > >>>>>>>>>>>>>> PDS compression,
> > > > >> > >>>>>>>>>>>>>> WAL page compression,
> > > > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > >> > >>>>>>>>>>>>>> SQL query history
> > > > >> > >>>>>>>>>>>>>> SQL statistics
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> > master
> > > > >> > >>>>>> branch
> > > > >> > >>>>>>>>>> anymore
> > > > >> > >>>>>>>>>>>>>> and prepare the next major release by the end of
> > the
> > > > >> > >>> year.
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> > 2.8
> > > > >> > >>>>>> release
> > > > >> > >>>>>>>> and
> > > > >> > >>>>>>>>>> also
> > > > >> > >>>>>>>>>>>>>> I want to propose myself to be the release
> manager
> > of
> > > > >> > >>> the
> > > > >> > >>>>>>>> planning
> > > > >> > >>>>>>>>>>>>>> release.
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>> WDYT?
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>>
> > > > >> > >>>>>>>>>>>
> > > > >> > >>>>>>>>>>
> > > > >> > >>>>>>>>>
> > > > >> > >>>>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>>
> > > > >> > >>>>>> --
> > > > >> > >>>>>> Best regards,
> > > > >> > >>>>>> Ivan Pavlukhin
> > > > >> > >>>>>>
> > > > >> > >>>>>
> > > > >> > >>>
> > > > >> > >>
> > > > >> > >>
> > > > >> > >> --
> > > > >> > >> BR, Sergey Antonov
> > > > >> > >
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >
> > > > >
> > > > >--
> > > > >Best regards,
> > > > >Ivan Pavlukhin
> > > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > BR, Sergey Antonov
> >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Sergey Antonov <an...@gmail.com>]

Igniters, I got green TC Bit visas [1] [2] for patch and commit revert.

[1]
https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7238%2Fhead&action=Latest

[2]
https://mtcga.gridgain.com/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAllNightly&baseBranchForTc=ignite-2.8&branchForTc=pull%2F7239%2Fhead&action=Latest

пн, 13 янв. 2020 г., 17:51 Maxim Muzafarov <mm...@apache.org>:

> Sergey,
>
> Thank you. I also do not support @IgniteExperemental annotation only
> for solving the current case of compatibility issues.
>
> I like your second suggestion to revert the issue [2] from 2.8 release
> by applying [1] PR. I'm going to apply this patch [1] within the next
> three days.
>
> Any objections?
>
> [1] https://github.com/apache/ignite/pull/7238
> [2] https://issues.apache.org/jira/browse/IGNITE-11256
>
> On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <an...@gmail.com>
> wrote:
> >
> > Guys, I created two pull requests [1] [2] for 2.8 release.
> >
> > First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> > Second [2] is a revert of ticket [4] from 2.8 release.
> >
> > I'm waiting TC run all nightly results for both PRs. I'll write update
> when
> > TC runs will be ok.
> > I'm okay with both proposals (add ticket [1] to release, remove read-only
> > feature from 2.8 release scope). But I'm not okay with
> @IgniteExperemental
> > annotation.
> >
> > [1] https://github.com/apache/ignite/pull/7239
> > [2] https://github.com/apache/ignite/pull/7238
> > [3] https://issues.apache.org/jira/browse/IGNITE-12225
> > [4] https://issues.apache.org/jira/browse/IGNITE-11256
> >
> >
> > пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky
> <arzamas123@mail.ru.invalid
> > >:
> >
> > >
> > > Ivan, if i correctly understand, you suggest additional «expiremental»
> > > stuff only for hiding already leaked RO interface ?
> > > poor approach as for me.
> > >
> > > >Folks,
> > > >
> > > >Some thoughts:
> > > >* Releasing an API with known fallacies sounds really bad thing to me.
> > > >It can have a negative consequences for a whole project for years. My
> > > >opinion here that we should resolve the problem with this API somehow
> > > >before release.
> > > >* We can mark cluster read-only API (without enum) as experimental and
> > > >change the API in e.g. 2.8.1.
> > > >* We can try to exclude read-only API from 2.8 at all.
> > > >
> > > >What do you think?
> > > >
> > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < plehanov.alex@gmail.com
> >:
> > > >>
> > > >> Guys,
> > > >>
> > > >> There is also an issue with cluster activation by thin clients. This
> > > >> feature (.NET thin client API change and protocol change) was added
> by
> > > [1]
> > > >> without any discussion on dev-list. Sergey's patch [2] deprecate
> methods
> > > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > > didn't do
> > > >> this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> also
> > > >> should not forget about thin client changes, since it will be
> strange
> > > if we
> > > >> introduce some methods to thin client API and protocol and in the
> same
> > > >> Ignite version deprecate these methods for servers and thick
> clients.
> > > >>
> > > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>
> > > >>
> > > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > > arzamas123@mail.ru.invalid
> > > >> >:
> > > >>
> > > >> >
> > > >> >
> > > >> > Agree with Nikolay, -1 from me, too.
> > > >> >
> > > >> > >Hello, Igniters.
> > > >> > >
> > > >> > >I’m -1 to include the read-only patch to 2.8.
> > > >> > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> for
> > > >> > blockers and major issues.
> > > >> > >
> > > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > > >> > >We should focus on the release and make it ASAP.
> > > >> > >
> > > >> > >We can’t extend the scope anymore.
> > > >> > >
> > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > antonovsergey93@gmail.com >
> > > >> > написал(а):
> > > >> > >>
> > > >> > >> Hello, Maxim!
> > > >> > >>
> > > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111
> files
> > > >> > >> changed.
> > > >> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > > already
> > > >> > >> presented. Changes in product code are minimal - only 30
> changed
> > > files
> > > >> > in
> > > >> > >> /src/main/ part. And most of them are new control.sh commands
> and
> > > >> > >> configuration.
> > > >> > >>
> > > >> > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > >> > >> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > >> > 2.8.1
> > > >> > >> for instance)?
> > > >> > >> Can we introduce in new features in maintanance release
> (2.8.1)?
> > > Cluster
> > > >> > >> read-only mode will be new feature, if we remove
> > > IgniteCluster#readOnly
> > > >> > in
> > > >> > >> 2.8 release. If all ok with that, lets remove
> > > IgniteCluster#readOnly and
> > > >> > >> move ticket [1] to 2.8.1 release.
> > > >> > >>
> > > >> > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > >> > visa)
> > > >> > >> on this feature to be sure that we will not add any blocker
> issues
> > > to
> > > >> > the
> > > >> > >> release?
> > > >> > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> visa
> > > vs
> > > >> > >> release branch.
> > > >> > >>
> > > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >> > >>
> > > >> > >>
> > > >> > >>
> > > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> mmuzaf@apache.org
> > > >:
> > > >> > >>
> > > >> > >>> Folks,
> > > >> > >>>
> > > >> > >>>
> > > >> > >>> Let me remind you that we are working on the 2.8 release
> branch
> > > >> > >>> stabilization currently (please, keep it in mind).
> > > >> > >>>
> > > >> > >>>
> > > >> > >>> Do we have a really STRONG reason for adding such a change
> [1] to
> > > the
> > > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> +5,517
> > > >> > >>> −2,038, 111 files changed.
> > > >> > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > >> > >>> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > >> > >>> 2.8.1 for instance)?
> > > >> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate
> any
> > > >> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > >> > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > >> > >>> visa) on this feature to be sure that we will not add any
> blocker
> > > >> > >>> issues to the release? For instance, on pre-production
> > > environment.
> > > >> > >>>
> > > >> > >>> I'd like to notice that we also have more than enough the
> release
> > > >> > >>> blocker issues [3] which are still `in progress` and such a
> > > release
> > > >> > >>> run becomes endless. Such changes without strong reasons
> looks too
> > > >> > >>> scary for me a special after scope and code freeze dates.
> > > >> > >>>
> > > >> > >>> Please, dispel my doubts.
> > > >> > >>>
> > > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > >> > >>> [3]
> > > >> > >>>
> > > >> >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > >> > )
> > > >> > >>>
> > > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > zaleslaw.sin@gmail.com
> > > >> > >
> > > >> > >>> wrote:
> > > >> > >>>>
> > > >> > >>>> +1
> > > >> > >>>>
> > > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > >> >  antonovsergey93@gmail.com >:
> > > >> > >>>>
> > > >> > >>>>> +1
> > > >> > >>>>>
> > > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > > branch
> > > >> > >>> will be
> > > >> > >>>>> at 13 Jan
> > > >> > >>>>>
> > > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> vololo100@gmail.com
> > > >:
> > > >> > >>>>>
> > > >> > >>>>>> +1
> > > >> > >>>>>>
> > > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > ivan.glukos@gmail.com >:
> > > >> > >>>>>>>
> > > >> > >>>>>>> Maxim M. and anyone who is interested,
> > > >> > >>>>>>>
> > > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >> > >>>>>>> Basically, it's a result of the following discussion:
> > > >> > >>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > >> > >>>>>>>
> > > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> > > that
> > > >> > >>> work
> > > >> > >>>>> with
> > > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > > >> > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > boolean
> > > >> > >>>>> version
> > > >> > >>>>>> of
> > > >> > >>>>>>> API in the code (which is currently present in 2.8
> branch) as
> > > it
> > > >> > >>> wasn't
> > > >> > >>>>>>> published in any release.
> > > >> > >>>>>>>
> > > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > > >> > >>>>>>> wrote:
> > > >> > >>>>>>>
> > > >> > >>>>>>>> Hello!
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> I have ran dependency checker plugin and quote the
> following:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-urideploy:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-spring:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-spring-data:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-aop:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-visor-console:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> ,
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >> > >>>>> :
> > > >> > >>>>>>>> CVE-2018-15756
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-spring-data_2.0:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> ,
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-15756
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-rest-http:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-kubernetes:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-aws:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > >> > >>>>> CVE-2015-6644,
> > > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > >> > >>>>> CVE-2016-1000341,
> > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >> > >>>>> CVE-2016-1000345,
> > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > >> > >>> CVE-2017-13098,
> > > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-gce:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> httpclient-4.0.1.jar
> > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > CVE-2011-1498,
> > > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > >> > >>>>>>>> guava-jdk5-17.0.jar
> > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-cloud:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > > >> > >>>>>>>>
> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2013-2014,
> > > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> CVE-2014-3476,
> > > >> > >>>>>> CVE-2014-3520,
> > > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> CVE-2018-14432,
> > > >> > >>>>>> CVE-2018-20170
> > > >> > >>>>>>>> cloudstack-2.0.0.jar
> > > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > >> > >>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2013-2136,
> > > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> CVE-2015-3252
> > > >> > >>>>>>>> docker-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2018-10892,
> > > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > CVE-2019-16884,
> > > >> > >>>>>>>> CVE-2019-5736
> > > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>> docker-1.9.3.jar
> > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > >> > >>> ,
> > > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> CVE-2016-3697,
> > > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > CVE-2019-15752,
> > > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> CVE-2016-5725
> > > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > >> > >>>>> CVE-2015-6644,
> > > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > >> > >>> CVE-2016-1000341,
> > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >> > >>>>> CVE-2016-1000345,
> > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > >> > >>> CVE-2018-1000613
> > > >> > >>>>>>>> okhttp-2.2.0.jar
> (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > CVE-2016-2402
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-mesos:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> CVE-2018-11793,
> > > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> CVE-2019-5736
> > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-kafka:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > >> > >>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > >> > >>>>>>>> connect-api-2.0.1.jar
> > > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-flume:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2017-15095,
> > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-14540,
> > > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > >> > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2015-6420,
> > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >> > >>>>>>>> netty-3.9.4.Final.jar
> (pkg:maven/io.netty/netty@3.9.4.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > >> > >>>>>> CVE-2019-16869,
> > > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > > >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2005-3747,
> > > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> CVE-2009-5048,
> > > >> > >>>>>> CVE-2009-5049,
> > > >> > >>>>>>>> CVE-2011-4461
> > > >> > >>>>>>>> jetty-util-6.1.26.jar
> > > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > >> > >>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2009-1523,
> > > >> > >>>>>>>> CVE-2011-4461
> > > >> > >>>>>>>> jetty-6.1.26.jar
> (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2009-1523,
> > > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> CVE-2017-7658,
> > > >> > >>>>>> CVE-2017-9735,
> > > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > >> > >>>>>>>> libthrift-0.9.0.jar
> > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > >> > >>> :
> > > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> CVE-2019-0205
> > > >> > >>>>>>>> httpclient-4.1.3.jar
> > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > >> > >>>>>>>> CVE-2015-5262
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-twitter:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> httpclient-4.2.5.jar
> > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > >> > >>>>>>>> CVE-2015-5262
> > > >> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-zookeeper:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2019-12086,
> > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > > :
> > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-10172,
> > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > >> > >>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-camel:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> camel-core-2.22.0.jar
> > > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-storm:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> storm-core-1.1.1.jar
> > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > >> > >>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> CVE-2018-11779,
> > > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> CVE-2019-0202
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >> > >>>>> CVE-2019-10247
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > >> > >>>>>>>> CVE-2015-5262
> > > >> > >>>>>>>>
> > > >> > >>>
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> CVE-2014-0193,
> > > >> > >>>>>> CVE-2014-3488,
> > > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > > SSLv3.0
> > > >> > >>>>> support
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >> > >>>>> CVE-2011-4461,
> > > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> CVE-2017-9735,
> > > >> > >>>>>> CVE-2019-10241,
> > > >> > >>>>>>>> CVE-2019-10247
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> ,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >> > >>>>> CVE-2011-4461,
> > > >> > >>>>>>>> CVE-2019-10247
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > >> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > >> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*)
> :
> > > >> > >>>>>> CVE-2016-1000031
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> CVE-2015-1776,
> > > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> CVE-2016-6811,
> > > >> > >>>>>> CVE-2017-15713,
> > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> CVE-2018-11768,
> > > >> > >>>>>> CVE-2018-1296,
> > > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-cassandra-store:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-cassandra-serializers:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > > >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > >> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2019-10086
> > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > >> > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2015-6420,
> > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> ,
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >> > >>>>> :
> > > >> > >>>>>>>> CVE-2018-15756
> > > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-flink:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> CVE-2016-5001,
> > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > >> > >>>>>> CVE-2016-4970,
> > > >> > >>>>>>>> CVE-2019-16869
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2017-15095,
> > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > CVE-2018-11307,
> > > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > CVE-2018-14719,
> > > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > CVE-2018-19361,
> > > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-12086,
> > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-rocketmq:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > >> > >>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > >> > >>>>>>>>
> > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > >> > >>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> CVE-2005-4838,
> > > >> > >>>>>> CVE-2006-7196,
> > > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> CVE-2009-2696,
> > > >> > >>>>>> CVE-2012-5568,
> > > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> CVE-2013-4444,
> > > >> > >>>>>> CVE-2013-4590,
> > > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> CVE-2014-0099,
> > > >> > >>>>>> CVE-2014-0119,
> > > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> CVE-2018-8020
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > maintenance
> > > >> > >>>>>> releases
> > > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> Some integrations also clearly suffer, through it's a
> > > problem of
> > > >> > >>>>> their
> > > >> > >>>>>>>> users, since they need to declare their own libraries'
> > > versions
> > > >> > >>> by
> > > >> > >>>>>>>> convention.
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> Regards,
> > > >> > >>>>>>>> --
> > > >> > >>>>>>>> Ilya Kasnacheev
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > dmagda@apache.org >:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> you,
> > > >> > >>> let's
> > > >> > >>>>>> update
> > > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>> -
> > > >> > >>>>>>>>> Denis
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > >> > >>>>>>>>> wrote:
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>>> Hello!
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > >> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>
> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > >> > >>>>>>>> <!--
> > > >> > >>>>>>>>>> don't forget to update spring version -->
> > > >> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > >> > >>>>> don't
> > > >> > >>>>>>>>> forget
> > > >> > >>>>>>>>>> to update spring-data version -->
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>
> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>
> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > >> > >>>>>>>>> don't
> > > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> All these libraries have maintenance release (such as
> our
> > > >> > >>>>> 2.7.*6*)
> > > >> > >>>>>> and
> > > >> > >>>>>>>> I
> > > >> > >>>>>>>>>> think it would be beneficial to upgrade these
> dependencies
> > > >> > >>> to the
> > > >> > >>>>>>>> latest
> > > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > > >> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> Regards,
> > > >> > >>>>>>>>>> --
> > > >> > >>>>>>>>>> Ilya Kasnacheev
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > dmagda@apache.org
> > > >> > >>>> :
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > >> > >>> fixes/improvements.
> > > >> > >>>>>> Ilya is
> > > >> > >>>>>>>>>> right
> > > >> > >>>>>>>>>>> that Spring Data related questions sparked last time
> due
> > > to
> > > >> > >>>>>> missing
> > > >> > >>>>>>>>>> support
> > > >> > >>>>>>>>>>> of 2.2 version.
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> "bumping
> > > >> > >>> the
> > > >> > >>>>>>>>> versions"?
> > > >> > >>>>>>>>>> Do
> > > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > >> > >>>>>>>>> "ignite-spring-data"
> > > >> > >>>>>>>>>> to
> > > >> > >>>>>>>>>>> version 2.2 and introducing
> > > >> > >>> "ignite-spring-data-{old-version"}
> > > >> > >>>>>> for
> > > >> > >>>>>>>> the
> > > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > >> > >>> proposal.
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>> -
> > > >> > >>>>>>>>>>> Denis
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>> wrote:
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Hello!
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > >> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259
> (3
> > > >> > >>>>>> commits, be
> > > >> > >>>>>>>>>>> careful
> > > >> > >>>>>>>>>>>> with release version)
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > >> > >>> will
> > > >> > >>>>>> provide
> > > >> > >>>>>>>>> the
> > > >> > >>>>>>>>>>>> following considerations:
> > > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > >> > >>> currently do
> > > >> > >>>>>> not
> > > >> > >>>>>>>>> have,
> > > >> > >>>>>>>>>>>> leading to lots of confused questions on stack
> overflow
> > > >> > >>> and
> > > >> > >>>>>> mailing
> > > >> > >>>>>>>>>> list.
> > > >> > >>>>>>>>>>>> Spring Data is important to our public image since
> many
> > > >> > >>>>> people
> > > >> > >>>>>> may
> > > >> > >>>>>>>>>> learn
> > > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > >> > >>> (just 2
> > > >> > >>>>> POM
> > > >> > >>>>>>>> file
> > > >> > >>>>>>>>>>>> touched and that's all).
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > >> > >>> gmail
> > > >> > >>>>>> quirk,
> > > >> > >>>>>>>> we
> > > >> > >>>>>>>>>> did
> > > >> > >>>>>>>>>>>> not react to it in time.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> WDYT?
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > >> > >>>>>> dependencies'
> > > >> > >>>>>>>>>> versions
> > > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > >> > >>>>> hibernate
> > > >> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > >> > >>>>> maintenance
> > > >> > >>>>>>>>> versions
> > > >> > >>>>>>>>>>> to
> > > >> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> I think this is one of things that are very hard to
> do
> > > >> > >>>>> between
> > > >> > >>>>>>>>>> releases,
> > > >> > >>>>>>>>>>> so
> > > >> > >>>>>>>>>>>> I think this dependencies bumping should be a part
> of a
> > > >> > >>>>> formal
> > > >> > >>>>>>>>>>>> release/testing cycle, and then be backported to
> master.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> merge
> > > >> > >>>>> these
> > > >> > >>>>>>>>> version
> > > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Regards,
> > > >> > >>>>>>>>>>>> --
> > > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > > >> > >>>>>>>>>>>>> :
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate
> vs
> > > >> > >>>>> 2.7.6,
> > > >> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > >> > >>> Xeon
> > > >> > >>>>>> X5570
> > > >> > >>>>>>>>> 96Gb
> > > >> > >>>>>>>>>>>> 512GB
> > > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > >> > >>>>>>>>>>>>> 1 backup
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > >> > >>> disabled.
> > > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> [1]
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > >> > >>>>>>>>>>>>>> Cc:
> > > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > >> > >>> Manager]
> > > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> Igniters,
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > >> > >>> Apache
> > > >> > >>>>>> Ignite
> > > >> > >>>>>>>>> 2.7
> > > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > >> > >>> performance
> > > >> > >>>>>>>>>> improvements
> > > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> their
> > > >> > >>>>>> release
> > > >> > >>>>>>>>> date.
> > > >> > >>>>>>>>>>>>>> Here is my list of the most interesting things
> from my
> > > >> > >>>>> point
> > > >> > >>>>>>>> since
> > > >> > >>>>>>>>>> the
> > > >> > >>>>>>>>>>>>>> last major release:
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> Service Grid,
> > > >> > >>>>>>>>>>>>>> Monitoring,
> > > >> > >>>>>>>>>>>>>> Recovery Read
> > > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > > >> > >>>>>>>>>>>>>> PDS compression,
> > > >> > >>>>>>>>>>>>>> WAL page compression,
> > > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > >> > >>>>>>>>>>>>>> SQL query history
> > > >> > >>>>>>>>>>>>>> SQL statistics
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> master
> > > >> > >>>>>> branch
> > > >> > >>>>>>>>>> anymore
> > > >> > >>>>>>>>>>>>>> and prepare the next major release by the end of
> the
> > > >> > >>> year.
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> 2.8
> > > >> > >>>>>> release
> > > >> > >>>>>>>> and
> > > >> > >>>>>>>>>> also
> > > >> > >>>>>>>>>>>>>> I want to propose myself to be the release manager
> of
> > > >> > >>> the
> > > >> > >>>>>>>> planning
> > > >> > >>>>>>>>>>>>>> release.
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> WDYT?
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>> --
> > > >> > >>>>>> Best regards,
> > > >> > >>>>>> Ivan Pavlukhin
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> > >>
> > > >> > >>
> > > >> > >> --
> > > >> > >> BR, Sergey Antonov
> > > >> > >
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >
> > > >
> > > >--
> > > >Best regards,
> > > >Ivan Pavlukhin
> > > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > --
> > BR, Sergey Antonov
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Maxim Muzafarov <mm...@apache.org>]

Igniters,


The list of the 2.8 release BLOCKERs at this moment:


[1] Default auto-adjust baseline enabled flag calculated incorrectly [Anton
Kalashnikov] PATCH AVAILABLE
[2] (Amazon S3 Based Discovery) Nodes getting down *[Unassigned] *OPEN
[3] Cluster Data Store grid gets Corrupted for Load test *[Unassigned] *OPEN
[4] Error during purges by expiration: Unknown page type *[Unassigned] *OPEN
[5] SpringDataExample should use example-ignite.xml config *[Unassigned] *
OPEN
[6] Cluster hangs during concurrent node client and server nodes restart
[Dmitriy Sorokin] IN PROGRESS
[7] Pme-free switch feature should be deactivatable [Sergei Ryzhov] PATCH
AVAILABLE


Full list of release 2.8 issues can be found on the [8] confluence page.


[1] https://issues.apache.org/jira/browse/IGNITE-12227
[2] https://issues.apache.org/jira/browse/IGNITE-12398
[3] https://issues.apache.org/jira/browse/IGNITE-12456
[4] https://issues.apache.org/jira/browse/IGNITE-12489
[5] https://issues.apache.org/jira/browse/IGNITE-8641
[6] https://issues.apache.org/jira/browse/IGNITE-9184
[7] https://issues.apache.org/jira/browse/IGNITE-12470
[8]
https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation)


On Mon, 13 Jan 2020 at 12:51, Maxim Muzafarov <mm...@apache.org> wrote:

> Sergey,
>
> Thank you. I also do not support @IgniteExperemental annotation only
> for solving the current case of compatibility issues.
>
> I like your second suggestion to revert the issue [2] from 2.8 release
> by applying [1] PR. I'm going to apply this patch [1] within the next
> three days.
>
> Any objections?
>
> [1] https://github.com/apache/ignite/pull/7238
> [2] https://issues.apache.org/jira/browse/IGNITE-11256
>
> On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <an...@gmail.com>
> wrote:
> >
> > Guys, I created two pull requests [1] [2] for 2.8 release.
> >
> > First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> > Second [2] is a revert of ticket [4] from 2.8 release.
> >
> > I'm waiting TC run all nightly results for both PRs. I'll write update
> when
> > TC runs will be ok.
> > I'm okay with both proposals (add ticket [1] to release, remove read-only
> > feature from 2.8 release scope). But I'm not okay with
> @IgniteExperemental
> > annotation.
> >
> > [1] https://github.com/apache/ignite/pull/7239
> > [2] https://github.com/apache/ignite/pull/7238
> > [3] https://issues.apache.org/jira/browse/IGNITE-12225
> > [4] https://issues.apache.org/jira/browse/IGNITE-11256
> >
> >
> > пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky
> <arzamas123@mail.ru.invalid
> > >:
> >
> > >
> > > Ivan, if i correctly understand, you suggest additional «expiremental»
> > > stuff only for hiding already leaked RO interface ?
> > > poor approach as for me.
> > >
> > > >Folks,
> > > >
> > > >Some thoughts:
> > > >* Releasing an API with known fallacies sounds really bad thing to me.
> > > >It can have a negative consequences for a whole project for years. My
> > > >opinion here that we should resolve the problem with this API somehow
> > > >before release.
> > > >* We can mark cluster read-only API (without enum) as experimental and
> > > >change the API in e.g. 2.8.1.
> > > >* We can try to exclude read-only API from 2.8 at all.
> > > >
> > > >What do you think?
> > > >
> > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < plehanov.alex@gmail.com
> >:
> > > >>
> > > >> Guys,
> > > >>
> > > >> There is also an issue with cluster activation by thin clients. This
> > > >> feature (.NET thin client API change and protocol change) was added
> by
> > > [1]
> > > >> without any discussion on dev-list. Sergey's patch [2] deprecate
> methods
> > > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > > didn't do
> > > >> this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> also
> > > >> should not forget about thin client changes, since it will be
> strange
> > > if we
> > > >> introduce some methods to thin client API and protocol and in the
> same
> > > >> Ignite version deprecate these methods for servers and thick
> clients.
> > > >>
> > > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>
> > > >>
> > > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > > arzamas123@mail.ru.invalid
> > > >> >:
> > > >>
> > > >> >
> > > >> >
> > > >> > Agree with Nikolay, -1 from me, too.
> > > >> >
> > > >> > >Hello, Igniters.
> > > >> > >
> > > >> > >I’m -1 to include the read-only patch to 2.8.
> > > >> > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> for
> > > >> > blockers and major issues.
> > > >> > >
> > > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > > >> > >We should focus on the release and make it ASAP.
> > > >> > >
> > > >> > >We can’t extend the scope anymore.
> > > >> > >
> > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > antonovsergey93@gmail.com >
> > > >> > написал(а):
> > > >> > >>
> > > >> > >> Hello, Maxim!
> > > >> > >>
> > > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111
> files
> > > >> > >> changed.
> > > >> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > > already
> > > >> > >> presented. Changes in product code are minimal - only 30
> changed
> > > files
> > > >> > in
> > > >> > >> /src/main/ part. And most of them are new control.sh commands
> and
> > > >> > >> configuration.
> > > >> > >>
> > > >> > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > >> > >> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > >> > 2.8.1
> > > >> > >> for instance)?
> > > >> > >> Can we introduce in new features in maintanance release
> (2.8.1)?
> > > Cluster
> > > >> > >> read-only mode will be new feature, if we remove
> > > IgniteCluster#readOnly
> > > >> > in
> > > >> > >> 2.8 release. If all ok with that, lets remove
> > > IgniteCluster#readOnly and
> > > >> > >> move ticket [1] to 2.8.1 release.
> > > >> > >>
> > > >> > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > >> > visa)
> > > >> > >> on this feature to be sure that we will not add any blocker
> issues
> > > to
> > > >> > the
> > > >> > >> release?
> > > >> > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> visa
> > > vs
> > > >> > >> release branch.
> > > >> > >>
> > > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >> > >>
> > > >> > >>
> > > >> > >>
> > > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> mmuzaf@apache.org
> > > >:
> > > >> > >>
> > > >> > >>> Folks,
> > > >> > >>>
> > > >> > >>>
> > > >> > >>> Let me remind you that we are working on the 2.8 release
> branch
> > > >> > >>> stabilization currently (please, keep it in mind).
> > > >> > >>>
> > > >> > >>>
> > > >> > >>> Do we have a really STRONG reason for adding such a change
> [1] to
> > > the
> > > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> +5,517
> > > >> > >>> −2,038, 111 files changed.
> > > >> > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > >> > >>> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > >> > >>> 2.8.1 for instance)?
> > > >> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate
> any
> > > >> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > >> > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > >> > >>> visa) on this feature to be sure that we will not add any
> blocker
> > > >> > >>> issues to the release? For instance, on pre-production
> > > environment.
> > > >> > >>>
> > > >> > >>> I'd like to notice that we also have more than enough the
> release
> > > >> > >>> blocker issues [3] which are still `in progress` and such a
> > > release
> > > >> > >>> run becomes endless. Such changes without strong reasons
> looks too
> > > >> > >>> scary for me a special after scope and code freeze dates.
> > > >> > >>>
> > > >> > >>> Please, dispel my doubts.
> > > >> > >>>
> > > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > >> > >>> [3]
> > > >> > >>>
> > > >> >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > >> > )
> > > >> > >>>
> > > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > zaleslaw.sin@gmail.com
> > > >> > >
> > > >> > >>> wrote:
> > > >> > >>>>
> > > >> > >>>> +1
> > > >> > >>>>
> > > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > >> >  antonovsergey93@gmail.com >:
> > > >> > >>>>
> > > >> > >>>>> +1
> > > >> > >>>>>
> > > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > > branch
> > > >> > >>> will be
> > > >> > >>>>> at 13 Jan
> > > >> > >>>>>
> > > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> vololo100@gmail.com
> > > >:
> > > >> > >>>>>
> > > >> > >>>>>> +1
> > > >> > >>>>>>
> > > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > ivan.glukos@gmail.com >:
> > > >> > >>>>>>>
> > > >> > >>>>>>> Maxim M. and anyone who is interested,
> > > >> > >>>>>>>
> > > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >> > >>>>>>> Basically, it's a result of the following discussion:
> > > >> > >>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > >> > >>>>>>>
> > > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> > > that
> > > >> > >>> work
> > > >> > >>>>> with
> > > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > > >> > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > boolean
> > > >> > >>>>> version
> > > >> > >>>>>> of
> > > >> > >>>>>>> API in the code (which is currently present in 2.8
> branch) as
> > > it
> > > >> > >>> wasn't
> > > >> > >>>>>>> published in any release.
> > > >> > >>>>>>>
> > > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > > >> > >>>>>>> wrote:
> > > >> > >>>>>>>
> > > >> > >>>>>>>> Hello!
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> I have ran dependency checker plugin and quote the
> following:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-urideploy:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-spring:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-spring-data:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-aop:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-visor-console:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> ,
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >> > >>>>> :
> > > >> > >>>>>>>> CVE-2018-15756
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-spring-data_2.0:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> ,
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-15756
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-rest-http:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-kubernetes:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-aws:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > >> > >>>>> CVE-2015-6644,
> > > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > >> > >>>>> CVE-2016-1000341,
> > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >> > >>>>> CVE-2016-1000345,
> > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > >> > >>> CVE-2017-13098,
> > > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-gce:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> httpclient-4.0.1.jar
> > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > CVE-2011-1498,
> > > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > >> > >>>>>>>> guava-jdk5-17.0.jar
> > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-cloud:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > > >> > >>>>>>>>
> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2013-2014,
> > > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> CVE-2014-3476,
> > > >> > >>>>>> CVE-2014-3520,
> > > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> CVE-2018-14432,
> > > >> > >>>>>> CVE-2018-20170
> > > >> > >>>>>>>> cloudstack-2.0.0.jar
> > > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > >> > >>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2013-2136,
> > > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> CVE-2015-3252
> > > >> > >>>>>>>> docker-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2018-10892,
> > > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > CVE-2019-16884,
> > > >> > >>>>>>>> CVE-2019-5736
> > > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>> docker-1.9.3.jar
> > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > >> > >>> ,
> > > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> CVE-2016-3697,
> > > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > CVE-2019-15752,
> > > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> CVE-2016-5725
> > > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > >> > >>>>> CVE-2015-6644,
> > > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > >> > >>> CVE-2016-1000341,
> > > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >> > >>>>> CVE-2016-1000345,
> > > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > >> > >>> CVE-2018-1000613
> > > >> > >>>>>>>> okhttp-2.2.0.jar
> (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > CVE-2016-2402
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-mesos:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> CVE-2018-11793,
> > > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> CVE-2019-5736
> > > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-kafka:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > >> > >>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > >> > >>>>>>>> connect-api-2.0.1.jar
> > > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-flume:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2017-15095,
> > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-14540,
> > > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > >> > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2015-6420,
> > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >> > >>>>>>>> netty-3.9.4.Final.jar
> (pkg:maven/io.netty/netty@3.9.4.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > >> > >>>>>> CVE-2019-16869,
> > > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > > >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2005-3747,
> > > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> CVE-2009-5048,
> > > >> > >>>>>> CVE-2009-5049,
> > > >> > >>>>>>>> CVE-2011-4461
> > > >> > >>>>>>>> jetty-util-6.1.26.jar
> > > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > >> > >>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2009-1523,
> > > >> > >>>>>>>> CVE-2011-4461
> > > >> > >>>>>>>> jetty-6.1.26.jar
> (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >> > >>> CVE-2009-1523,
> > > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> CVE-2017-7658,
> > > >> > >>>>>> CVE-2017-9735,
> > > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > >> > >>>>>>>> libthrift-0.9.0.jar
> > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > >> > >>> :
> > > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> CVE-2019-0205
> > > >> > >>>>>>>> httpclient-4.1.3.jar
> > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > >> > >>>>>>>> CVE-2015-5262
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-twitter:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> httpclient-4.2.5.jar
> > > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > >> > >>>>>>>> CVE-2015-5262
> > > >> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-zookeeper:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2019-12086,
> > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > > :
> > > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-10172,
> > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > >> > >>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-camel:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> camel-core-2.22.0.jar
> > > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-storm:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> storm-core-1.1.1.jar
> > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > >> > >>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> CVE-2018-11779,
> > > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> CVE-2019-0202
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >> > >>>>> CVE-2019-10247
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > >> > >>>>>>>> CVE-2015-5262
> > > >> > >>>>>>>>
> > > >> > >>>
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> CVE-2014-0193,
> > > >> > >>>>>> CVE-2014-3488,
> > > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > > SSLv3.0
> > > >> > >>>>> support
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > >> > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >> > >>>>> CVE-2011-4461,
> > > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> CVE-2017-9735,
> > > >> > >>>>>> CVE-2019-10241,
> > > >> > >>>>>>>> CVE-2019-10247
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> ,
> > > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >> > >>>>> CVE-2011-4461,
> > > >> > >>>>>>>> CVE-2019-10247
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > >> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > >> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*)
> :
> > > >> > >>>>>> CVE-2016-1000031
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> CVE-2015-1776,
> > > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> CVE-2016-6811,
> > > >> > >>>>>> CVE-2017-15713,
> > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> CVE-2018-11768,
> > > >> > >>>>>> CVE-2018-1296,
> > > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-cassandra-store:
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-cassandra-serializers:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > > >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > >> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2019-10086
> > > >> > >>>>>>>> commons-collections-3.2.1.jar
> > > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > >> > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2015-6420,
> > > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> ,
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>
> > > >> >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > >> > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >> > >>>>> :
> > > >> > >>>>>>>> CVE-2018-15756
> > > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-flink:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > >> > >>>>>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> CVE-2016-5001,
> > > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > >> > >>>>>> CVE-2016-4970,
> > > >> > >>>>>>>> CVE-2019-16869
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > >> > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > ,
> > > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > >> > >>>>>> CVE-2017-15095,
> > > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > CVE-2018-11307,
> > > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > CVE-2018-14719,
> > > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > CVE-2018-19361,
> > > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-12086,
> > > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> One or more dependencies were identified with known
> > > >> > >>> vulnerabilities
> > > >> > >>>>> in
> > > >> > >>>>>>>> ignite-rocketmq:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > >> > >>>>> ,
> > > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > >> > >>>>>>>>
> > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > >> > >>> ,
> > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >> > >>>>>>>>
> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> CVE-2005-4838,
> > > >> > >>>>>> CVE-2006-7196,
> > > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> CVE-2009-2696,
> > > >> > >>>>>> CVE-2012-5568,
> > > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> CVE-2013-4444,
> > > >> > >>>>>> CVE-2013-4590,
> > > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> CVE-2014-0099,
> > > >> > >>>>>> CVE-2014-0119,
> > > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> CVE-2018-8020
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > maintenance
> > > >> > >>>>>> releases
> > > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> Some integrations also clearly suffer, through it's a
> > > problem of
> > > >> > >>>>> their
> > > >> > >>>>>>>> users, since they need to declare their own libraries'
> > > versions
> > > >> > >>> by
> > > >> > >>>>>>>> convention.
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> Regards,
> > > >> > >>>>>>>> --
> > > >> > >>>>>>>> Ilya Kasnacheev
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > dmagda@apache.org >:
> > > >> > >>>>>>>>
> > > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> you,
> > > >> > >>> let's
> > > >> > >>>>>> update
> > > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>> -
> > > >> > >>>>>>>>> Denis
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > >> > >>>>>>>>> wrote:
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>>> Hello!
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > >> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>
> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > >> > >>>>>>>> <!--
> > > >> > >>>>>>>>>> don't forget to update spring version -->
> > > >> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > >> > >>>>> don't
> > > >> > >>>>>>>>> forget
> > > >> > >>>>>>>>>> to update spring-data version -->
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>
> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>
> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > >> > >>>>>>>>> don't
> > > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> All these libraries have maintenance release (such as
> our
> > > >> > >>>>> 2.7.*6*)
> > > >> > >>>>>> and
> > > >> > >>>>>>>> I
> > > >> > >>>>>>>>>> think it would be beneficial to upgrade these
> dependencies
> > > >> > >>> to the
> > > >> > >>>>>>>> latest
> > > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > > >> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> Regards,
> > > >> > >>>>>>>>>> --
> > > >> > >>>>>>>>>> Ilya Kasnacheev
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > dmagda@apache.org
> > > >> > >>>> :
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > >> > >>> fixes/improvements.
> > > >> > >>>>>> Ilya is
> > > >> > >>>>>>>>>> right
> > > >> > >>>>>>>>>>> that Spring Data related questions sparked last time
> due
> > > to
> > > >> > >>>>>> missing
> > > >> > >>>>>>>>>> support
> > > >> > >>>>>>>>>>> of 2.2 version.
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> "bumping
> > > >> > >>> the
> > > >> > >>>>>>>>> versions"?
> > > >> > >>>>>>>>>> Do
> > > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > >> > >>>>>>>>> "ignite-spring-data"
> > > >> > >>>>>>>>>> to
> > > >> > >>>>>>>>>>> version 2.2 and introducing
> > > >> > >>> "ignite-spring-data-{old-version"}
> > > >> > >>>>>> for
> > > >> > >>>>>>>> the
> > > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > >> > >>> proposal.
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>> -
> > > >> > >>>>>>>>>>> Denis
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>> wrote:
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Hello!
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > >> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259
> (3
> > > >> > >>>>>> commits, be
> > > >> > >>>>>>>>>>> careful
> > > >> > >>>>>>>>>>>> with release version)
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > >> > >>> will
> > > >> > >>>>>> provide
> > > >> > >>>>>>>>> the
> > > >> > >>>>>>>>>>>> following considerations:
> > > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > >> > >>> currently do
> > > >> > >>>>>> not
> > > >> > >>>>>>>>> have,
> > > >> > >>>>>>>>>>>> leading to lots of confused questions on stack
> overflow
> > > >> > >>> and
> > > >> > >>>>>> mailing
> > > >> > >>>>>>>>>> list.
> > > >> > >>>>>>>>>>>> Spring Data is important to our public image since
> many
> > > >> > >>>>> people
> > > >> > >>>>>> may
> > > >> > >>>>>>>>>> learn
> > > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > >> > >>> (just 2
> > > >> > >>>>> POM
> > > >> > >>>>>>>> file
> > > >> > >>>>>>>>>>>> touched and that's all).
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > >> > >>> gmail
> > > >> > >>>>>> quirk,
> > > >> > >>>>>>>> we
> > > >> > >>>>>>>>>> did
> > > >> > >>>>>>>>>>>> not react to it in time.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> WDYT?
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > >> > >>>>>> dependencies'
> > > >> > >>>>>>>>>> versions
> > > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > >> > >>>>> hibernate
> > > >> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > >> > >>>>> maintenance
> > > >> > >>>>>>>>> versions
> > > >> > >>>>>>>>>>> to
> > > >> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> I think this is one of things that are very hard to
> do
> > > >> > >>>>> between
> > > >> > >>>>>>>>>> releases,
> > > >> > >>>>>>>>>>> so
> > > >> > >>>>>>>>>>>> I think this dependencies bumping should be a part
> of a
> > > >> > >>>>> formal
> > > >> > >>>>>>>>>>>> release/testing cycle, and then be backported to
> master.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> merge
> > > >> > >>>>> these
> > > >> > >>>>>>>>> version
> > > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> Regards,
> > > >> > >>>>>>>>>>>> --
> > > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > > >> > >>>>>>>>>>>>> :
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate
> vs
> > > >> > >>>>> 2.7.6,
> > > >> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > >> > >>> Xeon
> > > >> > >>>>>> X5570
> > > >> > >>>>>>>>> 96Gb
> > > >> > >>>>>>>>>>>> 512GB
> > > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > >> > >>>>>>>>>>>>> 1 backup
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > >> > >>> disabled.
> > > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> [1]
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > >> > >>>>>>>>>>>>>> Cc:
> > > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > >> > >>> Manager]
> > > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> Igniters,
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > >> > >>> Apache
> > > >> > >>>>>> Ignite
> > > >> > >>>>>>>>> 2.7
> > > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > >> > >>> performance
> > > >> > >>>>>>>>>> improvements
> > > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> their
> > > >> > >>>>>> release
> > > >> > >>>>>>>>> date.
> > > >> > >>>>>>>>>>>>>> Here is my list of the most interesting things
> from my
> > > >> > >>>>> point
> > > >> > >>>>>>>> since
> > > >> > >>>>>>>>>> the
> > > >> > >>>>>>>>>>>>>> last major release:
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> Service Grid,
> > > >> > >>>>>>>>>>>>>> Monitoring,
> > > >> > >>>>>>>>>>>>>> Recovery Read
> > > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > > >> > >>>>>>>>>>>>>> PDS compression,
> > > >> > >>>>>>>>>>>>>> WAL page compression,
> > > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > >> > >>>>>>>>>>>>>> SQL query history
> > > >> > >>>>>>>>>>>>>> SQL statistics
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> master
> > > >> > >>>>>> branch
> > > >> > >>>>>>>>>> anymore
> > > >> > >>>>>>>>>>>>>> and prepare the next major release by the end of
> the
> > > >> > >>> year.
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> 2.8
> > > >> > >>>>>> release
> > > >> > >>>>>>>> and
> > > >> > >>>>>>>>>> also
> > > >> > >>>>>>>>>>>>>> I want to propose myself to be the release manager
> of
> > > >> > >>> the
> > > >> > >>>>>>>> planning
> > > >> > >>>>>>>>>>>>>> release.
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>> WDYT?
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>>
> > > >> > >>>>>>>>>>>>
> > > >> > >>>>>>>>>>>
> > > >> > >>>>>>>>>>
> > > >> > >>>>>>>>>
> > > >> > >>>>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>>
> > > >> > >>>>>> --
> > > >> > >>>>>> Best regards,
> > > >> > >>>>>> Ivan Pavlukhin
> > > >> > >>>>>>
> > > >> > >>>>>
> > > >> > >>>
> > > >> > >>
> > > >> > >>
> > > >> > >> --
> > > >> > >> BR, Sergey Antonov
> > > >> > >
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >
> > > >
> > > >--
> > > >Best regards,
> > > >Ivan Pavlukhin
> > > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > --
> > BR, Sergey Antonov
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Maxim Muzafarov <mm...@apache.org>]

Sergey,

Thank you. I also do not support @IgniteExperemental annotation only
for solving the current case of compatibility issues.

I like your second suggestion to revert the issue [2] from 2.8 release
by applying [1] PR. I'm going to apply this patch [1] within the next
three days.

Any objections?

[1] https://github.com/apache/ignite/pull/7238
[2] https://issues.apache.org/jira/browse/IGNITE-11256

On Sat, 11 Jan 2020 at 17:59, Sergey Antonov <an...@gmail.com> wrote:
>
> Guys, I created two pull requests [1] [2] for 2.8 release.
>
> First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
> Second [2] is a revert of ticket [4] from 2.8 release.
>
> I'm waiting TC run all nightly results for both PRs. I'll write update when
> TC runs will be ok.
> I'm okay with both proposals (add ticket [1] to release, remove read-only
> feature from 2.8 release scope). But I'm not okay with @IgniteExperemental
> annotation.
>
> [1] https://github.com/apache/ignite/pull/7239
> [2] https://github.com/apache/ignite/pull/7238
> [3] https://issues.apache.org/jira/browse/IGNITE-12225
> [4] https://issues.apache.org/jira/browse/IGNITE-11256
>
>
> пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky <arzamas123@mail.ru.invalid
> >:
>
> >
> > Ivan, if i correctly understand, you suggest additional «expiremental»
> > stuff only for hiding already leaked RO interface ?
> > poor approach as for me.
> >
> > >Folks,
> > >
> > >Some thoughts:
> > >* Releasing an API with known fallacies sounds really bad thing to me.
> > >It can have a negative consequences for a whole project for years. My
> > >opinion here that we should resolve the problem with this API somehow
> > >before release.
> > >* We can mark cluster read-only API (without enum) as experimental and
> > >change the API in e.g. 2.8.1.
> > >* We can try to exclude read-only API from 2.8 at all.
> > >
> > >What do you think?
> > >
> > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < plehanov.alex@gmail.com >:
> > >>
> > >> Guys,
> > >>
> > >> There is also an issue with cluster activation by thin clients. This
> > >> feature (.NET thin client API change and protocol change) was added by
> > [1]
> > >> without any discussion on dev-list. Sergey's patch [2] deprecate methods
> > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > didn't do
> > >> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
> > >> should not forget about thin client changes, since it will be strange
> > if we
> > >> introduce some methods to thin client API and protocol and in the same
> > >> Ignite version deprecate these methods for servers and thick clients.
> > >>
> > >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> > >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>
> > >>
> > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> > arzamas123@mail.ru.invalid
> > >> >:
> > >>
> > >> >
> > >> >
> > >> > Agree with Nikolay, -1 from me, too.
> > >> >
> > >> > >Hello, Igniters.
> > >> > >
> > >> > >I’m -1 to include the read-only patch to 2.8.
> > >> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > >> > blockers and major issues.
> > >> > >
> > >> > >Guys, we don’t release Apache Ignite for 13 months!
> > >> > >We should focus on the release and make it ASAP.
> > >> > >
> > >> > >We can’t extend the scope anymore.
> > >> > >
> > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > antonovsergey93@gmail.com >
> > >> > написал(а):
> > >> > >>
> > >> > >> Hello, Maxim!
> > >> > >>
> > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > >> > >> changed.
> > >> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > already
> > >> > >> presented. Changes in product code are minimal - only 30 changed
> > files
> > >> > in
> > >> > >> /src/main/ part. And most of them are new control.sh commands and
> > >> > >> configuration.
> > >> > >>
> > >> > >>> Do we have customer requests for this feature or maybe users who
> > are
> > >> > >> waiting for exactly that ENUM values exactly in 2.8 release (not
> > the
> > >> > 2.8.1
> > >> > >> for instance)?
> > >> > >> Can we introduce in new features in maintanance release (2.8.1)?
> > Cluster
> > >> > >> read-only mode will be new feature, if we remove
> > IgniteCluster#readOnly
> > >> > in
> > >> > >> 2.8 release. If all ok with that, lets remove
> > IgniteCluster#readOnly and
> > >> > >> move ticket [1] to 2.8.1 release.
> > >> > >>
> > >> > >>> Do we have extended test results report (on just only TC.Bot green
> > >> > visa)
> > >> > >> on this feature to be sure that we will not add any blocker issues
> > to
> > >> > the
> > >> > >> release?
> > >> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa
> > vs
> > >> > >> release branch.
> > >> > >>
> > >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > >> > >>
> > >> > >>
> > >> > >>
> > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <  mmuzaf@apache.org
> > >:
> > >> > >>
> > >> > >>> Folks,
> > >> > >>>
> > >> > >>>
> > >> > >>> Let me remind you that we are working on the 2.8 release branch
> > >> > >>> stabilization currently (please, keep it in mind).
> > >> > >>>
> > >> > >>>
> > >> > >>> Do we have a really STRONG reason for adding such a change [1] to
> > the
> > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > >> > >>> −2,038, 111 files changed.
> > >> > >>> Do we have customer requests for this feature or maybe users who
> > are
> > >> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not
> > the
> > >> > >>> 2.8.1 for instance)?
> > >> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > >> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > >> > >>> Do we have extended test results report (on just only TC.Bot green
> > >> > >>> visa) on this feature to be sure that we will not add any blocker
> > >> > >>> issues to the release? For instance, on pre-production
> > environment.
> > >> > >>>
> > >> > >>> I'd like to notice that we also have more than enough the release
> > >> > >>> blocker issues [3] which are still `in progress` and such a
> > release
> > >> > >>> run becomes endless. Such changes without strong reasons looks too
> > >> > >>> scary for me a special after scope and code freeze dates.
> > >> > >>>
> > >> > >>> Please, dispel my doubts.
> > >> > >>>
> > >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > >> > >>> [3]
> > >> > >>>
> > >> >
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > >> > )
> > >> > >>>
> > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > zaleslaw.sin@gmail.com
> > >> > >
> > >> > >>> wrote:
> > >> > >>>>
> > >> > >>>> +1
> > >> > >>>>
> > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > >> >  antonovsergey93@gmail.com >:
> > >> > >>>>
> > >> > >>>>> +1
> > >> > >>>>>
> > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > branch
> > >> > >>> will be
> > >> > >>>>> at 13 Jan
> > >> > >>>>>
> > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <  vololo100@gmail.com
> > >:
> > >> > >>>>>
> > >> > >>>>>> +1
> > >> > >>>>>>
> > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > ivan.glukos@gmail.com >:
> > >> > >>>>>>>
> > >> > >>>>>>> Maxim M. and anyone who is interested,
> > >> > >>>>>>>
> > >> > >>>>>>> I suggest to include this fix to 2.8 release:
> > >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > >> > >>>>>>> Basically, it's a result of the following discussion:
> > >> > >>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > >> > >>>>>>>
> > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> > that
> > >> > >>> work
> > >> > >>>>> with
> > >> > >>>>>>> boolean are replaced with ones that work with enum.
> > >> > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > boolean
> > >> > >>>>> version
> > >> > >>>>>> of
> > >> > >>>>>>> API in the code (which is currently present in 2.8 branch) as
> > it
> > >> > >>> wasn't
> > >> > >>>>>>> published in any release.
> > >> > >>>>>>>
> > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > >> > >>>>>>  ilya.kasnacheev@gmail.com >
> > >> > >>>>>>> wrote:
> > >> > >>>>>>>
> > >> > >>>>>>>> Hello!
> > >> > >>>>>>>>
> > >> > >>>>>>>> I have ran dependency checker plugin and quote the following:
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-urideploy:
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-spring:
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-spring-data:
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-aop:
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-visor-console:
> > >> > >>>>>>>>
> > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>
> > >> >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > >> > >>>
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > >> > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > >> > >>>>> :
> > >> > >>>>>>>> CVE-2018-15756
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-spring-data_2.0:
> > >> > >>>>>>>>
> > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>
> > >> >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > >> > >>>
> > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > >> > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2018-15756
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-rest-http:
> > >> > >>>>>>>>
> > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-kubernetes:
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-aws:
> > >> > >>>>>>>>
> > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > >> > >>>>> CVE-2015-6644,
> > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > >> > >>>>> CVE-2016-1000341,
> > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > >> > >>>>> CVE-2016-1000345,
> > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > >> > >>> CVE-2017-13098,
> > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-gce:
> > >> > >>>>>>>>
> > >> > >>>>>>>> httpclient-4.0.1.jar
> > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > >> > >>>>>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > CVE-2011-1498,
> > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > >> > >>>>>>>> guava-jdk5-17.0.jar
> > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-cloud:
> > >> > >>>>>>>>
> > >> > >>>>>>>> openstack-keystone-2.0.0.jar
> > >> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > >> > >>> CVE-2013-2014,
> > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > >> > >>>>>> CVE-2014-3520,
> > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > >> > >>>>>> CVE-2018-20170
> > >> > >>>>>>>> cloudstack-2.0.0.jar
> > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > >> > >>>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > CVE-2013-2136,
> > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > >> > >>>>>>>> docker-2.0.0.jar
> > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > CVE-2018-10892,
> > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > CVE-2019-16884,
> > >> > >>>>>>>> CVE-2019-5736
> > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>> docker-1.9.3.jar
> > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > >> > >>> ,
> > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > CVE-2019-15752,
> > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > >> > >>>>> CVE-2015-6644,
> > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > >> > >>> CVE-2016-1000341,
> > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > >> > >>>>> CVE-2016-1000345,
> > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > >> > >>> CVE-2018-1000613
> > >> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > ,
> > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > CVE-2016-2402
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-mesos:
> > >> > >>>>>>>>
> > >> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > >> > >>>>>>>> jackson-databind-2.9.6.jar
> > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-kafka:
> > >> > >>>>>>>>
> > >> > >>>>>>>> kafka-clients-2.0.1.jar
> > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > >> > >>>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >> > >>>>>>>> connect-api-2.0.1.jar
> > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-flume:
> > >> > >>>>>>>>
> > >> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > >> > >>> CVE-2017-15095,
> > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > CVE-2018-1000873,
> > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > >> > >>>>>>>> commons-collections-3.2.1.jar
> > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > >> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2015-6420,
> > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > >> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > >> > >>>>>> CVE-2019-16869,
> > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > >> > >>>>>>>> servlet-api-2.5-20110124.jar
> > >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2005-3747,
> > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > >> > >>>>>> CVE-2009-5049,
> > >> > >>>>>>>> CVE-2011-4461
> > >> > >>>>>>>> jetty-util-6.1.26.jar
> > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > >> > >>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > >> > >>> CVE-2009-1523,
> > >> > >>>>>>>> CVE-2011-4461
> > >> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > >> > >>> CVE-2009-1523,
> > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > >> > >>>>>> CVE-2017-9735,
> > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > >> > >>>>>>>> libthrift-0.9.0.jar
> > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > >> > >>> :
> > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > >> > >>>>>>>> httpclient-4.1.3.jar
> > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > >> > >>>>>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > >> > >>>>>>>> CVE-2015-5262
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-twitter:
> > >> > >>>>>>>>
> > >> > >>>>>>>> httpclient-4.2.5.jar
> > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > >> > >>>>>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > >> > >>>>>>>> CVE-2015-5262
> > >> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-zookeeper:
> > >> > >>>>>>>>
> > >> > >>>>>>>> jackson-databind-2.9.8.jar
> > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > ,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2019-12086,
> > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439,
> > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943,
> > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> > :
> > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > CVE-2018-1000873,
> > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > >> > >>>>>>>> netty-all-4.1.29.Final.jar
> > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > >> > >>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-camel:
> > >> > >>>>>>>>
> > >> > >>>>>>>> camel-core-2.22.0.jar
> > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-storm:
> > >> > >>>>>>>>
> > >> > >>>>>>>> storm-core-1.1.1.jar
> > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > >> > >>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >> > >>>>> CVE-2019-10247
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > >> > >>>>>>>> CVE-2015-5262
> > >> > >>>>>>>>
> > >> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > >> > >>>>>> CVE-2014-3488,
> > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > SSLv3.0
> > >> > >>>>> support
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >> > >>>>> CVE-2011-4461,
> > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > >> > >>>>>> CVE-2019-10241,
> > >> > >>>>>>>> CVE-2019-10247
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>
> > >> >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >> > >>>>> CVE-2011-4461,
> > >> > >>>>>>>> CVE-2019-10247
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > >> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > >> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2016-1000031
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>
> > >> >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > >> > >>>>>> CVE-2017-15713,
> > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > >> > >>>>>> CVE-2018-1296,
> > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-cassandra-store:
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-cassandra-serializers:
> > >> > >>>>>>>>
> > >> > >>>>>>>> commons-beanutils-1.9.2.jar
> > >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > >> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2019-10086
> > >> > >>>>>>>> commons-collections-3.2.1.jar
> > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > >> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2015-6420,
> > >> > >>>>>>>> CVE-2017-15708, Remote code execution
> > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>
> > >> >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > >> > >>>
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > >> > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > >> > >>>>> :
> > >> > >>>>>>>> CVE-2018-15756
> > >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-flink:
> > >> > >>>>>>>>
> > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > >> > >>>>>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > >> > >>>>>> CVE-2016-4970,
> > >> > >>>>>>>> CVE-2019-16869
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > ,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > >> > >>>>>> CVE-2017-15095,
> > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > CVE-2018-11307,
> > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > CVE-2018-14719,
> > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > CVE-2018-19361,
> > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439,
> > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943,
> > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >> > >>>>>>>>
> > >> > >>>>>>>> One or more dependencies were identified with known
> > >> > >>> vulnerabilities
> > >> > >>>>> in
> > >> > >>>>>>>> ignite-rocketmq:
> > >> > >>>>>>>>
> > >> > >>>>>>>> netty-all-4.0.42.Final.jar
> > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > >> > >>>>> ,
> > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > >> > >>>>>>>>
> > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > >> > >>> ,
> > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > >> > >>>>>>>>
> > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > >> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > >> > >>>>>> CVE-2006-7196,
> > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > >> > >>>>>> CVE-2012-5568,
> > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > >> > >>>>>> CVE-2013-4590,
> > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > >> > >>>>>> CVE-2014-0119,
> > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > >> > >>>>>>>>
> > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > maintenance
> > >> > >>>>>> releases
> > >> > >>>>>>>> of Spring. I think we can bump most of that.
> > >> > >>>>>>>>
> > >> > >>>>>>>> Some integrations also clearly suffer, through it's a
> > problem of
> > >> > >>>>> their
> > >> > >>>>>>>> users, since they need to declare their own libraries'
> > versions
> > >> > >>> by
> > >> > >>>>>>>> convention.
> > >> > >>>>>>>>
> > >> > >>>>>>>> Regards,
> > >> > >>>>>>>> --
> > >> > >>>>>>>> Ilya Kasnacheev
> > >> > >>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > dmagda@apache.org >:
> > >> > >>>>>>>>
> > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > >> > >>> let's
> > >> > >>>>>> update
> > >> > >>>>>>>>> the versions of the dependencies to the latest.
> > >> > >>>>>>>>>
> > >> > >>>>>>>>> -
> > >> > >>>>>>>>> Denis
> > >> > >>>>>>>>>
> > >> > >>>>>>>>>
> > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > >> > >>>>>>>>> wrote:
> > >> > >>>>>>>>>
> > >> > >>>>>>>>>> Hello!
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> By bumping versisons I mean the following:
> > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > >> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > >> > >>>>>>>>>>
> > >> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > >> > >>>>>>>> <!--
> > >> > >>>>>>>>>> don't forget to update spring version -->
> > >> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > >> > >>>>> don't
> > >> > >>>>>>>>> forget
> > >> > >>>>>>>>>> to update spring-data version -->
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>
> > >> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > >> > >>>>>>>>>>
> > >> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > >> > >>>>>>>>> don't
> > >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> All these libraries have maintenance release (such as our
> > >> > >>>>> 2.7.*6*)
> > >> > >>>>>> and
> > >> > >>>>>>>> I
> > >> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > >> > >>> to the
> > >> > >>>>>>>> latest
> > >> > >>>>>>>>>> maintenance version found in Maven Central.
> > >> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> Regards,
> > >> > >>>>>>>>>> --
> > >> > >>>>>>>>>> Ilya Kasnacheev
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > dmagda@apache.org
> > >> > >>>> :
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > >> > >>> fixes/improvements.
> > >> > >>>>>> Ilya is
> > >> > >>>>>>>>>> right
> > >> > >>>>>>>>>>> that Spring Data related questions sparked last time due
> > to
> > >> > >>>>>> missing
> > >> > >>>>>>>>>> support
> > >> > >>>>>>>>>>> of 2.2 version.
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > >> > >>> the
> > >> > >>>>>>>>> versions"?
> > >> > >>>>>>>>>> Do
> > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > >> > >>>>>>>>> "ignite-spring-data"
> > >> > >>>>>>>>>> to
> > >> > >>>>>>>>>>> version 2.2 and introducing
> > >> > >>> "ignite-spring-data-{old-version"}
> > >> > >>>>>> for
> > >> > >>>>>>>> the
> > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > >> > >>> proposal.
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> -
> > >> > >>>>>>>>>>> Denis
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>> wrote:
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>>> Hello!
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > >> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > >> > >>>>>> commits, be
> > >> > >>>>>>>>>>> careful
> > >> > >>>>>>>>>>>> with release version)
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > >> > >>> will
> > >> > >>>>>> provide
> > >> > >>>>>>>>> the
> > >> > >>>>>>>>>>>> following considerations:
> > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > >> > >>> currently do
> > >> > >>>>>> not
> > >> > >>>>>>>>> have,
> > >> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > >> > >>> and
> > >> > >>>>>> mailing
> > >> > >>>>>>>>>> list.
> > >> > >>>>>>>>>>>> Spring Data is important to our public image since many
> > >> > >>>>> people
> > >> > >>>>>> may
> > >> > >>>>>>>>>> learn
> > >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > >> > >>> (just 2
> > >> > >>>>> POM
> > >> > >>>>>>>> file
> > >> > >>>>>>>>>>>> touched and that's all).
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> * The core was ready since early November but, due to
> > >> > >>> gmail
> > >> > >>>>>> quirk,
> > >> > >>>>>>>> we
> > >> > >>>>>>>>>> did
> > >> > >>>>>>>>>>>> not react to it in time.
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> WDYT?
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > >> > >>>>>> dependencies'
> > >> > >>>>>>>>>> versions
> > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > >> > >>>>> hibernate
> > >> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > >> > >>>>> maintenance
> > >> > >>>>>>>>> versions
> > >> > >>>>>>>>>>> to
> > >> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > >> > >>>>> between
> > >> > >>>>>>>>>> releases,
> > >> > >>>>>>>>>>> so
> > >> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > >> > >>>>> formal
> > >> > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> > >> > >>>>> these
> > >> > >>>>>>>>> version
> > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> Regards,
> > >> > >>>>>>>>>>>> --
> > >> > >>>>>>>>>>>> Ilya Kasnacheev
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> > >> > >>>>>>>>>>>>> :
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > >> > >>>>> 2.7.6,
> > >> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > >> > >>> Xeon
> > >> > >>>>>> X5570
> > >> > >>>>>>>>> 96Gb
> > >> > >>>>>>>>>>>> 512GB
> > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> cacheMode — partitioned
> > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > >> > >>>>>>>>>>>>> 1 backup
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > >> > >>> disabled.
> > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> [1]
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> >
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > >> > >>>>>>>>>>>>>> Cc:
> > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > >> > >>> Manager]
> > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Igniters,
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > >> > >>> Apache
> > >> > >>>>>> Ignite
> > >> > >>>>>>>>> 2.7
> > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > >> > >>> performance
> > >> > >>>>>>>>>> improvements
> > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > >> > >>>>>> release
> > >> > >>>>>>>>> date.
> > >> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > >> > >>>>> point
> > >> > >>>>>>>> since
> > >> > >>>>>>>>>> the
> > >> > >>>>>>>>>>>>>> last major release:
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Service Grid,
> > >> > >>>>>>>>>>>>>> Monitoring,
> > >> > >>>>>>>>>>>>>> Recovery Read
> > >> > >>>>>>>>>>>>>> BLT auto-adjust,
> > >> > >>>>>>>>>>>>>> PDS compression,
> > >> > >>>>>>>>>>>>>> WAL page compression,
> > >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > >> > >>>>>>>>>>>>>> SQL query history
> > >> > >>>>>>>>>>>>>> SQL statistics
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > >> > >>>>>> branch
> > >> > >>>>>>>>>> anymore
> > >> > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > >> > >>> year.
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > >> > >>>>>> release
> > >> > >>>>>>>> and
> > >> > >>>>>>>>>> also
> > >> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > >> > >>> the
> > >> > >>>>>>>> planning
> > >> > >>>>>>>>>>>>>> release.
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> WDYT?
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>
> > >> > >>>>>>
> > >> > >>>>>>
> > >> > >>>>>> --
> > >> > >>>>>> Best regards,
> > >> > >>>>>> Ivan Pavlukhin
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>
> > >> > >>
> > >> > >>
> > >> > >> --
> > >> > >> BR, Sergey Antonov
> > >> > >
> > >> >
> > >> >
> > >> >
> > >> >
> > >
> > >
> > >--
> > >Best regards,
> > >Ivan Pavlukhin
> > >
> >
> >
> >
> >
>
>
>
> --
> BR, Sergey Antonov

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Sergey Antonov <an...@gmail.com>]

Guys, I created two pull requests [1] [2] for 2.8 release.

First of them [1] is a patch with ticket [3] for ignite-2.8 branch.
Second [2] is a revert of ticket [4] from 2.8 release.

I'm waiting TC run all nightly results for both PRs. I'll write update when
TC runs will be ok.
I'm okay with both proposals (add ticket [1] to release, remove read-only
feature from 2.8 release scope). But I'm not okay with @IgniteExperemental
annotation.

[1] https://github.com/apache/ignite/pull/7239
[2] https://github.com/apache/ignite/pull/7238
[3] https://issues.apache.org/jira/browse/IGNITE-12225
[4] https://issues.apache.org/jira/browse/IGNITE-11256


пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky <arzamas123@mail.ru.invalid
>:

>
> Ivan, if i correctly understand, you suggest additional «expiremental»
> stuff only for hiding already leaked RO interface ?
> poor approach as for me.
>
> >Folks,
> >
> >Some thoughts:
> >* Releasing an API with known fallacies sounds really bad thing to me.
> >It can have a negative consequences for a whole project for years. My
> >opinion here that we should resolve the problem with this API somehow
> >before release.
> >* We can mark cluster read-only API (without enum) as experimental and
> >change the API in e.g. 2.8.1.
> >* We can try to exclude read-only API from 2.8 at all.
> >
> >What do you think?
> >
> >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < plehanov.alex@gmail.com >:
> >>
> >> Guys,
> >>
> >> There is also an issue with cluster activation by thin clients. This
> >> feature (.NET thin client API change and protocol change) was added by
> [1]
> >> without any discussion on dev-list. Sergey's patch [2] deprecate methods
> >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> didn't do
> >> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
> >> should not forget about thin client changes, since it will be strange
> if we
> >> introduce some methods to thin client API and protocol and in the same
> >> Ignite version deprecate these methods for servers and thick clients.
> >>
> >> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
> >> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
> >>
> >>
> >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <
> arzamas123@mail.ru.invalid
> >> >:
> >>
> >> >
> >> >
> >> > Agree with Nikolay, -1 from me, too.
> >> >
> >> > >Hello, Igniters.
> >> > >
> >> > >I’m -1 to include the read-only patch to 2.8.
> >> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> >> > blockers and major issues.
> >> > >
> >> > >Guys, we don’t release Apache Ignite for 13 months!
> >> > >We should focus on the release and make it ASAP.
> >> > >
> >> > >We can’t extend the scope anymore.
> >> > >
> >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> antonovsergey93@gmail.com >
> >> > написал(а):
> >> > >>
> >> > >> Hello, Maxim!
> >> > >>
> >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> >> > >> changed.
> >> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> already
> >> > >> presented. Changes in product code are minimal - only 30 changed
> files
> >> > in
> >> > >> /src/main/ part. And most of them are new control.sh commands and
> >> > >> configuration.
> >> > >>
> >> > >>> Do we have customer requests for this feature or maybe users who
> are
> >> > >> waiting for exactly that ENUM values exactly in 2.8 release (not
> the
> >> > 2.8.1
> >> > >> for instance)?
> >> > >> Can we introduce in new features in maintanance release (2.8.1)?
> Cluster
> >> > >> read-only mode will be new feature, if we remove
> IgniteCluster#readOnly
> >> > in
> >> > >> 2.8 release. If all ok with that, lets remove
> IgniteCluster#readOnly and
> >> > >> move ticket [1] to 2.8.1 release.
> >> > >>
> >> > >>> Do we have extended test results report (on just only TC.Bot green
> >> > visa)
> >> > >> on this feature to be sure that we will not add any blocker issues
> to
> >> > the
> >> > >> release?
> >> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa
> vs
> >> > >> release branch.
> >> > >>
> >> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> >> > >>
> >> > >>
> >> > >>
> >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <  mmuzaf@apache.org
> >:
> >> > >>
> >> > >>> Folks,
> >> > >>>
> >> > >>>
> >> > >>> Let me remind you that we are working on the 2.8 release branch
> >> > >>> stabilization currently (please, keep it in mind).
> >> > >>>
> >> > >>>
> >> > >>> Do we have a really STRONG reason for adding such a change [1] to
> the
> >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> >> > >>> −2,038, 111 files changed.
> >> > >>> Do we have customer requests for this feature or maybe users who
> are
> >> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not
> the
> >> > >>> 2.8.1 for instance)?
> >> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> >> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> >> > >>> Do we have extended test results report (on just only TC.Bot green
> >> > >>> visa) on this feature to be sure that we will not add any blocker
> >> > >>> issues to the release? For instance, on pre-production
> environment.
> >> > >>>
> >> > >>> I'd like to notice that we also have more than enough the release
> >> > >>> blocker issues [3] which are still `in progress` and such a
> release
> >> > >>> run becomes endless. Such changes without strong reasons looks too
> >> > >>> scary for me a special after scope and code freeze dates.
> >> > >>>
> >> > >>> Please, dispel my doubts.
> >> > >>>
> >> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> >> > >>> [2]  https://github.com/apache/ignite/pull/7194
> >> > >>> [3]
> >> > >>>
> >> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> >> > )
> >> > >>>
> >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> zaleslaw.sin@gmail.com
> >> > >
> >> > >>> wrote:
> >> > >>>>
> >> > >>>> +1
> >> > >>>>
> >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> >> >  antonovsergey93@gmail.com >:
> >> > >>>>
> >> > >>>>> +1
> >> > >>>>>
> >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> branch
> >> > >>> will be
> >> > >>>>> at 13 Jan
> >> > >>>>>
> >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <  vololo100@gmail.com
> >:
> >> > >>>>>
> >> > >>>>>> +1
> >> > >>>>>>
> >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> ivan.glukos@gmail.com >:
> >> > >>>>>>>
> >> > >>>>>>> Maxim M. and anyone who is interested,
> >> > >>>>>>>
> >> > >>>>>>> I suggest to include this fix to 2.8 release:
> >> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> >> > >>>>>>> Basically, it's a result of the following discussion:
> >> > >>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> >> > >>>>>>>
> >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> that
> >> > >>> work
> >> > >>>>> with
> >> > >>>>>>> boolean are replaced with ones that work with enum.
> >> > >>>>>>> If we include it, we won't be obliged to keep deprecated
> boolean
> >> > >>>>> version
> >> > >>>>>> of
> >> > >>>>>>> API in the code (which is currently present in 2.8 branch) as
> it
> >> > >>> wasn't
> >> > >>>>>>> published in any release.
> >> > >>>>>>>
> >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> >> > >>>>>>  ilya.kasnacheev@gmail.com >
> >> > >>>>>>> wrote:
> >> > >>>>>>>
> >> > >>>>>>>> Hello!
> >> > >>>>>>>>
> >> > >>>>>>>> I have ran dependency checker plugin and quote the following:
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-urideploy:
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-spring:
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-spring-data:
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-aop:
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-visor-console:
> >> > >>>>>>>>
> >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>
> >> >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> >> > >>>
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> >> > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> >> > >>>>> :
> >> > >>>>>>>> CVE-2018-15756
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-spring-data_2.0:
> >> > >>>>>>>>
> >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>
> >> >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> >> > >>>
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> >> > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2018-15756
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-rest-http:
> >> > >>>>>>>>
> >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> >> > >>>>>>>> jackson-databind-2.9.6.jar
> >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-kubernetes:
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-aws:
> >> > >>>>>>>>
> >> > >>>>>>>> jackson-databind-2.9.6.jar
> >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> >> > >>>>> CVE-2015-6644,
> >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> >> > >>>>> CVE-2016-1000341,
> >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> >> > >>>>> CVE-2016-1000345,
> >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> >> > >>> CVE-2017-13098,
> >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-gce:
> >> > >>>>>>>>
> >> > >>>>>>>> httpclient-4.0.1.jar
> >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> >> > >>>>>>>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> CVE-2011-1498,
> >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> >> > >>>>>>>> guava-jdk5-17.0.jar
> (pkg:maven/com.google.guava/guava-jdk5@17.0,
> >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-cloud:
> >> > >>>>>>>>
> >> > >>>>>>>> openstack-keystone-2.0.0.jar
> >> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> >> > >>> CVE-2013-2014,
> >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> >> > >>>>>> CVE-2014-3520,
> >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> >> > >>>>>> CVE-2018-20170
> >> > >>>>>>>> cloudstack-2.0.0.jar
> >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> >> > >>>>>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> CVE-2013-2136,
> >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> >> > >>>>>>>> docker-2.0.0.jar
> (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> CVE-2018-10892,
> >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> CVE-2019-16884,
> >> > >>>>>>>> CVE-2019-5736
> >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>> docker-1.9.3.jar
> (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> >> > >>> ,
> >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> CVE-2019-15752,
> >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> >> > >>>>> CVE-2015-6644,
> >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> >> > >>> CVE-2016-1000341,
> >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> >> > >>>>> CVE-2016-1000345,
> >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> >> > >>> CVE-2018-1000613
> >> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> ,
> >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> CVE-2016-2402
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-mesos:
> >> > >>>>>>>>
> >> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> >> > >>>>>>>> jackson-databind-2.9.6.jar
> >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-kafka:
> >> > >>>>>>>>
> >> > >>>>>>>> kafka-clients-2.0.1.jar
> >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> >> > >>>>>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >> > >>>>>>>> connect-api-2.0.1.jar
> >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-flume:
> >> > >>>>>>>>
> >> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>> jackson-core-asl-1.8.8.jar
> >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> >> > >>> CVE-2017-15095,
> >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> CVE-2018-1000873,
> >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> >> > >>>>>>>> commons-collections-3.2.1.jar
> >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> >> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2015-6420,
> >> > >>>>>>>> CVE-2017-15708, Remote code execution
> >> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> >> > >>>>>> CVE-2019-16869,
> >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> >> > >>>>>>>> servlet-api-2.5-20110124.jar
> >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2005-3747,
> >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> >> > >>>>>> CVE-2009-5049,
> >> > >>>>>>>> CVE-2011-4461
> >> > >>>>>>>> jetty-util-6.1.26.jar
> >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> >> > >>>>> ,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> >> > >>> CVE-2009-1523,
> >> > >>>>>>>> CVE-2011-4461
> >> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> >> > >>> CVE-2009-1523,
> >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> >> > >>>>>> CVE-2017-9735,
> >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> >> > >>>>>>>> libthrift-0.9.0.jar
> (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> >> > >>> :
> >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> >> > >>>>>>>> httpclient-4.1.3.jar
> >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> >> > >>>>>>>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> >> > >>>>>>>> CVE-2015-5262
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-twitter:
> >> > >>>>>>>>
> >> > >>>>>>>> httpclient-4.2.5.jar
> >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> >> > >>>>>>>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> >> > >>>>>>>> CVE-2015-5262
> >> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-zookeeper:
> >> > >>>>>>>>
> >> > >>>>>>>> jackson-databind-2.9.8.jar
> >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> ,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2019-12086,
> >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439,
> >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943,
> >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*)
> :
> >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> CVE-2018-1000873,
> >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> >> > >>>>>>>> netty-all-4.1.29.Final.jar
> >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> >> > >>>>> ,
> >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-camel:
> >> > >>>>>>>>
> >> > >>>>>>>> camel-core-2.22.0.jar
> >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-storm:
> >> > >>>>>>>>
> >> > >>>>>>>> storm-core-1.1.1.jar
> (pkg:maven/org.apache.storm/storm-core@1.1.1
> >> > >>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >> > >>>>> CVE-2019-10247
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> >> > >>>>>>>> CVE-2015-5262
> >> > >>>>>>>>
> >> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> >> > >>>>>> CVE-2014-3488,
> >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> SSLv3.0
> >> > >>>>> support
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >> > >>>>> CVE-2011-4461,
> >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> >> > >>>>>> CVE-2019-10241,
> >> > >>>>>>>> CVE-2019-10247
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>
> >> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >> > >>>>> CVE-2011-4461,
> >> > >>>>>>>> CVE-2019-10247
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> >> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> >> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2016-1000031
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>
> >> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> >> > >>>>>> CVE-2017-15713,
> >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> >> > >>>>>> CVE-2018-1296,
> >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-cassandra-store:
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-cassandra-serializers:
> >> > >>>>>>>>
> >> > >>>>>>>> commons-beanutils-1.9.2.jar
> >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> >> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2019-10086
> >> > >>>>>>>> commons-collections-3.2.1.jar
> >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> >> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2015-6420,
> >> > >>>>>>>> CVE-2017-15708, Remote code execution
> >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>
> >> >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> >> > >>>
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> >> > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> >> > >>>>> :
> >> > >>>>>>>> CVE-2018-15756
> >> > >>>>>>>> netty-transport-4.1.27.Final.jar
> >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-flink:
> >> > >>>>>>>>
> >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> >> > >>>>>>>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> >> > >>>>>> CVE-2016-4970,
> >> > >>>>>>>> CVE-2019-16869
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> ,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> >> > >>>>>> CVE-2017-15095,
> >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> CVE-2018-11307,
> >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> CVE-2018-14719,
> >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> CVE-2018-19361,
> >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439,
> >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943,
> >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >> > >>>>>>>>
> >> > >>>>>>>> One or more dependencies were identified with known
> >> > >>> vulnerabilities
> >> > >>>>> in
> >> > >>>>>>>> ignite-rocketmq:
> >> > >>>>>>>>
> >> > >>>>>>>> netty-all-4.0.42.Final.jar
> >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> >> > >>>>> ,
> >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> >> > >>>>>>>>
> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> >> > >>> ,
> >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> >> > >>>>>>>>
> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> >> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> >> > >>>>>> CVE-2006-7196,
> >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> >> > >>>>>> CVE-2012-5568,
> >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> >> > >>>>>> CVE-2013-4590,
> >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> >> > >>>>>> CVE-2014-0119,
> >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> >> > >>>>>>>>
> >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> maintenance
> >> > >>>>>> releases
> >> > >>>>>>>> of Spring. I think we can bump most of that.
> >> > >>>>>>>>
> >> > >>>>>>>> Some integrations also clearly suffer, through it's a
> problem of
> >> > >>>>> their
> >> > >>>>>>>> users, since they need to declare their own libraries'
> versions
> >> > >>> by
> >> > >>>>>>>> convention.
> >> > >>>>>>>>
> >> > >>>>>>>> Regards,
> >> > >>>>>>>> --
> >> > >>>>>>>> Ilya Kasnacheev
> >> > >>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> dmagda@apache.org >:
> >> > >>>>>>>>
> >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> >> > >>> let's
> >> > >>>>>> update
> >> > >>>>>>>>> the versions of the dependencies to the latest.
> >> > >>>>>>>>>
> >> > >>>>>>>>> -
> >> > >>>>>>>>> Denis
> >> > >>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> >> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> >> > >>>>>>>>> wrote:
> >> > >>>>>>>>>
> >> > >>>>>>>>>> Hello!
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> By bumping versisons I mean the following:
> >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> >> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> >> > >>>>>>>>>>
> >> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> >> > >>>>>>>> <!--
> >> > >>>>>>>>>> don't forget to update spring version -->
> >> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> >> > >>>>> don't
> >> > >>>>>>>>> forget
> >> > >>>>>>>>>> to update spring-data version -->
> >> > >>>>>>>>>>
> >> > >>>>>>>>>
> >> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> >> > >>>>>>>>>>
> >> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> >> > >>>>>>>>> don't
> >> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> All these libraries have maintenance release (such as our
> >> > >>>>> 2.7.*6*)
> >> > >>>>>> and
> >> > >>>>>>>> I
> >> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> >> > >>> to the
> >> > >>>>>>>> latest
> >> > >>>>>>>>>> maintenance version found in Maven Central.
> >> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> Regards,
> >> > >>>>>>>>>> --
> >> > >>>>>>>>>> Ilya Kasnacheev
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> dmagda@apache.org
> >> > >>>> :
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> >> > >>> fixes/improvements.
> >> > >>>>>> Ilya is
> >> > >>>>>>>>>> right
> >> > >>>>>>>>>>> that Spring Data related questions sparked last time due
> to
> >> > >>>>>> missing
> >> > >>>>>>>>>> support
> >> > >>>>>>>>>>> of 2.2 version.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> >> > >>> the
> >> > >>>>>>>>> versions"?
> >> > >>>>>>>>>> Do
> >> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> >> > >>>>>>>>> "ignite-spring-data"
> >> > >>>>>>>>>> to
> >> > >>>>>>>>>>> version 2.2 and introducing
> >> > >>> "ignite-spring-data-{old-version"}
> >> > >>>>>> for
> >> > >>>>>>>> the
> >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> >> > >>> proposal.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> -
> >> > >>>>>>>>>>> Denis
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> >> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>> wrote:
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>>> Hello!
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> >> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> >> > >>>>>> commits, be
> >> > >>>>>>>>>>> careful
> >> > >>>>>>>>>>>> with release version)
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> >> > >>> will
> >> > >>>>>> provide
> >> > >>>>>>>>> the
> >> > >>>>>>>>>>>> following considerations:
> >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> >> > >>> currently do
> >> > >>>>>> not
> >> > >>>>>>>>> have,
> >> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> >> > >>> and
> >> > >>>>>> mailing
> >> > >>>>>>>>>> list.
> >> > >>>>>>>>>>>> Spring Data is important to our public image since many
> >> > >>>>> people
> >> > >>>>>> may
> >> > >>>>>>>>>> learn
> >> > >>>>>>>>>>>> about out project by starting with Spring Data.
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> >> > >>> (just 2
> >> > >>>>> POM
> >> > >>>>>>>> file
> >> > >>>>>>>>>>>> touched and that's all).
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> * The core was ready since early November but, due to
> >> > >>> gmail
> >> > >>>>>> quirk,
> >> > >>>>>>>> we
> >> > >>>>>>>>>> did
> >> > >>>>>>>>>>>> not react to it in time.
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> WDYT?
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> >> > >>>>>> dependencies'
> >> > >>>>>>>>>> versions
> >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> >> > >>>>> hibernate
> >> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> >> > >>>>> maintenance
> >> > >>>>>>>>> versions
> >> > >>>>>>>>>>> to
> >> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> I think this is one of things that are very hard to do
> >> > >>>>> between
> >> > >>>>>>>>>> releases,
> >> > >>>>>>>>>>> so
> >> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> >> > >>>>> formal
> >> > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> >> > >>>>> these
> >> > >>>>>>>>> version
> >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> Regards,
> >> > >>>>>>>>>>>> --
> >> > >>>>>>>>>>>> Ilya Kasnacheev
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> >> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
> >> > >>>>>>>>>>>>> :
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> >> > >>>>> 2.7.6,
> >> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> >> > >>> Xeon
> >> > >>>>>> X5570
> >> > >>>>>>>>> 96Gb
> >> > >>>>>>>>>>>> 512GB
> >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> cacheMode — partitioned
> >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> >> > >>>>>>>>>>>>> 1 backup
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> >> > >>> disabled.
> >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> [1]
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> ------- Forwarded message -------
> >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> >> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> >> > >>>>>>>>>>>>>> Cc:
> >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> >> > >>> Manager]
> >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Igniters,
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> >> > >>> Apache
> >> > >>>>>> Ignite
> >> > >>>>>>>>> 2.7
> >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> >> > >>> performance
> >> > >>>>>>>>>> improvements
> >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> >> > >>>>>> release
> >> > >>>>>>>>> date.
> >> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> >> > >>>>> point
> >> > >>>>>>>> since
> >> > >>>>>>>>>> the
> >> > >>>>>>>>>>>>>> last major release:
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Service Grid,
> >> > >>>>>>>>>>>>>> Monitoring,
> >> > >>>>>>>>>>>>>> Recovery Read
> >> > >>>>>>>>>>>>>> BLT auto-adjust,
> >> > >>>>>>>>>>>>>> PDS compression,
> >> > >>>>>>>>>>>>>> WAL page compression,
> >> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> >> > >>>>>>>>>>>>>> SQL query history
> >> > >>>>>>>>>>>>>> SQL statistics
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> >> > >>>>>> branch
> >> > >>>>>>>>>> anymore
> >> > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> >> > >>> year.
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> >> > >>>>>> release
> >> > >>>>>>>> and
> >> > >>>>>>>>>> also
> >> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> >> > >>> the
> >> > >>>>>>>> planning
> >> > >>>>>>>>>>>>>> release.
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> >> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> WDYT?
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>
> >> > >>>>>>
> >> > >>>>>>
> >> > >>>>>> --
> >> > >>>>>> Best regards,
> >> > >>>>>> Ivan Pavlukhin
> >> > >>>>>>
> >> > >>>>>
> >> > >>>
> >> > >>
> >> > >>
> >> > >> --
> >> > >> BR, Sergey Antonov
> >> > >
> >> >
> >> >
> >> >
> >> >
> >
> >
> >--
> >Best regards,
> >Ivan Pavlukhin
> >
>
>
>
>



-- 
BR, Sergey Antonov

Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Zhenya Stanilovsky <ar...@mail.ru.INVALID>]

Ivan, if i correctly understand, you suggest additional «expiremental» stuff only for hiding already leaked RO interface ?
poor approach as for me.
 
>Folks,
>
>Some thoughts:
>* Releasing an API with known fallacies sounds really bad thing to me.
>It can have a negative consequences for a whole project for years. My
>opinion here that we should resolve the problem with this API somehow
>before release.
>* We can mark cluster read-only API (without enum) as experimental and
>change the API in e.g. 2.8.1.
>* We can try to exclude read-only API from 2.8 at all.
>
>What do you think?
>
>пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < plehanov.alex@gmail.com >:
>>
>> Guys,
>>
>> There is also an issue with cluster activation by thin clients. This
>> feature (.NET thin client API change and protocol change) was added by [1]
>> without any discussion on dev-list. Sergey's patch [2] deprecate methods
>> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't do
>> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
>> should not forget about thin client changes, since it will be strange if we
>> introduce some methods to thin client API and protocol and in the same
>> Ignite version deprecate these methods for servers and thick clients.
>>
>> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
>> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
>>
>>
>> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky < arzamas123@mail.ru.invalid
>> >:
>>
>> >
>> >
>> > Agree with Nikolay, -1 from me, too.
>> >
>> > >Hello, Igniters.
>> > >
>> > >I’m -1 to include the read-only patch to 2.8.
>> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
>> > blockers and major issues.
>> > >
>> > >Guys, we don’t release Apache Ignite for 13 months!
>> > >We should focus on the release and make it ASAP.
>> > >
>> > >We can’t extend the scope anymore.
>> > >
>> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <  antonovsergey93@gmail.com >
>> > написал(а):
>> > >>
>> > >> Hello, Maxim!
>> > >>
>> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
>> > >> changed.
>> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
>> > >> presented. Changes in product code are minimal - only 30 changed files
>> > in
>> > >> /src/main/ part. And most of them are new control.sh commands and
>> > >> configuration.
>> > >>
>> > >>> Do we have customer requests for this feature or maybe users who are
>> > >> waiting for exactly that ENUM values exactly in 2.8 release (not the
>> > 2.8.1
>> > >> for instance)?
>> > >> Can we introduce in new features in maintanance release (2.8.1)? Cluster
>> > >> read-only mode will be new feature, if we remove IgniteCluster#readOnly
>> > in
>> > >> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
>> > >> move ticket [1] to 2.8.1 release.
>> > >>
>> > >>> Do we have extended test results report (on just only TC.Bot green
>> > visa)
>> > >> on this feature to be sure that we will not add any blocker issues to
>> > the
>> > >> release?
>> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
>> > >> release branch.
>> > >>
>> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
>> > >>
>> > >>
>> > >>
>> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <  mmuzaf@apache.org >:
>> > >>
>> > >>> Folks,
>> > >>>
>> > >>>
>> > >>> Let me remind you that we are working on the 2.8 release branch
>> > >>> stabilization currently (please, keep it in mind).
>> > >>>
>> > >>>
>> > >>> Do we have a really STRONG reason for adding such a change [1] to the
>> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
>> > >>> −2,038, 111 files changed.
>> > >>> Do we have customer requests for this feature or maybe users who are
>> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not the
>> > >>> 2.8.1 for instance)?
>> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
>> > >>> backward compatibility issues between 2.8 and 2.9 releases?
>> > >>> Do we have extended test results report (on just only TC.Bot green
>> > >>> visa) on this feature to be sure that we will not add any blocker
>> > >>> issues to the release? For instance, on pre-production environment.
>> > >>>
>> > >>> I'd like to notice that we also have more than enough the release
>> > >>> blocker issues [3] which are still `in progress` and such a release
>> > >>> run becomes endless. Such changes without strong reasons looks too
>> > >>> scary for me a special after scope and code freeze dates.
>> > >>>
>> > >>> Please, dispel my doubts.
>> > >>>
>> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
>> > >>> [2]  https://github.com/apache/ignite/pull/7194
>> > >>> [3]
>> > >>>
>> >  https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
>> > )
>> > >>>
>> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <  zaleslaw.sin@gmail.com
>> > >
>> > >>> wrote:
>> > >>>>
>> > >>>> +1
>> > >>>>
>> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
>> >  antonovsergey93@gmail.com >:
>> > >>>>
>> > >>>>> +1
>> > >>>>>
>> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
>> > >>> will be
>> > >>>>> at 13 Jan
>> > >>>>>
>> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <  vololo100@gmail.com >:
>> > >>>>>
>> > >>>>>> +1
>> > >>>>>>
>> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <  ivan.glukos@gmail.com >:
>> > >>>>>>>
>> > >>>>>>> Maxim M. and anyone who is interested,
>> > >>>>>>>
>> > >>>>>>> I suggest to include this fix to 2.8 release:
>> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
>> > >>>>>>> Basically, it's a result of the following discussion:
>> > >>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> >  http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
>> > >>>>>>>
>> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
>> > >>> work
>> > >>>>> with
>> > >>>>>>> boolean are replaced with ones that work with enum.
>> > >>>>>>> If we include it, we won't be obliged to keep deprecated boolean
>> > >>>>> version
>> > >>>>>> of
>> > >>>>>>> API in the code (which is currently present in 2.8 branch) as it
>> > >>> wasn't
>> > >>>>>>> published in any release.
>> > >>>>>>>
>> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
>> > >>>>>>  ilya.kasnacheev@gmail.com >
>> > >>>>>>> wrote:
>> > >>>>>>>
>> > >>>>>>>> Hello!
>> > >>>>>>>>
>> > >>>>>>>> I have ran dependency checker plugin and quote the following:
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-urideploy:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-spring:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-spring-data:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-aop:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-visor-console:
>> > >>>>>>>>
>> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
>> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>> > >>>>> :
>> > >>>>>>>> CVE-2018-15756
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-spring-data_2.0:
>> > >>>>>>>>
>> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
>> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-15756
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-rest-http:
>> > >>>>>>>>
>> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>> > >>>>>>>> jackson-databind-2.9.6.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-kubernetes:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-aws:
>> > >>>>>>>>
>> > >>>>>>>> jackson-databind-2.9.6.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
>> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
>> > >>>>> CVE-2015-6644,
>> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
>> > >>>>> CVE-2016-1000341,
>> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>> > >>>>> CVE-2016-1000345,
>> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
>> > >>> CVE-2017-13098,
>> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-gce:
>> > >>>>>>>>
>> > >>>>>>>> httpclient-4.0.1.jar
>> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
>> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
>> > >>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
>> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-cloud:
>> > >>>>>>>>
>> > >>>>>>>> openstack-keystone-2.0.0.jar
>> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
>> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
>> > >>> CVE-2013-2014,
>> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
>> > >>>>>> CVE-2014-3520,
>> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
>> > >>>>>> CVE-2018-20170
>> > >>>>>>>> cloudstack-2.0.0.jar
>> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
>> > >>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
>> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
>> > >>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
>> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
>> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
>> > >>>>>>>> CVE-2019-5736
>> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
>> > >>> ,
>> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
>> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
>> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
>> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
>> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
>> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
>> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
>> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
>> > >>>>> CVE-2015-6644,
>> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
>> > >>> CVE-2016-1000341,
>> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>> > >>>>> CVE-2016-1000345,
>> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
>> > >>> CVE-2018-1000613
>> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
>> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-mesos:
>> > >>>>>>>>
>> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
>> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
>> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
>> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>> > >>>>>>>> jackson-databind-2.9.6.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-kafka:
>> > >>>>>>>>
>> > >>>>>>>> kafka-clients-2.0.1.jar
>> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
>> > >>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>> > >>>>>>>> connect-api-2.0.1.jar
>> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
>> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-flume:
>> > >>>>>>>>
>> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
>> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> jackson-core-asl-1.8.8.jar
>> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
>> > >>> CVE-2017-15095,
>> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
>> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
>> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
>> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
>> > >>>>>>>> commons-collections-3.2.1.jar
>> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2015-6420,
>> > >>>>>>>> CVE-2017-15708, Remote code execution
>> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
>> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
>> > >>>>>> CVE-2019-16869,
>> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
>> > >>>>>>>> servlet-api-2.5-20110124.jar
>> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2005-3747,
>> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
>> > >>>>>> CVE-2009-5049,
>> > >>>>>>>> CVE-2011-4461
>> > >>>>>>>> jetty-util-6.1.26.jar
>> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
>> > >>>>> ,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>> > >>> CVE-2009-1523,
>> > >>>>>>>> CVE-2011-4461
>> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>> > >>> CVE-2009-1523,
>> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
>> > >>>>>> CVE-2017-9735,
>> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
>> > >>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
>> > >>> :
>> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
>> > >>>>>>>> httpclient-4.1.3.jar
>> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>> > >>>>>>>> CVE-2015-5262
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-twitter:
>> > >>>>>>>>
>> > >>>>>>>> httpclient-4.2.5.jar
>> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
>> > >>>>>>>> CVE-2015-5262
>> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-zookeeper:
>> > >>>>>>>>
>> > >>>>>>>> jackson-databind-2.9.8.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2019-12086,
>> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
>> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
>> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
>> > >>>>>>>> netty-all-4.1.29.Final.jar
>> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
>> > >>>>> ,
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-camel:
>> > >>>>>>>>
>> > >>>>>>>> camel-core-2.22.0.jar
>> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
>> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
>> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
>> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-storm:
>> > >>>>>>>>
>> > >>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
>> > >>> ,
>> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
>> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>> > >>>>> CVE-2019-10247
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
>> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>> > >>>>>>>> CVE-2015-5262
>> > >>>>>>>>
>> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
>> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
>> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
>> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
>> > >>>>>> CVE-2014-3488,
>> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
>> > >>>>> support
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>> > >>>>> CVE-2011-4461,
>> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
>> > >>>>>> CVE-2019-10241,
>> > >>>>>>>> CVE-2019-10247
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>> > >>>>> CVE-2011-4461,
>> > >>>>>>>> CVE-2019-10247
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
>> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
>> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2016-1000031
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
>> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
>> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
>> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
>> > >>>>>> CVE-2017-15713,
>> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
>> > >>>>>> CVE-2018-1296,
>> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-cassandra-store:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-cassandra-serializers:
>> > >>>>>>>>
>> > >>>>>>>> commons-beanutils-1.9.2.jar
>> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
>> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2019-10086
>> > >>>>>>>> commons-collections-3.2.1.jar
>> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2015-6420,
>> > >>>>>>>> CVE-2017-15708, Remote code execution
>> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
>> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>> > >>>>> :
>> > >>>>>>>> CVE-2018-15756
>> > >>>>>>>> netty-transport-4.1.27.Final.jar
>> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-flink:
>> > >>>>>>>>
>> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
>> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
>> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
>> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
>> > >>>>>> CVE-2016-4970,
>> > >>>>>>>> CVE-2019-16869
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2017-15095,
>> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
>> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
>> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
>> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
>> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
>> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
>> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-rocketmq:
>> > >>>>>>>>
>> > >>>>>>>> netty-all-4.0.42.Final.jar
>> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
>> > >>>>> ,
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
>> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
>> > >>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
>> > >>> ,
>> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
>> > >>>>>> CVE-2006-7196,
>> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
>> > >>>>>> CVE-2012-5568,
>> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
>> > >>>>>> CVE-2013-4590,
>> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
>> > >>>>>> CVE-2014-0119,
>> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
>> > >>>>>>>>
>> > >>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
>> > >>>>>> releases
>> > >>>>>>>> of Spring. I think we can bump most of that.
>> > >>>>>>>>
>> > >>>>>>>> Some integrations also clearly suffer, through it's a problem of
>> > >>>>> their
>> > >>>>>>>> users, since they need to declare their own libraries' versions
>> > >>> by
>> > >>>>>>>> convention.
>> > >>>>>>>>
>> > >>>>>>>> Regards,
>> > >>>>>>>> --
>> > >>>>>>>> Ilya Kasnacheev
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <  dmagda@apache.org >:
>> > >>>>>>>>
>> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
>> > >>> let's
>> > >>>>>> update
>> > >>>>>>>>> the versions of the dependencies to the latest.
>> > >>>>>>>>>
>> > >>>>>>>>> -
>> > >>>>>>>>> Denis
>> > >>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
>> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
>> > >>>>>>>>> wrote:
>> > >>>>>>>>>
>> > >>>>>>>>>> Hello!
>> > >>>>>>>>>>
>> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
>> > >>>>>>>>>>
>> > >>>>>>>>>> By bumping versisons I mean the following:
>> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
>> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
>> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
>> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
>> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
>> > >>>>>>>>>>
>> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
>> > >>>>>>>> <!--
>> > >>>>>>>>>> don't forget to update spring version -->
>> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
>> > >>>>> don't
>> > >>>>>>>>> forget
>> > >>>>>>>>>> to update spring-data version -->
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
>> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
>> > >>>>>>>>>>
>> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
>> > >>>>>>>>> don't
>> > >>>>>>>>>> forget to update spring-data-2.0 version -->
>> > >>>>>>>>>>
>> > >>>>>>>>>> All these libraries have maintenance release (such as our
>> > >>>>> 2.7.*6*)
>> > >>>>>> and
>> > >>>>>>>> I
>> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
>> > >>> to the
>> > >>>>>>>> latest
>> > >>>>>>>>>> maintenance version found in Maven Central.
>> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
>> > >>>>>>>>>>
>> > >>>>>>>>>> Regards,
>> > >>>>>>>>>> --
>> > >>>>>>>>>> Ilya Kasnacheev
>> > >>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <  dmagda@apache.org
>> > >>>> :
>> > >>>>>>>>>>
>> > >>>>>>>>>>> A huge +1 for adding Spring Data related
>> > >>> fixes/improvements.
>> > >>>>>> Ilya is
>> > >>>>>>>>>> right
>> > >>>>>>>>>>> that Spring Data related questions sparked last time due to
>> > >>>>>> missing
>> > >>>>>>>>>> support
>> > >>>>>>>>>>> of 2.2 version.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
>> > >>> the
>> > >>>>>>>>> versions"?
>> > >>>>>>>>>> Do
>> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
>> > >>>>>>>>> "ignite-spring-data"
>> > >>>>>>>>>> to
>> > >>>>>>>>>>> version 2.2 and introducing
>> > >>> "ignite-spring-data-{old-version"}
>> > >>>>>> for
>> > >>>>>>>> the
>> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
>> > >>> proposal.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> -
>> > >>>>>>>>>>> Denis
>> > >>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
>> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>> wrote:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>>> Hello!
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
>> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
>> > >>>>>> commits, be
>> > >>>>>>>>>>> careful
>> > >>>>>>>>>>>> with release version)
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
>> > >>> will
>> > >>>>>> provide
>> > >>>>>>>>> the
>> > >>>>>>>>>>>> following considerations:
>> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
>> > >>> currently do
>> > >>>>>> not
>> > >>>>>>>>> have,
>> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
>> > >>> and
>> > >>>>>> mailing
>> > >>>>>>>>>> list.
>> > >>>>>>>>>>>> Spring Data is important to our public image since many
>> > >>>>> people
>> > >>>>>> may
>> > >>>>>>>>>> learn
>> > >>>>>>>>>>>> about out project by starting with Spring Data.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> * It has zero code impact outside of its own module
>> > >>> (just 2
>> > >>>>> POM
>> > >>>>>>>> file
>> > >>>>>>>>>>>> touched and that's all).
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> * The core was ready since early November but, due to
>> > >>> gmail
>> > >>>>>> quirk,
>> > >>>>>>>> we
>> > >>>>>>>>>> did
>> > >>>>>>>>>>>> not react to it in time.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> WDYT?
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
>> > >>>>>> dependencies'
>> > >>>>>>>>>> versions
>> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
>> > >>>>> hibernate
>> > >>>>>>>>>>>> dependencies. We could switch them to their latest
>> > >>>>> maintenance
>> > >>>>>>>>> versions
>> > >>>>>>>>>>> to
>> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> I think this is one of things that are very hard to do
>> > >>>>> between
>> > >>>>>>>>>> releases,
>> > >>>>>>>>>>> so
>> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
>> > >>>>> formal
>> > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
>> > >>>>> these
>> > >>>>>>>>> version
>> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> Regards,
>> > >>>>>>>>>>>> --
>> > >>>>>>>>>>>> Ilya Kasnacheev
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
>> > >>>>>>>>>>> <  arzamas123@mail.ru.invalid
>> > >>>>>>>>>>>>> :
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
>> > >>>>> 2.7.6,
>> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
>> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
>> > >>> Xeon
>> > >>>>>> X5570
>> > >>>>>>>>> 96Gb
>> > >>>>>>>>>>>> 512GB
>> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
>> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
>> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
>> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
>> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
>> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
>> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
>> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
>> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> cacheMode — partitioned
>> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
>> > >>>>>>>>>>>>> 1 backup
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
>> > >>> disabled.
>> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> [1]
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> >  https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> do we need some bisect or other work here ?
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> ------- Forwarded message -------
>> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
>> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
>> > >>>>>>>>>>>>>> Cc:
>> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
>> > >>> Manager]
>> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> Igniters,
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
>> > >>> Apache
>> > >>>>>> Ignite
>> > >>>>>>>>> 2.7
>> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
>> > >>> performance
>> > >>>>>>>>>> improvements
>> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
>> > >>>>>> release
>> > >>>>>>>>> date.
>> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
>> > >>>>> point
>> > >>>>>>>> since
>> > >>>>>>>>>> the
>> > >>>>>>>>>>>>>> last major release:
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> Service Grid,
>> > >>>>>>>>>>>>>> Monitoring,
>> > >>>>>>>>>>>>>> Recovery Read
>> > >>>>>>>>>>>>>> BLT auto-adjust,
>> > >>>>>>>>>>>>>> PDS compression,
>> > >>>>>>>>>>>>>> WAL page compression,
>> > >>>>>>>>>>>>>> Thin client: best effort affinity,
>> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
>> > >>>>>>>>>>>>>> SQL query history
>> > >>>>>>>>>>>>>> SQL statistics
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
>> > >>>>>> branch
>> > >>>>>>>>>> anymore
>> > >>>>>>>>>>>>>> and prepare the next major release by the end of the
>> > >>> year.
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
>> > >>>>>> release
>> > >>>>>>>> and
>> > >>>>>>>>>> also
>> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
>> > >>> the
>> > >>>>>>>> planning
>> > >>>>>>>>>>>>>> release.
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
>> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
>> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
>> > >>>>>>>>>>>>>> Release Date: December 17, 2019
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> WDYT?
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>> --
>> > >>>>>> Best regards,
>> > >>>>>> Ivan Pavlukhin
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > >>
>> > >>
>> > >> --
>> > >> BR, Sergey Antonov
>> > >
>> >
>> >
>> >
>> >
>
>
>--
>Best regards,
>Ivan Pavlukhin
>  
 
 
 
 

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Sergey Antonov <an...@gmail.com>]

Guys, what we do with control.sh commands? We can't set experimental
annotation on those commands.

пт, 10 янв. 2020 г., 17:47 Alexey Zinoviev <za...@gmail.com>:

> Support the idea with the annotation
>
> пт, 10 янв. 2020 г., 13:11 Вячеслав Коптилин <sl...@gmail.com>:
>
> > Hello,
> >
> > * We can mark cluster read-only API (without enum) as experimental and
> > > change the API in e.g. 2.8.1.
> > > * We can try to exclude read-only API from 2.8 at all.
> >
> > both approaches look good to me.
> >
> > By the way, I think it would be a good idea to introduce a new
> annotation -
> > @IgniteExperimental for instance,
> > The package, class or method that is marked by @IgniteExperimental should
> > clearly state that this API, class or method can be changed or removed
> in a
> > future release.
> >
> > Thanks,
> > S.
> >
> > пт, 10 янв. 2020 г. в 13:02, Ilya Kasnacheev <ilya.kasnacheev@gmail.com
> >:
> >
> > > Hello!
> > >
> > > I think the third option (exclude publicly-accessible API) is
> preferable.
> > >
> > > Regards,
> > > --
> > > Ilya Kasnacheev
> > >
> > >
> > > пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <vo...@gmail.com>:
> > >
> > > > Folks,
> > > >
> > > > Some thoughts:
> > > > * Releasing an API with known fallacies sounds really bad thing to
> me.
> > > > It can have a negative consequences for a whole project for years. My
> > > > opinion here that we should resolve the problem with this API somehow
> > > > before release.
> > > > * We can mark cluster read-only API (without enum) as experimental
> and
> > > > change the API in e.g. 2.8.1.
> > > > * We can try to exclude read-only API from 2.8 at all.
> > > >
> > > > What do you think?
> > > >
> > > > пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <plehanov.alex@gmail.com
> >:
> > > > >
> > > > > Guys,
> > > > >
> > > > > There is also an issue with cluster activation by thin clients.
> This
> > > > > feature (.NET thin client API change and protocol change) was added
> > by
> > > > [1]
> > > > > without any discussion on dev-list. Sergey's patch [2] deprecate
> > > methods
> > > > > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > > didn't
> > > > do
> > > > > this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> > > also
> > > > > should not forget about thin client changes, since it will be
> strange
> > > if
> > > > we
> > > > > introduce some methods to thin client API and protocol and in the
> > same
> > > > > Ignite version deprecate these methods for servers and thick
> clients.
> > > > >
> > > > > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > > > > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >
> > > > >
> > > > > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> > > > <arzamas123@mail.ru.invalid
> > > > > >:
> > > > >
> > > > > >
> > > > > >
> > > > > > Agree with Nikolay, -1 from me, too.
> > > > > >
> > > > > > >Hello, Igniters.
> > > > > > >
> > > > > > >I’m -1 to include the read-only patch to 2.8.
> > > > > > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> > for
> > > > > > blockers and major issues.
> > > > > > >
> > > > > > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > > >We should focus on the release and make it ASAP.
> > > > > > >
> > > > > > >We can’t extend the scope anymore.
> > > > > > >
> > > > > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > > antonovsergey93@gmail.com >
> > > > > > написал(а):
> > > > > > >>
> > > > > > >> Hello, Maxim!
> > > > > > >>
> > > > > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111
> files
> > > > > > >> changed.
> > > > > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > > already
> > > > > > >> presented. Changes in product code are minimal - only 30
> changed
> > > > files
> > > > > > in
> > > > > > >> /src/main/ part. And most of them are new control.sh commands
> > and
> > > > > > >> configuration.
> > > > > > >>
> > > > > > >>> Do we have customer requests for this feature or maybe users
> > who
> > > > are
> > > > > > >> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > > > > 2.8.1
> > > > > > >> for instance)?
> > > > > > >> Can we introduce in new features in maintanance release
> (2.8.1)?
> > > > Cluster
> > > > > > >> read-only mode will be new feature, if we remove
> > > > IgniteCluster#readOnly
> > > > > > in
> > > > > > >> 2.8 release. If all ok with that, lets remove
> > > > IgniteCluster#readOnly and
> > > > > > >> move ticket [1] to 2.8.1 release.
> > > > > > >>
> > > > > > >>> Do we have extended test results report (on just only TC.Bot
> > > green
> > > > > > visa)
> > > > > > >> on this feature to be sure that we will not add any blocker
> > issues
> > > > to
> > > > > > the
> > > > > > >> release?
> > > > > > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> > visa
> > > > vs
> > > > > > >> release branch.
> > > > > > >>
> > > > > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> mmuzaf@apache.org
> > > >:
> > > > > > >>
> > > > > > >>> Folks,
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Let me remind you that we are working on the 2.8 release
> branch
> > > > > > >>> stabilization currently (please, keep it in mind).
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Do we have a really STRONG reason for adding such a change
> [1]
> > to
> > > > the
> > > > > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> > +5,517
> > > > > > >>> −2,038, 111 files changed.
> > > > > > >>> Do we have customer requests for this feature or maybe users
> > who
> > > > are
> > > > > > >>> waiting for exactly that ENUM values exactly in 2.8 release
> > (not
> > > > the
> > > > > > >>> 2.8.1 for instance)?
> > > > > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate
> > any
> > > > > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > > > >>> Do we have extended test results report (on just only TC.Bot
> > > green
> > > > > > >>> visa) on this feature to be sure that we will not add any
> > blocker
> > > > > > >>> issues to the release? For instance, on pre-production
> > > environment.
> > > > > > >>>
> > > > > > >>> I'd like to notice that we also have more than enough the
> > release
> > > > > > >>> blocker issues [3] which are still `in progress` and such a
> > > release
> > > > > > >>> run becomes endless. Such changes without strong reasons
> looks
> > > too
> > > > > > >>> scary for me a special after scope and code freeze dates.
> > > > > > >>>
> > > > > > >>> Please, dispel my doubts.
> > > > > > >>>
> > > > > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > > >>> [3]
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > > )
> > > > > > >>>
> > > > > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > > zaleslaw.sin@gmail.com
> > > > > > >
> > > > > > >>> wrote:
> > > > > > >>>>
> > > > > > >>>> +1
> > > > > > >>>>
> > > > > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > > antonovsergey93@gmail.com >:
> > > > > > >>>>
> > > > > > >>>>> +1
> > > > > > >>>>>
> > > > > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > > > branch
> > > > > > >>> will be
> > > > > > >>>>> at 13 Jan
> > > > > > >>>>>
> > > > > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> > vololo100@gmail.com
> > > > >:
> > > > > > >>>>>
> > > > > > >>>>>> +1
> > > > > > >>>>>>
> > > > > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > ivan.glukos@gmail.com
> > > > >:
> > > > > > >>>>>>>
> > > > > > >>>>>>> Maxim M. and anyone who is interested,
> > > > > > >>>>>>>
> > > > > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>>>>>> Basically, it's a result of the following discussion:
> > > > > > >>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > > >>>>>>>
> > > > > > >>>>>>> The fix affects public API: IgniteCluster#readOnly
> methods
> > > that
> > > > > > >>> work
> > > > > > >>>>> with
> > > > > > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > > boolean
> > > > > > >>>>> version
> > > > > > >>>>>> of
> > > > > > >>>>>>> API in the code (which is currently present in 2.8
> branch)
> > as
> > > > it
> > > > > > >>> wasn't
> > > > > > >>>>>>> published in any release.
> > > > > > >>>>>>>
> > > > > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > > > >>>>>>> wrote:
> > > > > > >>>>>>>
> > > > > > >>>>>>>> Hello!
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> I have ran dependency checker plugin and quote the
> > > following:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-urideploy:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-spring:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-spring-data:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-aop:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-visor-console:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > ,
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > >>>>> :
> > > > > > >>>>>>>> CVE-2018-15756
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-spring-data_2.0:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE
> ,
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2018-15756
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-rest-http:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-kubernetes:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-aws:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > > > >>>>> CVE-2015-6644,
> > > > > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > > > >>>>> CVE-2016-1000341,
> > > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > > >>>>> CVE-2016-1000345,
> > > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > > >>> CVE-2017-13098,
> > > > > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-gce:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> httpclient-4.0.1.jar
> > > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2011-1498,
> > > > > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > > >>>>>>>> guava-jdk5-17.0.jar
> > > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-cloud:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2013-2014,
> > > > > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> > CVE-2014-3476,
> > > > > > >>>>>> CVE-2014-3520,
> > > > > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> > CVE-2018-14432,
> > > > > > >>>>>> CVE-2018-20170
> > > > > > >>>>>>>> cloudstack-2.0.0.jar
> > > > > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > > >>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > > CVE-2013-2136,
> > > > > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> CVE-2015-3252
> > > > > > >>>>>>>> docker-2.0.0.jar
> > > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2018-10892,
> > > > > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > CVE-2019-16884,
> > > > > > >>>>>>>> CVE-2019-5736
> > > > > > >>>>>>>> guava-16.0.1.jar
> (pkg:maven/com.google.guava/guava@16.0.1
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>> docker-1.9.3.jar
> > > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > > >>> ,
> > > > > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > > CVE-2016-3697,
> > > > > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > > CVE-2019-15752,
> > > > > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> CVE-2016-5725
> > > > > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > > > >>>>> CVE-2015-6644,
> > > > > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > > >>> CVE-2016-1000341,
> > > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > > >>>>> CVE-2016-1000345,
> > > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > > >>> CVE-2018-1000613
> > > > > > >>>>>>>> okhttp-2.2.0.jar
> > (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > CVE-2016-2402
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-mesos:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0
> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > > CVE-2018-11793,
> > > > > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> CVE-2019-5736
> > > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-kafka:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > > >>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-17196
> > > > > > >>>>>>>> connect-api-2.0.1.jar
> > > > > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-17196
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-flume:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> guava-11.0.2.jar
> (pkg:maven/com.google.guava/guava@11.0.2
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2017-15095,
> > > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*)
> > > :
> > > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > CVE-2018-1000873,
> > > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-14540,
> > > > > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > > > > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2015-6420,
> > > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > >>>>>>>> netty-3.9.4.Final.jar
> > (pkg:maven/io.netty/netty@3.9.4.Final
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> > CVE-2015-2156,
> > > > > > >>>>>> CVE-2019-16869,
> > > > > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2005-3747,
> > > > > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> > CVE-2009-5048,
> > > > > > >>>>>> CVE-2009-5049,
> > > > > > >>>>>>>> CVE-2011-4461
> > > > > > >>>>>>>> jetty-util-6.1.26.jar
> > > > > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > > >>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2009-1523,
> > > > > > >>>>>>>> CVE-2011-4461
> > > > > > >>>>>>>> jetty-6.1.26.jar
> (pkg:maven/org.mortbay.jetty/jetty@6.1.26
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2009-1523,
> > > > > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> > CVE-2017-7658,
> > > > > > >>>>>> CVE-2017-9735,
> > > > > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > > >>>>>>>> libthrift-0.9.0.jar
> > > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > > >>> :
> > > > > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> CVE-2019-0205
> > > > > > >>>>>>>> httpclient-4.1.3.jar
> > > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > > > >>>>>>>> CVE-2015-5262
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-twitter:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> httpclient-4.2.5.jar
> > > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > > > >>>>>>>> CVE-2015-5262
> > > > > > >>>>>>>> guava-14.0.1.jar
> (pkg:maven/com.google.guava/guava@14.0.1
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-zookeeper:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2019-12086,
> > > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439,
> > > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943,
> > > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>> guava-16.0.1.jar
> (pkg:maven/com.google.guava/guava@16.0.1
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > CVE-2018-1000873,
> > > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-10172,
> > > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > > > >>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-camel:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> camel-core-2.22.0.jar
> > > > > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > CVE-2018-8041,
> > > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > CVE-2018-8041,
> > > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-storm:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> storm-core-1.1.1.jar
> > > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > > >>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > > CVE-2018-11779,
> > > > > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> CVE-2019-0202
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >>>>> CVE-2019-10247
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > > > >>>>>>>> CVE-2015-5262
> > > > > > >>>>>>>>
> > > > > > >>>
> > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>>
> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> > CVE-2014-0193,
> > > > > > >>>>>> CVE-2014-3488,
> > > > > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > > SSLv3.0
> > > > > > >>>>> support
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >>>>> CVE-2011-4461,
> > > > > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > CVE-2017-9735,
> > > > > > >>>>>> CVE-2019-10241,
> > > > > > >>>>>>>> CVE-2019-10247
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >>>>> CVE-2011-4461,
> > > > > > >>>>>>>> CVE-2019-10247
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > > >>>>>>>>
> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > > > >>>>>> CVE-2016-1000031
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > > CVE-2015-1776,
> > > > > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> > CVE-2016-6811,
> > > > > > >>>>>> CVE-2017-15713,
> > > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> > CVE-2018-11768,
> > > > > > >>>>>> CVE-2018-1296,
> > > > > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-cassandra-store:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-cassandra-serializers:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*)
> :
> > > > > > >>>>>> CVE-2019-10086
> > > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > > > > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2015-6420,
> > > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> > ,
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > >>>>> :
> > > > > > >>>>>>>> CVE-2018-15756
> > > > > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-flink:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > > CVE-2016-5001,
> > > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> > CVE-2015-2156,
> > > > > > >>>>>> CVE-2016-4970,
> > > > > > >>>>>>>> CVE-2019-16869
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2017-15095,
> > > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > CVE-2018-11307,
> > > > > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > > CVE-2018-14719,
> > > > > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > > CVE-2018-19361,
> > > > > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-12086,
> > > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439,
> > > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943,
> > > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-rocketmq:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > > > >>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > > >>>>>>>>
> > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > > >>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*)
> > > :
> > > > > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> > CVE-2005-4838,
> > > > > > >>>>>> CVE-2006-7196,
> > > > > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> > CVE-2009-2696,
> > > > > > >>>>>> CVE-2012-5568,
> > > > > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> > CVE-2013-4444,
> > > > > > >>>>>> CVE-2013-4590,
> > > > > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> > CVE-2014-0099,
> > > > > > >>>>>> CVE-2014-0119,
> > > > > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> > CVE-2018-8020
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > > maintenance
> > > > > > >>>>>> releases
> > > > > > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> Some integrations also clearly suffer, through it's a
> > > problem
> > > > of
> > > > > > >>>>> their
> > > > > > >>>>>>>> users, since they need to declare their own libraries'
> > > > versions
> > > > > > >>> by
> > > > > > >>>>>>>> convention.
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> Regards,
> > > > > > >>>>>>>> --
> > > > > > >>>>>>>> Ilya Kasnacheev
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > dmagda@apache.org
> > > > >:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> > you,
> > > > > > >>> let's
> > > > > > >>>>>> update
> > > > > > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>> -
> > > > > > >>>>>>>>> Denis
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > > > >>>>>>>>> wrote:
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>>> Hello!
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>
> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > > >>>>>>>> <!--
> > > > > > >>>>>>>>>> don't forget to update spring version -->
> > > > > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > > >>>>> don't
> > > > > > >>>>>>>>> forget
> > > > > > >>>>>>>>>> to update spring-data version -->
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>
> > > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>
> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > >>>>>>>>> don't
> > > > > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> All these libraries have maintenance release (such as
> > our
> > > > > > >>>>> 2.7.*6*)
> > > > > > >>>>>> and
> > > > > > >>>>>>>> I
> > > > > > >>>>>>>>>> think it would be beneficial to upgrade these
> > dependencies
> > > > > > >>> to the
> > > > > > >>>>>>>> latest
> > > > > > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > > >>>>>>>>>> For example, there is spring.data-2.0
> 2.0.*14*.RELEASE.
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> Regards,
> > > > > > >>>>>>>>>> --
> > > > > > >>>>>>>>>> Ilya Kasnacheev
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > > dmagda@apache.org
> > > > > > >>>> :
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > > >>> fixes/improvements.
> > > > > > >>>>>> Ilya is
> > > > > > >>>>>>>>>> right
> > > > > > >>>>>>>>>>> that Spring Data related questions sparked last time
> > due
> > > to
> > > > > > >>>>>> missing
> > > > > > >>>>>>>>>> support
> > > > > > >>>>>>>>>>> of 2.2 version.
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> > "bumping
> > > > > > >>> the
> > > > > > >>>>>>>>> versions"?
> > > > > > >>>>>>>>>> Do
> > > > > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > > > >>>>>>>>> "ignite-spring-data"
> > > > > > >>>>>>>>>> to
> > > > > > >>>>>>>>>>> version 2.2 and introducing
> > > > > > >>> "ignite-spring-data-{old-version"}
> > > > > > >>>>>> for
> > > > > > >>>>>>>> the
> > > > > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > > > > >>> proposal.
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>> -
> > > > > > >>>>>>>>>>> Denis
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>> wrote:
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Hello!
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259
> > (3
> > > > > > >>>>>> commits, be
> > > > > > >>>>>>>>>>> careful
> > > > > > >>>>>>>>>>>> with release version)
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but
> I
> > > > > > >>> will
> > > > > > >>>>>> provide
> > > > > > >>>>>>>>> the
> > > > > > >>>>>>>>>>>> following considerations:
> > > > > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > > >>> currently do
> > > > > > >>>>>> not
> > > > > > >>>>>>>>> have,
> > > > > > >>>>>>>>>>>> leading to lots of confused questions on stack
> > overflow
> > > > > > >>> and
> > > > > > >>>>>> mailing
> > > > > > >>>>>>>>>> list.
> > > > > > >>>>>>>>>>>> Spring Data is important to our public image since
> > many
> > > > > > >>>>> people
> > > > > > >>>>>> may
> > > > > > >>>>>>>>>> learn
> > > > > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > > > >>> (just 2
> > > > > > >>>>> POM
> > > > > > >>>>>>>> file
> > > > > > >>>>>>>>>>>> touched and that's all).
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> * The core was ready since early November but, due
> to
> > > > > > >>> gmail
> > > > > > >>>>>> quirk,
> > > > > > >>>>>>>> we
> > > > > > >>>>>>>>>> did
> > > > > > >>>>>>>>>>>> not react to it in time.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> WDYT?
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > > > >>>>>> dependencies'
> > > > > > >>>>>>>>>> versions
> > > > > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring
> and
> > > > > > >>>>> hibernate
> > > > > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > > > >>>>> maintenance
> > > > > > >>>>>>>>> versions
> > > > > > >>>>>>>>>>> to
> > > > > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> I think this is one of things that are very hard to
> do
> > > > > > >>>>> between
> > > > > > >>>>>>>>>> releases,
> > > > > > >>>>>>>>>>> so
> > > > > > >>>>>>>>>>>> I think this dependencies bumping should be a part
> of
> > a
> > > > > > >>>>> formal
> > > > > > >>>>>>>>>>>> release/testing cycle, and then be backported to
> > master.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> > > merge
> > > > > > >>>>> these
> > > > > > >>>>>>>>> version
> > > > > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Regards,
> > > > > > >>>>>>>>>>>> --
> > > > > > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > >>>>>>>>>>> < arzamas123@mail.ru.invalid
> > > > > > >>>>>>>>>>>>> :
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate
> vs
> > > > > > >>>>> 2.7.6,
> > > > > > >>>>>>>>>>>>> last sha 2.8 was build from :
> 9d114f3137f92aebc2562a
> > > > > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > > > > >>> Xeon
> > > > > > >>>>>> X5570
> > > > > > >>>>>>>>> 96Gb
> > > > > > >>>>>>>>>>>> 512GB
> > > > > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > >>>>>>>>>>>>> 1 backup
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > > >>> disabled.
> > > > > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> [1]
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > > > > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > > > >>>>>>>>>>>>>> Cc:
> > > > > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > > > >>> Manager]
> > > > > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> Igniters,
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > > > > >>> Apache
> > > > > > >>>>>> Ignite
> > > > > > >>>>>>>>> 2.7
> > > > > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > > >>> performance
> > > > > > >>>>>>>>>> improvements
> > > > > > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> > their
> > > > > > >>>>>> release
> > > > > > >>>>>>>>> date.
> > > > > > >>>>>>>>>>>>>> Here is my list of the most interesting things
> from
> > my
> > > > > > >>>>> point
> > > > > > >>>>>>>> since
> > > > > > >>>>>>>>>> the
> > > > > > >>>>>>>>>>>>>> last major release:
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> Service Grid,
> > > > > > >>>>>>>>>>>>>> Monitoring,
> > > > > > >>>>>>>>>>>>>> Recovery Read
> > > > > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > > >>>>>>>>>>>>>> PDS compression,
> > > > > > >>>>>>>>>>>>>> WAL page compression,
> > > > > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > > >>>>>>>>>>>>>> SQL query history
> > > > > > >>>>>>>>>>>>>> SQL statistics
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> > master
> > > > > > >>>>>> branch
> > > > > > >>>>>>>>>> anymore
> > > > > > >>>>>>>>>>>>>> and prepare the next major release by the end of
> the
> > > > > > >>> year.
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> > 2.8
> > > > > > >>>>>> release
> > > > > > >>>>>>>> and
> > > > > > >>>>>>>>>> also
> > > > > > >>>>>>>>>>>>>> I want to propose myself to be the release manager
> > of
> > > > > > >>> the
> > > > > > >>>>>>>> planning
> > > > > > >>>>>>>>>>>>>> release.
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> WDYT?
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>> --
> > > > > > >>>>>> Best regards,
> > > > > > >>>>>> Ivan Pavlukhin
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > > >>
> > > > > > >>
> > > > > > >> --
> > > > > > >> BR, Sergey Antonov
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > > Ivan Pavlukhin
> > > >
> > > >
> > >
> >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Alexey Zinoviev <za...@gmail.com>]

Support the idea with the annotation

пт, 10 янв. 2020 г., 13:11 Вячеслав Коптилин <sl...@gmail.com>:

> Hello,
>
> * We can mark cluster read-only API (without enum) as experimental and
> > change the API in e.g. 2.8.1.
> > * We can try to exclude read-only API from 2.8 at all.
>
> both approaches look good to me.
>
> By the way, I think it would be a good idea to introduce a new annotation -
> @IgniteExperimental for instance,
> The package, class or method that is marked by @IgniteExperimental should
> clearly state that this API, class or method can be changed or removed in a
> future release.
>
> Thanks,
> S.
>
> пт, 10 янв. 2020 г. в 13:02, Ilya Kasnacheev <il...@gmail.com>:
>
> > Hello!
> >
> > I think the third option (exclude publicly-accessible API) is preferable.
> >
> > Regards,
> > --
> > Ilya Kasnacheev
> >
> >
> > пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <vo...@gmail.com>:
> >
> > > Folks,
> > >
> > > Some thoughts:
> > > * Releasing an API with known fallacies sounds really bad thing to me.
> > > It can have a negative consequences for a whole project for years. My
> > > opinion here that we should resolve the problem with this API somehow
> > > before release.
> > > * We can mark cluster read-only API (without enum) as experimental and
> > > change the API in e.g. 2.8.1.
> > > * We can try to exclude read-only API from 2.8 at all.
> > >
> > > What do you think?
> > >
> > > пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <pl...@gmail.com>:
> > > >
> > > > Guys,
> > > >
> > > > There is also an issue with cluster activation by thin clients. This
> > > > feature (.NET thin client API change and protocol change) was added
> by
> > > [1]
> > > > without any discussion on dev-list. Sergey's patch [2] deprecate
> > methods
> > > > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > didn't
> > > do
> > > > this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> > also
> > > > should not forget about thin client changes, since it will be strange
> > if
> > > we
> > > > introduce some methods to thin client API and protocol and in the
> same
> > > > Ignite version deprecate these methods for servers and thick clients.
> > > >
> > > > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > > > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> > > >
> > > >
> > > > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> > > <arzamas123@mail.ru.invalid
> > > > >:
> > > >
> > > > >
> > > > >
> > > > > Agree with Nikolay, -1 from me, too.
> > > > >
> > > > > >Hello, Igniters.
> > > > > >
> > > > > >I’m -1 to include the read-only patch to 2.8.
> > > > > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> for
> > > > > blockers and major issues.
> > > > > >
> > > > > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > >We should focus on the release and make it ASAP.
> > > > > >
> > > > > >We can’t extend the scope anymore.
> > > > > >
> > > > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > antonovsergey93@gmail.com >
> > > > > написал(а):
> > > > > >>
> > > > > >> Hello, Maxim!
> > > > > >>
> > > > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > > > > >> changed.
> > > > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > already
> > > > > >> presented. Changes in product code are minimal - only 30 changed
> > > files
> > > > > in
> > > > > >> /src/main/ part. And most of them are new control.sh commands
> and
> > > > > >> configuration.
> > > > > >>
> > > > > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > > > >> waiting for exactly that ENUM values exactly in 2.8 release (not
> > the
> > > > > 2.8.1
> > > > > >> for instance)?
> > > > > >> Can we introduce in new features in maintanance release (2.8.1)?
> > > Cluster
> > > > > >> read-only mode will be new feature, if we remove
> > > IgniteCluster#readOnly
> > > > > in
> > > > > >> 2.8 release. If all ok with that, lets remove
> > > IgniteCluster#readOnly and
> > > > > >> move ticket [1] to 2.8.1 release.
> > > > > >>
> > > > > >>> Do we have extended test results report (on just only TC.Bot
> > green
> > > > > visa)
> > > > > >> on this feature to be sure that we will not add any blocker
> issues
> > > to
> > > > > the
> > > > > >> release?
> > > > > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> visa
> > > vs
> > > > > >> release branch.
> > > > > >>
> > > > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmuzaf@apache.org
> > >:
> > > > > >>
> > > > > >>> Folks,
> > > > > >>>
> > > > > >>>
> > > > > >>> Let me remind you that we are working on the 2.8 release branch
> > > > > >>> stabilization currently (please, keep it in mind).
> > > > > >>>
> > > > > >>>
> > > > > >>> Do we have a really STRONG reason for adding such a change [1]
> to
> > > the
> > > > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> +5,517
> > > > > >>> −2,038, 111 files changed.
> > > > > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > > > >>> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > > > >>> 2.8.1 for instance)?
> > > > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate
> any
> > > > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > > >>> Do we have extended test results report (on just only TC.Bot
> > green
> > > > > >>> visa) on this feature to be sure that we will not add any
> blocker
> > > > > >>> issues to the release? For instance, on pre-production
> > environment.
> > > > > >>>
> > > > > >>> I'd like to notice that we also have more than enough the
> release
> > > > > >>> blocker issues [3] which are still `in progress` and such a
> > release
> > > > > >>> run becomes endless. Such changes without strong reasons looks
> > too
> > > > > >>> scary for me a special after scope and code freeze dates.
> > > > > >>>
> > > > > >>> Please, dispel my doubts.
> > > > > >>>
> > > > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > >>> [3]
> > > > > >>>
> > > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > )
> > > > > >>>
> > > > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > zaleslaw.sin@gmail.com
> > > > > >
> > > > > >>> wrote:
> > > > > >>>>
> > > > > >>>> +1
> > > > > >>>>
> > > > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > antonovsergey93@gmail.com >:
> > > > > >>>>
> > > > > >>>>> +1
> > > > > >>>>>
> > > > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > > branch
> > > > > >>> will be
> > > > > >>>>> at 13 Jan
> > > > > >>>>>
> > > > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> vololo100@gmail.com
> > > >:
> > > > > >>>>>
> > > > > >>>>>> +1
> > > > > >>>>>>
> > > > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > ivan.glukos@gmail.com
> > > >:
> > > > > >>>>>>>
> > > > > >>>>>>> Maxim M. and anyone who is interested,
> > > > > >>>>>>>
> > > > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>>>>>> Basically, it's a result of the following discussion:
> > > > > >>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > >>>>>>>
> > > > > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> > that
> > > > > >>> work
> > > > > >>>>> with
> > > > > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > boolean
> > > > > >>>>> version
> > > > > >>>>>> of
> > > > > >>>>>>> API in the code (which is currently present in 2.8 branch)
> as
> > > it
> > > > > >>> wasn't
> > > > > >>>>>>> published in any release.
> > > > > >>>>>>>
> > > > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > > >>>>>>> wrote:
> > > > > >>>>>>>
> > > > > >>>>>>>> Hello!
> > > > > >>>>>>>>
> > > > > >>>>>>>> I have ran dependency checker plugin and quote the
> > following:
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-urideploy:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-spring:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-spring-data:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-aop:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-visor-console:
> > > > > >>>>>>>>
> > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> ,
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > >>>>> :
> > > > > >>>>>>>> CVE-2018-15756
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-spring-data_2.0:
> > > > > >>>>>>>>
> > > > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2018-15756
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-rest-http:
> > > > > >>>>>>>>
> > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> :
> > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-kubernetes:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-aws:
> > > > > >>>>>>>>
> > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> :
> > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > > >>>>> CVE-2015-6644,
> > > > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > > >>>>> CVE-2016-1000341,
> > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > >>>>> CVE-2016-1000345,
> > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > >>> CVE-2017-13098,
> > > > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-gce:
> > > > > >>>>>>>>
> > > > > >>>>>>>> httpclient-4.0.1.jar
> > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > CVE-2011-1498,
> > > > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > >>>>>>>> guava-jdk5-17.0.jar
> > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-cloud:
> > > > > >>>>>>>>
> > > > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0
> ,
> > > > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2013-2014,
> > > > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> CVE-2014-3476,
> > > > > >>>>>> CVE-2014-3520,
> > > > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> CVE-2018-14432,
> > > > > >>>>>> CVE-2018-20170
> > > > > >>>>>>>> cloudstack-2.0.0.jar
> > > > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > >>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2013-2136,
> > > > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > > >>>>>>>> docker-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > CVE-2018-10892,
> > > > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > CVE-2019-16884,
> > > > > >>>>>>>> CVE-2019-5736
> > > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> docker-1.9.3.jar
> > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > >>> ,
> > > > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > CVE-2016-3697,
> > > > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > CVE-2019-15752,
> > > > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > > >>>>> CVE-2015-6644,
> > > > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > >>> CVE-2016-1000341,
> > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > >>>>> CVE-2016-1000345,
> > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > >>> CVE-2018-1000613
> > > > > >>>>>>>> okhttp-2.2.0.jar
> (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > ,
> > > > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > CVE-2016-2402
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-mesos:
> > > > > >>>>>>>>
> > > > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > CVE-2018-11793,
> > > > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> :
> > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-kafka:
> > > > > >>>>>>>>
> > > > > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > >>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > > > >>>>>>>> connect-api-2.0.1.jar
> > > > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-flume:
> > > > > >>>>>>>>
> > > > > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2017-15095,
> > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*)
> > :
> > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-14540,
> > > > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2015-6420,
> > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > >>>>>>>> netty-3.9.4.Final.jar
> (pkg:maven/io.netty/netty@3.9.4.Final
> > ,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > > > >>>>>> CVE-2019-16869,
> > > > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2005-3747,
> > > > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> CVE-2009-5048,
> > > > > >>>>>> CVE-2009-5049,
> > > > > >>>>>>>> CVE-2011-4461
> > > > > >>>>>>>> jetty-util-6.1.26.jar
> > > > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > >>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2009-1523,
> > > > > >>>>>>>> CVE-2011-4461
> > > > > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26
> ,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2009-1523,
> > > > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> CVE-2017-7658,
> > > > > >>>>>> CVE-2017-9735,
> > > > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > >>>>>>>> libthrift-0.9.0.jar
> > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > >>> :
> > > > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > > >>>>>>>> httpclient-4.1.3.jar
> > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > > > >>>>>>>> CVE-2015-5262
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-twitter:
> > > > > >>>>>>>>
> > > > > >>>>>>>> httpclient-4.2.5.jar
> > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > > > >>>>>>>> CVE-2015-5262
> > > > > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-zookeeper:
> > > > > >>>>>>>>
> > > > > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2019-12086,
> > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-10172,
> > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > > >>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-camel:
> > > > > >>>>>>>>
> > > > > >>>>>>>> camel-core-2.22.0.jar
> > > > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > CVE-2018-8041,
> > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > CVE-2018-8041,
> > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-storm:
> > > > > >>>>>>>>
> > > > > >>>>>>>> storm-core-1.1.1.jar
> > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > >>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > CVE-2018-11779,
> > > > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916
> > ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >>>>> CVE-2019-10247
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > > > >>>>>>>> CVE-2015-5262
> > > > > >>>>>>>>
> > > > > >>>
> > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> CVE-2014-0193,
> > > > > >>>>>> CVE-2014-3488,
> > > > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > SSLv3.0
> > > > > >>>>> support
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916
> ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >>>>> CVE-2011-4461,
> > > > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> CVE-2017-9735,
> > > > > >>>>>> CVE-2019-10241,
> > > > > >>>>>>>> CVE-2019-10247
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >>>>> CVE-2011-4461,
> > > > > >>>>>>>> CVE-2019-10247
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > > >>>>>> CVE-2016-1000031
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > CVE-2015-1776,
> > > > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> CVE-2016-6811,
> > > > > >>>>>> CVE-2017-15713,
> > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> CVE-2018-11768,
> > > > > >>>>>> CVE-2018-1296,
> > > > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-cassandra-store:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-cassandra-serializers:
> > > > > >>>>>>>>
> > > > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > > >>>>>> CVE-2019-10086
> > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2015-6420,
> > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE
> ,
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > >>>>> :
> > > > > >>>>>>>> CVE-2018-15756
> > > > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-flink:
> > > > > >>>>>>>>
> > > > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > CVE-2016-5001,
> > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > > > >>>>>> CVE-2016-4970,
> > > > > >>>>>>>> CVE-2019-16869
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2017-15095,
> > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > CVE-2018-11307,
> > > > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > CVE-2018-14719,
> > > > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > CVE-2018-19361,
> > > > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-12086,
> > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-rocketmq:
> > > > > >>>>>>>>
> > > > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > > >>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > >>>>>>>>
> > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > >>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*)
> > :
> > > > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> CVE-2005-4838,
> > > > > >>>>>> CVE-2006-7196,
> > > > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> CVE-2009-2696,
> > > > > >>>>>> CVE-2012-5568,
> > > > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> CVE-2013-4444,
> > > > > >>>>>> CVE-2013-4590,
> > > > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> CVE-2014-0099,
> > > > > >>>>>> CVE-2014-0119,
> > > > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> CVE-2018-8020
> > > > > >>>>>>>>
> > > > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > maintenance
> > > > > >>>>>> releases
> > > > > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > >>>>>>>>
> > > > > >>>>>>>> Some integrations also clearly suffer, through it's a
> > problem
> > > of
> > > > > >>>>> their
> > > > > >>>>>>>> users, since they need to declare their own libraries'
> > > versions
> > > > > >>> by
> > > > > >>>>>>>> convention.
> > > > > >>>>>>>>
> > > > > >>>>>>>> Regards,
> > > > > >>>>>>>> --
> > > > > >>>>>>>> Ilya Kasnacheev
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > dmagda@apache.org
> > > >:
> > > > > >>>>>>>>
> > > > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> you,
> > > > > >>> let's
> > > > > >>>>>> update
> > > > > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> -
> > > > > >>>>>>>>> Denis
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > > >>>>>>>>> wrote:
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>> Hello!
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > >>>>>>>>>>
> > > > > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > >>>>>>>> <!--
> > > > > >>>>>>>>>> don't forget to update spring version -->
> > > > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > >>>>> don't
> > > > > >>>>>>>>> forget
> > > > > >>>>>>>>>> to update spring-data version -->
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>
> > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > > >>>>>>>>>>
> > > > > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > >>>>>>>>> don't
> > > > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> All these libraries have maintenance release (such as
> our
> > > > > >>>>> 2.7.*6*)
> > > > > >>>>>> and
> > > > > >>>>>>>> I
> > > > > >>>>>>>>>> think it would be beneficial to upgrade these
> dependencies
> > > > > >>> to the
> > > > > >>>>>>>> latest
> > > > > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> Regards,
> > > > > >>>>>>>>>> --
> > > > > >>>>>>>>>> Ilya Kasnacheev
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > dmagda@apache.org
> > > > > >>>> :
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > >>> fixes/improvements.
> > > > > >>>>>> Ilya is
> > > > > >>>>>>>>>> right
> > > > > >>>>>>>>>>> that Spring Data related questions sparked last time
> due
> > to
> > > > > >>>>>> missing
> > > > > >>>>>>>>>> support
> > > > > >>>>>>>>>>> of 2.2 version.
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> "bumping
> > > > > >>> the
> > > > > >>>>>>>>> versions"?
> > > > > >>>>>>>>>> Do
> > > > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > > >>>>>>>>> "ignite-spring-data"
> > > > > >>>>>>>>>> to
> > > > > >>>>>>>>>>> version 2.2 and introducing
> > > > > >>> "ignite-spring-data-{old-version"}
> > > > > >>>>>> for
> > > > > >>>>>>>> the
> > > > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > > > >>> proposal.
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> -
> > > > > >>>>>>>>>>> Denis
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>>> Hello!
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259
> (3
> > > > > >>>>>> commits, be
> > > > > >>>>>>>>>>> careful
> > > > > >>>>>>>>>>>> with release version)
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > > > >>> will
> > > > > >>>>>> provide
> > > > > >>>>>>>>> the
> > > > > >>>>>>>>>>>> following considerations:
> > > > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > >>> currently do
> > > > > >>>>>> not
> > > > > >>>>>>>>> have,
> > > > > >>>>>>>>>>>> leading to lots of confused questions on stack
> overflow
> > > > > >>> and
> > > > > >>>>>> mailing
> > > > > >>>>>>>>>> list.
> > > > > >>>>>>>>>>>> Spring Data is important to our public image since
> many
> > > > > >>>>> people
> > > > > >>>>>> may
> > > > > >>>>>>>>>> learn
> > > > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > > >>> (just 2
> > > > > >>>>> POM
> > > > > >>>>>>>> file
> > > > > >>>>>>>>>>>> touched and that's all).
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > > > >>> gmail
> > > > > >>>>>> quirk,
> > > > > >>>>>>>> we
> > > > > >>>>>>>>>> did
> > > > > >>>>>>>>>>>> not react to it in time.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> WDYT?
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > > >>>>>> dependencies'
> > > > > >>>>>>>>>> versions
> > > > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > > > >>>>> hibernate
> > > > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > > >>>>> maintenance
> > > > > >>>>>>>>> versions
> > > > > >>>>>>>>>>> to
> > > > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > > > > >>>>> between
> > > > > >>>>>>>>>> releases,
> > > > > >>>>>>>>>>> so
> > > > > >>>>>>>>>>>> I think this dependencies bumping should be a part of
> a
> > > > > >>>>> formal
> > > > > >>>>>>>>>>>> release/testing cycle, and then be backported to
> master.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> > merge
> > > > > >>>>> these
> > > > > >>>>>>>>> version
> > > > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Regards,
> > > > > >>>>>>>>>>>> --
> > > > > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > >>>>>>>>>>> < arzamas123@mail.ru.invalid
> > > > > >>>>>>>>>>>>> :
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > > > > >>>>> 2.7.6,
> > > > > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > > > >>> Xeon
> > > > > >>>>>> X5570
> > > > > >>>>>>>>> 96Gb
> > > > > >>>>>>>>>>>> 512GB
> > > > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > >>>>>>>>>>>>> 1 backup
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > >>> disabled.
> > > > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> [1]
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > > > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > > >>>>>>>>>>>>>> Cc:
> > > > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > > >>> Manager]
> > > > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Igniters,
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > > > >>> Apache
> > > > > >>>>>> Ignite
> > > > > >>>>>>>>> 2.7
> > > > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > >>> performance
> > > > > >>>>>>>>>> improvements
> > > > > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> their
> > > > > >>>>>> release
> > > > > >>>>>>>>> date.
> > > > > >>>>>>>>>>>>>> Here is my list of the most interesting things from
> my
> > > > > >>>>> point
> > > > > >>>>>>>> since
> > > > > >>>>>>>>>> the
> > > > > >>>>>>>>>>>>>> last major release:
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Service Grid,
> > > > > >>>>>>>>>>>>>> Monitoring,
> > > > > >>>>>>>>>>>>>> Recovery Read
> > > > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > >>>>>>>>>>>>>> PDS compression,
> > > > > >>>>>>>>>>>>>> WAL page compression,
> > > > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > >>>>>>>>>>>>>> SQL query history
> > > > > >>>>>>>>>>>>>> SQL statistics
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> master
> > > > > >>>>>> branch
> > > > > >>>>>>>>>> anymore
> > > > > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > > > > >>> year.
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> 2.8
> > > > > >>>>>> release
> > > > > >>>>>>>> and
> > > > > >>>>>>>>>> also
> > > > > >>>>>>>>>>>>>> I want to propose myself to be the release manager
> of
> > > > > >>> the
> > > > > >>>>>>>> planning
> > > > > >>>>>>>>>>>>>> release.
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> WDYT?
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>>
> > > > > >>>>>>
> > > > > >>>>>> --
> > > > > >>>>>> Best regards,
> > > > > >>>>>> Ivan Pavlukhin
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> BR, Sergey Antonov
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> > > --
> > > Best regards,
> > > Ivan Pavlukhin
> > >
> > >
> >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Вячеслав Коптилин <sl...@gmail.com>]

Hello,

* We can mark cluster read-only API (without enum) as experimental and
> change the API in e.g. 2.8.1.
> * We can try to exclude read-only API from 2.8 at all.

both approaches look good to me.

By the way, I think it would be a good idea to introduce a new annotation -
@IgniteExperimental for instance,
The package, class or method that is marked by @IgniteExperimental should
clearly state that this API, class or method can be changed or removed in a
future release.

Thanks,
S.

пт, 10 янв. 2020 г. в 13:02, Ilya Kasnacheev <il...@gmail.com>:

> Hello!
>
> I think the third option (exclude publicly-accessible API) is preferable.
>
> Regards,
> --
> Ilya Kasnacheev
>
>
> пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <vo...@gmail.com>:
>
> > Folks,
> >
> > Some thoughts:
> > * Releasing an API with known fallacies sounds really bad thing to me.
> > It can have a negative consequences for a whole project for years. My
> > opinion here that we should resolve the problem with this API somehow
> > before release.
> > * We can mark cluster read-only API (without enum) as experimental and
> > change the API in e.g. 2.8.1.
> > * We can try to exclude read-only API from 2.8 at all.
> >
> > What do you think?
> >
> > пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <pl...@gmail.com>:
> > >
> > > Guys,
> > >
> > > There is also an issue with cluster activation by thin clients. This
> > > feature (.NET thin client API change and protocol change) was added by
> > [1]
> > > without any discussion on dev-list. Sergey's patch [2] deprecate
> methods
> > > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> didn't
> > do
> > > this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> also
> > > should not forget about thin client changes, since it will be strange
> if
> > we
> > > introduce some methods to thin client API and protocol and in the same
> > > Ignite version deprecate these methods for servers and thick clients.
> > >
> > > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> > >
> > >
> > > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> > <arzamas123@mail.ru.invalid
> > > >:
> > >
> > > >
> > > >
> > > > Agree with Nikolay, -1 from me, too.
> > > >
> > > > >Hello, Igniters.
> > > > >
> > > > >I’m -1 to include the read-only patch to 2.8.
> > > > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > > > blockers and major issues.
> > > > >
> > > > >Guys, we don’t release Apache Ignite for 13 months!
> > > > >We should focus on the release and make it ASAP.
> > > > >
> > > > >We can’t extend the scope anymore.
> > > > >
> > > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > antonovsergey93@gmail.com >
> > > > написал(а):
> > > > >>
> > > > >> Hello, Maxim!
> > > > >>
> > > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > > > >> changed.
> > > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> already
> > > > >> presented. Changes in product code are minimal - only 30 changed
> > files
> > > > in
> > > > >> /src/main/ part. And most of them are new control.sh commands and
> > > > >> configuration.
> > > > >>
> > > > >>> Do we have customer requests for this feature or maybe users who
> > are
> > > > >> waiting for exactly that ENUM values exactly in 2.8 release (not
> the
> > > > 2.8.1
> > > > >> for instance)?
> > > > >> Can we introduce in new features in maintanance release (2.8.1)?
> > Cluster
> > > > >> read-only mode will be new feature, if we remove
> > IgniteCluster#readOnly
> > > > in
> > > > >> 2.8 release. If all ok with that, lets remove
> > IgniteCluster#readOnly and
> > > > >> move ticket [1] to 2.8.1 release.
> > > > >>
> > > > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > > visa)
> > > > >> on this feature to be sure that we will not add any blocker issues
> > to
> > > > the
> > > > >> release?
> > > > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa
> > vs
> > > > >> release branch.
> > > > >>
> > > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>
> > > > >>
> > > > >>
> > > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmuzaf@apache.org
> >:
> > > > >>
> > > > >>> Folks,
> > > > >>>
> > > > >>>
> > > > >>> Let me remind you that we are working on the 2.8 release branch
> > > > >>> stabilization currently (please, keep it in mind).
> > > > >>>
> > > > >>>
> > > > >>> Do we have a really STRONG reason for adding such a change [1] to
> > the
> > > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > > > >>> −2,038, 111 files changed.
> > > > >>> Do we have customer requests for this feature or maybe users who
> > are
> > > > >>> waiting for exactly that ENUM values exactly in 2.8 release (not
> > the
> > > > >>> 2.8.1 for instance)?
> > > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > > >>> visa) on this feature to be sure that we will not add any blocker
> > > > >>> issues to the release? For instance, on pre-production
> environment.
> > > > >>>
> > > > >>> I'd like to notice that we also have more than enough the release
> > > > >>> blocker issues [3] which are still `in progress` and such a
> release
> > > > >>> run becomes endless. Such changes without strong reasons looks
> too
> > > > >>> scary for me a special after scope and code freeze dates.
> > > > >>>
> > > > >>> Please, dispel my doubts.
> > > > >>>
> > > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > >>> [3]
> > > > >>>
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > )
> > > > >>>
> > > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > zaleslaw.sin@gmail.com
> > > > >
> > > > >>> wrote:
> > > > >>>>
> > > > >>>> +1
> > > > >>>>
> > > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > antonovsergey93@gmail.com >:
> > > > >>>>
> > > > >>>>> +1
> > > > >>>>>
> > > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > branch
> > > > >>> will be
> > > > >>>>> at 13 Jan
> > > > >>>>>
> > > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < vololo100@gmail.com
> > >:
> > > > >>>>>
> > > > >>>>>> +1
> > > > >>>>>>
> > > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> ivan.glukos@gmail.com
> > >:
> > > > >>>>>>>
> > > > >>>>>>> Maxim M. and anyone who is interested,
> > > > >>>>>>>
> > > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>>>>>> Basically, it's a result of the following discussion:
> > > > >>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > >>>>>>>
> > > > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> that
> > > > >>> work
> > > > >>>>> with
> > > > >>>>>>> boolean are replaced with ones that work with enum.
> > > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > boolean
> > > > >>>>> version
> > > > >>>>>> of
> > > > >>>>>>> API in the code (which is currently present in 2.8 branch) as
> > it
> > > > >>> wasn't
> > > > >>>>>>> published in any release.
> > > > >>>>>>>
> > > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > >>>>>>  ilya.kasnacheev@gmail.com >
> > > > >>>>>>> wrote:
> > > > >>>>>>>
> > > > >>>>>>>> Hello!
> > > > >>>>>>>>
> > > > >>>>>>>> I have ran dependency checker plugin and quote the
> following:
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-urideploy:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-spring:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-spring-data:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-aop:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-visor-console:
> > > > >>>>>>>>
> > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > >>>>> :
> > > > >>>>>>>> CVE-2018-15756
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-spring-data_2.0:
> > > > >>>>>>>>
> > > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-15756
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-rest-http:
> > > > >>>>>>>>
> > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-kubernetes:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-aws:
> > > > >>>>>>>>
> > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > >>>>> CVE-2015-6644,
> > > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > >>>>> CVE-2016-1000341,
> > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > >>>>> CVE-2016-1000345,
> > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > >>> CVE-2017-13098,
> > > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-gce:
> > > > >>>>>>>>
> > > > >>>>>>>> httpclient-4.0.1.jar
> > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > CVE-2011-1498,
> > > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > >>>>>>>> guava-jdk5-17.0.jar
> > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-cloud:
> > > > >>>>>>>>
> > > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > >>> CVE-2013-2014,
> > > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > > >>>>>> CVE-2014-3520,
> > > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > > >>>>>> CVE-2018-20170
> > > > >>>>>>>> cloudstack-2.0.0.jar
> > > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > >>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > CVE-2013-2136,
> > > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > >>>>>>>> docker-2.0.0.jar
> > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> CVE-2018-10892,
> > > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > CVE-2019-16884,
> > > > >>>>>>>> CVE-2019-5736
> > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> docker-1.9.3.jar
> > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > >>> ,
> > > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> CVE-2016-3697,
> > > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > CVE-2019-15752,
> > > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > >>>>> CVE-2015-6644,
> > > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > >>> CVE-2016-1000341,
> > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > >>>>> CVE-2016-1000345,
> > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > >>> CVE-2018-1000613
> > > > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> ,
> > > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> CVE-2016-2402
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-mesos:
> > > > >>>>>>>>
> > > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> CVE-2018-11793,
> > > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-kafka:
> > > > >>>>>>>>
> > > > >>>>>>>> kafka-clients-2.0.1.jar
> > > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > >>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > >>>>>>>> connect-api-2.0.1.jar
> > > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-flume:
> > > > >>>>>>>>
> > > > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > >>> CVE-2017-15095,
> > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*)
> :
> > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > CVE-2018-1000873,
> > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-14540,
> > > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2015-6420,
> > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final
> ,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > >>>>>> CVE-2019-16869,
> > > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2005-3747,
> > > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > > >>>>>> CVE-2009-5049,
> > > > >>>>>>>> CVE-2011-4461
> > > > >>>>>>>> jetty-util-6.1.26.jar
> > > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > >>>>> ,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > >>> CVE-2009-1523,
> > > > >>>>>>>> CVE-2011-4461
> > > > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > >>> CVE-2009-1523,
> > > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > > >>>>>> CVE-2017-9735,
> > > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > >>>>>>>> libthrift-0.9.0.jar
> > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > >>> :
> > > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > >>>>>>>> httpclient-4.1.3.jar
> > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > > > >>>>>>>> CVE-2015-5262
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-twitter:
> > > > >>>>>>>>
> > > > >>>>>>>> httpclient-4.2.5.jar
> > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > > > >>>>>>>> CVE-2015-5262
> > > > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-zookeeper:
> > > > >>>>>>>>
> > > > >>>>>>>> jackson-databind-2.9.8.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2019-12086,
> > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439,
> > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943,
> > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > CVE-2018-1000873,
> > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-10172,
> > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > > >>>>> ,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-camel:
> > > > >>>>>>>>
> > > > >>>>>>>> camel-core-2.22.0.jar
> > > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-storm:
> > > > >>>>>>>>
> > > > >>>>>>>> storm-core-1.1.1.jar
> > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > >>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> CVE-2018-11779,
> > > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916
> ,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >>>>> CVE-2019-10247
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > > > >>>>>>>> CVE-2015-5262
> > > > >>>>>>>>
> > > > >>>
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > > >>>>>> CVE-2014-3488,
> > > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> SSLv3.0
> > > > >>>>> support
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >>>>> CVE-2011-4461,
> > > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > > >>>>>> CVE-2019-10241,
> > > > >>>>>>>> CVE-2019-10247
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >>>>> CVE-2011-4461,
> > > > >>>>>>>> CVE-2019-10247
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2016-1000031
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> CVE-2015-1776,
> > > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > > >>>>>> CVE-2017-15713,
> > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > > >>>>>> CVE-2018-1296,
> > > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-cassandra-store:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-cassandra-serializers:
> > > > >>>>>>>>
> > > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2019-10086
> > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2015-6420,
> > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > >>>>> :
> > > > >>>>>>>> CVE-2018-15756
> > > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-flink:
> > > > >>>>>>>>
> > > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> CVE-2016-5001,
> > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > >>>>>> CVE-2016-4970,
> > > > >>>>>>>> CVE-2019-16869
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2017-15095,
> > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > CVE-2018-11307,
> > > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > CVE-2018-14719,
> > > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > CVE-2018-19361,
> > > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-12086,
> > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439,
> > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943,
> > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-rocketmq:
> > > > >>>>>>>>
> > > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > > >>>>> ,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > >>>>>>>>
> > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > >>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*)
> :
> > > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > > >>>>>> CVE-2006-7196,
> > > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > > >>>>>> CVE-2012-5568,
> > > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > > >>>>>> CVE-2013-4590,
> > > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > > >>>>>> CVE-2014-0119,
> > > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > > >>>>>>>>
> > > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > maintenance
> > > > >>>>>> releases
> > > > >>>>>>>> of Spring. I think we can bump most of that.
> > > > >>>>>>>>
> > > > >>>>>>>> Some integrations also clearly suffer, through it's a
> problem
> > of
> > > > >>>>> their
> > > > >>>>>>>> users, since they need to declare their own libraries'
> > versions
> > > > >>> by
> > > > >>>>>>>> convention.
> > > > >>>>>>>>
> > > > >>>>>>>> Regards,
> > > > >>>>>>>> --
> > > > >>>>>>>> Ilya Kasnacheev
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> dmagda@apache.org
> > >:
> > > > >>>>>>>>
> > > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > > > >>> let's
> > > > >>>>>> update
> > > > >>>>>>>>> the versions of the dependencies to the latest.
> > > > >>>>>>>>>
> > > > >>>>>>>>> -
> > > > >>>>>>>>> Denis
> > > > >>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > > >>>>>>>>> wrote:
> > > > >>>>>>>>>
> > > > >>>>>>>>>> Hello!
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> By bumping versisons I mean the following:
> > > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > >>>>>>>>>>
> > > > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > >>>>>>>> <!--
> > > > >>>>>>>>>> don't forget to update spring version -->
> > > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > >>>>> don't
> > > > >>>>>>>>> forget
> > > > >>>>>>>>>> to update spring-data version -->
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>
> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > >>>>>>>>>>
> > > > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > >>>>>>>>> don't
> > > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> All these libraries have maintenance release (such as our
> > > > >>>>> 2.7.*6*)
> > > > >>>>>> and
> > > > >>>>>>>> I
> > > > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > > > >>> to the
> > > > >>>>>>>> latest
> > > > >>>>>>>>>> maintenance version found in Maven Central.
> > > > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> Regards,
> > > > >>>>>>>>>> --
> > > > >>>>>>>>>> Ilya Kasnacheev
> > > > >>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > dmagda@apache.org
> > > > >>>> :
> > > > >>>>>>>>>>
> > > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > >>> fixes/improvements.
> > > > >>>>>> Ilya is
> > > > >>>>>>>>>> right
> > > > >>>>>>>>>>> that Spring Data related questions sparked last time due
> to
> > > > >>>>>> missing
> > > > >>>>>>>>>> support
> > > > >>>>>>>>>>> of 2.2 version.
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > > > >>> the
> > > > >>>>>>>>> versions"?
> > > > >>>>>>>>>> Do
> > > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > >>>>>>>>> "ignite-spring-data"
> > > > >>>>>>>>>> to
> > > > >>>>>>>>>>> version 2.2 and introducing
> > > > >>> "ignite-spring-data-{old-version"}
> > > > >>>>>> for
> > > > >>>>>>>> the
> > > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > > >>> proposal.
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> -
> > > > >>>>>>>>>>> Denis
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>>> Hello!
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > > >>>>>> commits, be
> > > > >>>>>>>>>>> careful
> > > > >>>>>>>>>>>> with release version)
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > > >>> will
> > > > >>>>>> provide
> > > > >>>>>>>>> the
> > > > >>>>>>>>>>>> following considerations:
> > > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > >>> currently do
> > > > >>>>>> not
> > > > >>>>>>>>> have,
> > > > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > > > >>> and
> > > > >>>>>> mailing
> > > > >>>>>>>>>> list.
> > > > >>>>>>>>>>>> Spring Data is important to our public image since many
> > > > >>>>> people
> > > > >>>>>> may
> > > > >>>>>>>>>> learn
> > > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > >>> (just 2
> > > > >>>>> POM
> > > > >>>>>>>> file
> > > > >>>>>>>>>>>> touched and that's all).
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > > >>> gmail
> > > > >>>>>> quirk,
> > > > >>>>>>>> we
> > > > >>>>>>>>>> did
> > > > >>>>>>>>>>>> not react to it in time.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> WDYT?
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > >>>>>> dependencies'
> > > > >>>>>>>>>> versions
> > > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > > >>>>> hibernate
> > > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > >>>>> maintenance
> > > > >>>>>>>>> versions
> > > > >>>>>>>>>>> to
> > > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > > > >>>>> between
> > > > >>>>>>>>>> releases,
> > > > >>>>>>>>>>> so
> > > > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > > > >>>>> formal
> > > > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> merge
> > > > >>>>> these
> > > > >>>>>>>>> version
> > > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Regards,
> > > > >>>>>>>>>>>> --
> > > > >>>>>>>>>>>> Ilya Kasnacheev
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > >>>>>>>>>>> < arzamas123@mail.ru.invalid
> > > > >>>>>>>>>>>>> :
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > > > >>>>> 2.7.6,
> > > > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > > >>> Xeon
> > > > >>>>>> X5570
> > > > >>>>>>>>> 96Gb
> > > > >>>>>>>>>>>> 512GB
> > > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> cacheMode — partitioned
> > > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > >>>>>>>>>>>>> 1 backup
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > >>> disabled.
> > > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> [1]
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > > >>>>>>>>>>>>>> Cc:
> > > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > >>> Manager]
> > > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Igniters,
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > > >>> Apache
> > > > >>>>>> Ignite
> > > > >>>>>>>>> 2.7
> > > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > >>> performance
> > > > >>>>>>>>>> improvements
> > > > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > > > >>>>>> release
> > > > >>>>>>>>> date.
> > > > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > > > >>>>> point
> > > > >>>>>>>> since
> > > > >>>>>>>>>> the
> > > > >>>>>>>>>>>>>> last major release:
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Service Grid,
> > > > >>>>>>>>>>>>>> Monitoring,
> > > > >>>>>>>>>>>>>> Recovery Read
> > > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > >>>>>>>>>>>>>> PDS compression,
> > > > >>>>>>>>>>>>>> WAL page compression,
> > > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > >>>>>>>>>>>>>> SQL query history
> > > > >>>>>>>>>>>>>> SQL statistics
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > > > >>>>>> branch
> > > > >>>>>>>>>> anymore
> > > > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > > > >>> year.
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > > > >>>>>> release
> > > > >>>>>>>> and
> > > > >>>>>>>>>> also
> > > > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > > > >>> the
> > > > >>>>>>>> planning
> > > > >>>>>>>>>>>>>> release.
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> WDYT?
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>>
> > > > >>>>>>
> > > > >>>>>> --
> > > > >>>>>> Best regards,
> > > > >>>>>> Ivan Pavlukhin
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> BR, Sergey Antonov
> > > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> > --
> > Best regards,
> > Ivan Pavlukhin
> >
> >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Ilya Kasnacheev <il...@gmail.com>]

Hello!

I think the third option (exclude publicly-accessible API) is preferable.

Regards,
-- 
Ilya Kasnacheev


пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <vo...@gmail.com>:

> Folks,
>
> Some thoughts:
> * Releasing an API with known fallacies sounds really bad thing to me.
> It can have a negative consequences for a whole project for years. My
> opinion here that we should resolve the problem with this API somehow
> before release.
> * We can mark cluster read-only API (without enum) as experimental and
> change the API in e.g. 2.8.1.
> * We can try to exclude read-only API from 2.8 at all.
>
> What do you think?
>
> пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <pl...@gmail.com>:
> >
> > Guys,
> >
> > There is also an issue with cluster activation by thin clients. This
> > feature (.NET thin client API change and protocol change) was added by
> [1]
> > without any discussion on dev-list. Sergey's patch [2] deprecate methods
> > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't
> do
> > this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
> > should not forget about thin client changes, since it will be strange if
> we
> > introduce some methods to thin client API and protocol and in the same
> > Ignite version deprecate these methods for servers and thick clients.
> >
> > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> >
> >
> > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> <arzamas123@mail.ru.invalid
> > >:
> >
> > >
> > >
> > > Agree with Nikolay, -1 from me, too.
> > >
> > > >Hello, Igniters.
> > > >
> > > >I’m -1 to include the read-only patch to 2.8.
> > > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > > blockers and major issues.
> > > >
> > > >Guys, we don’t release Apache Ignite for 13 months!
> > > >We should focus on the release and make it ASAP.
> > > >
> > > >We can’t extend the scope anymore.
> > > >
> > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> antonovsergey93@gmail.com >
> > > написал(а):
> > > >>
> > > >> Hello, Maxim!
> > > >>
> > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > > >> changed.
> > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> > > >> presented. Changes in product code are minimal - only 30 changed
> files
> > > in
> > > >> /src/main/ part. And most of them are new control.sh commands and
> > > >> configuration.
> > > >>
> > > >>> Do we have customer requests for this feature or maybe users who
> are
> > > >> waiting for exactly that ENUM values exactly in 2.8 release (not the
> > > 2.8.1
> > > >> for instance)?
> > > >> Can we introduce in new features in maintanance release (2.8.1)?
> Cluster
> > > >> read-only mode will be new feature, if we remove
> IgniteCluster#readOnly
> > > in
> > > >> 2.8 release. If all ok with that, lets remove
> IgniteCluster#readOnly and
> > > >> move ticket [1] to 2.8.1 release.
> > > >>
> > > >>> Do we have extended test results report (on just only TC.Bot green
> > > visa)
> > > >> on this feature to be sure that we will not add any blocker issues
> to
> > > the
> > > >> release?
> > > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa
> vs
> > > >> release branch.
> > > >>
> > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>
> > > >>
> > > >>
> > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmuzaf@apache.org >:
> > > >>
> > > >>> Folks,
> > > >>>
> > > >>>
> > > >>> Let me remind you that we are working on the 2.8 release branch
> > > >>> stabilization currently (please, keep it in mind).
> > > >>>
> > > >>>
> > > >>> Do we have a really STRONG reason for adding such a change [1] to
> the
> > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > > >>> −2,038, 111 files changed.
> > > >>> Do we have customer requests for this feature or maybe users who
> are
> > > >>> waiting for exactly that ENUM values exactly in 2.8 release (not
> the
> > > >>> 2.8.1 for instance)?
> > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > >>> Do we have extended test results report (on just only TC.Bot green
> > > >>> visa) on this feature to be sure that we will not add any blocker
> > > >>> issues to the release? For instance, on pre-production environment.
> > > >>>
> > > >>> I'd like to notice that we also have more than enough the release
> > > >>> blocker issues [3] which are still `in progress` and such a release
> > > >>> run becomes endless. Such changes without strong reasons looks too
> > > >>> scary for me a special after scope and code freeze dates.
> > > >>>
> > > >>> Please, dispel my doubts.
> > > >>>
> > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > >>> [3]
> > > >>>
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > )
> > > >>>
> > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> zaleslaw.sin@gmail.com
> > > >
> > > >>> wrote:
> > > >>>>
> > > >>>> +1
> > > >>>>
> > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > antonovsergey93@gmail.com >:
> > > >>>>
> > > >>>>> +1
> > > >>>>>
> > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> branch
> > > >>> will be
> > > >>>>> at 13 Jan
> > > >>>>>
> > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < vololo100@gmail.com
> >:
> > > >>>>>
> > > >>>>>> +1
> > > >>>>>>
> > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < ivan.glukos@gmail.com
> >:
> > > >>>>>>>
> > > >>>>>>> Maxim M. and anyone who is interested,
> > > >>>>>>>
> > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>>>>>> Basically, it's a result of the following discussion:
> > > >>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > >>>>>>>
> > > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
> > > >>> work
> > > >>>>> with
> > > >>>>>>> boolean are replaced with ones that work with enum.
> > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> boolean
> > > >>>>> version
> > > >>>>>> of
> > > >>>>>>> API in the code (which is currently present in 2.8 branch) as
> it
> > > >>> wasn't
> > > >>>>>>> published in any release.
> > > >>>>>>>
> > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > >>>>>>  ilya.kasnacheev@gmail.com >
> > > >>>>>>> wrote:
> > > >>>>>>>
> > > >>>>>>>> Hello!
> > > >>>>>>>>
> > > >>>>>>>> I have ran dependency checker plugin and quote the following:
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-urideploy:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-spring:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-spring-data:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-aop:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-visor-console:
> > > >>>>>>>>
> > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >>>>> :
> > > >>>>>>>> CVE-2018-15756
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-spring-data_2.0:
> > > >>>>>>>>
> > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-15756
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-rest-http:
> > > >>>>>>>>
> > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >>>>>>>> jackson-databind-2.9.6.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-kubernetes:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-aws:
> > > >>>>>>>>
> > > >>>>>>>> jackson-databind-2.9.6.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > >>>>> CVE-2015-6644,
> > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > >>>>> CVE-2016-1000341,
> > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >>>>> CVE-2016-1000345,
> > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > >>> CVE-2017-13098,
> > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-gce:
> > > >>>>>>>>
> > > >>>>>>>> httpclient-4.0.1.jar
> > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> CVE-2011-1498,
> > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > >>>>>>>> guava-jdk5-17.0.jar
> (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-cloud:
> > > >>>>>>>>
> > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > >>> CVE-2013-2014,
> > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > >>>>>> CVE-2014-3520,
> > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > >>>>>> CVE-2018-20170
> > > >>>>>>>> cloudstack-2.0.0.jar
> > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > >>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> CVE-2013-2136,
> > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > >>>>>>>> docker-2.0.0.jar
> (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> CVE-2019-16884,
> > > >>>>>>>> CVE-2019-5736
> > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> docker-1.9.3.jar
> (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > >>> ,
> > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> CVE-2019-15752,
> > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > >>>>> CVE-2015-6644,
> > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > >>> CVE-2016-1000341,
> > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >>>>> CVE-2016-1000345,
> > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > >>> CVE-2018-1000613
> > > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-mesos:
> > > >>>>>>>>
> > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >>>>>>>> jackson-databind-2.9.6.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-kafka:
> > > >>>>>>>>
> > > >>>>>>>> kafka-clients-2.0.1.jar
> > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > >>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > >>>>>>>> connect-api-2.0.1.jar
> > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-flume:
> > > >>>>>>>>
> > > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > >>> CVE-2017-15095,
> > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> CVE-2018-1000873,
> > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > >>>>>>>> commons-collections-3.2.1.jar
> > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2015-6420,
> > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > >>>>>> CVE-2019-16869,
> > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2005-3747,
> > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > >>>>>> CVE-2009-5049,
> > > >>>>>>>> CVE-2011-4461
> > > >>>>>>>> jetty-util-6.1.26.jar
> > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > >>>>> ,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >>> CVE-2009-1523,
> > > >>>>>>>> CVE-2011-4461
> > > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >>> CVE-2009-1523,
> > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > >>>>>> CVE-2017-9735,
> > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > >>>>>>>> libthrift-0.9.0.jar
> (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > >>> :
> > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > >>>>>>>> httpclient-4.1.3.jar
> > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> > > >>>>>>>> CVE-2015-5262
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-twitter:
> > > >>>>>>>>
> > > >>>>>>>> httpclient-4.2.5.jar
> > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> > > >>>>>>>> CVE-2015-5262
> > > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-zookeeper:
> > > >>>>>>>>
> > > >>>>>>>> jackson-databind-2.9.8.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2019-12086,
> > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439,
> > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943,
> > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> CVE-2018-1000873,
> > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > >>>>> ,
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-camel:
> > > >>>>>>>>
> > > >>>>>>>> camel-core-2.22.0.jar
> > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-storm:
> > > >>>>>>>>
> > > >>>>>>>> storm-core-1.1.1.jar
> (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > >>> ,
> > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >>>>> CVE-2019-10247
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> > > >>>>>>>> CVE-2015-5262
> > > >>>>>>>>
> > > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > >>>>>> CVE-2014-3488,
> > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > > >>>>> support
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >>>>> CVE-2011-4461,
> > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > >>>>>> CVE-2019-10241,
> > > >>>>>>>> CVE-2019-10247
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >>>>> CVE-2011-4461,
> > > >>>>>>>> CVE-2019-10247
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2016-1000031
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > >>>>>> CVE-2017-15713,
> > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > >>>>>> CVE-2018-1296,
> > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-cassandra-store:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-cassandra-serializers:
> > > >>>>>>>>
> > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2019-10086
> > > >>>>>>>> commons-collections-3.2.1.jar
> > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2015-6420,
> > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >>>>> :
> > > >>>>>>>> CVE-2018-15756
> > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-flink:
> > > >>>>>>>>
> > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > >>>>>> CVE-2016-4970,
> > > >>>>>>>> CVE-2019-16869
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2017-15095,
> > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> CVE-2018-11307,
> > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> CVE-2018-14719,
> > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> CVE-2018-19361,
> > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439,
> > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943,
> > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-rocketmq:
> > > >>>>>>>>
> > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > >>>>> ,
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > >>>>>>>>
> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > >>> ,
> > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > >>>>>>>>
> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > >>>>>> CVE-2006-7196,
> > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > >>>>>> CVE-2012-5568,
> > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > >>>>>> CVE-2013-4590,
> > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > >>>>>> CVE-2014-0119,
> > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > >>>>>>>>
> > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> maintenance
> > > >>>>>> releases
> > > >>>>>>>> of Spring. I think we can bump most of that.
> > > >>>>>>>>
> > > >>>>>>>> Some integrations also clearly suffer, through it's a problem
> of
> > > >>>>> their
> > > >>>>>>>> users, since they need to declare their own libraries'
> versions
> > > >>> by
> > > >>>>>>>> convention.
> > > >>>>>>>>
> > > >>>>>>>> Regards,
> > > >>>>>>>> --
> > > >>>>>>>> Ilya Kasnacheev
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < dmagda@apache.org
> >:
> > > >>>>>>>>
> > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > > >>> let's
> > > >>>>>> update
> > > >>>>>>>>> the versions of the dependencies to the latest.
> > > >>>>>>>>>
> > > >>>>>>>>> -
> > > >>>>>>>>> Denis
> > > >>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > > >>>>>>>>> wrote:
> > > >>>>>>>>>
> > > >>>>>>>>>> Hello!
> > > >>>>>>>>>>
> > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > >>>>>>>>>>
> > > >>>>>>>>>> By bumping versisons I mean the following:
> > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > >>>>>>>>>>
> > > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > >>>>>>>> <!--
> > > >>>>>>>>>> don't forget to update spring version -->
> > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > >>>>> don't
> > > >>>>>>>>> forget
> > > >>>>>>>>>> to update spring-data version -->
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > >>>>>>>>>>
> > > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > >>>>>>>>> don't
> > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > >>>>>>>>>>
> > > >>>>>>>>>> All these libraries have maintenance release (such as our
> > > >>>>> 2.7.*6*)
> > > >>>>>> and
> > > >>>>>>>> I
> > > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > > >>> to the
> > > >>>>>>>> latest
> > > >>>>>>>>>> maintenance version found in Maven Central.
> > > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > >>>>>>>>>>
> > > >>>>>>>>>> Regards,
> > > >>>>>>>>>> --
> > > >>>>>>>>>> Ilya Kasnacheev
> > > >>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> dmagda@apache.org
> > > >>>> :
> > > >>>>>>>>>>
> > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > >>> fixes/improvements.
> > > >>>>>> Ilya is
> > > >>>>>>>>>> right
> > > >>>>>>>>>>> that Spring Data related questions sparked last time due to
> > > >>>>>> missing
> > > >>>>>>>>>> support
> > > >>>>>>>>>>> of 2.2 version.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > > >>> the
> > > >>>>>>>>> versions"?
> > > >>>>>>>>>> Do
> > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > >>>>>>>>> "ignite-spring-data"
> > > >>>>>>>>>> to
> > > >>>>>>>>>>> version 2.2 and introducing
> > > >>> "ignite-spring-data-{old-version"}
> > > >>>>>> for
> > > >>>>>>>> the
> > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > >>> proposal.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> -
> > > >>>>>>>>>>> Denis
> > > >>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>> wrote:
> > > >>>>>>>>>>>
> > > >>>>>>>>>>>> Hello!
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > >>>>>> commits, be
> > > >>>>>>>>>>> careful
> > > >>>>>>>>>>>> with release version)
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > >>> will
> > > >>>>>> provide
> > > >>>>>>>>> the
> > > >>>>>>>>>>>> following considerations:
> > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > >>> currently do
> > > >>>>>> not
> > > >>>>>>>>> have,
> > > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > > >>> and
> > > >>>>>> mailing
> > > >>>>>>>>>> list.
> > > >>>>>>>>>>>> Spring Data is important to our public image since many
> > > >>>>> people
> > > >>>>>> may
> > > >>>>>>>>>> learn
> > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > >>> (just 2
> > > >>>>> POM
> > > >>>>>>>> file
> > > >>>>>>>>>>>> touched and that's all).
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > >>> gmail
> > > >>>>>> quirk,
> > > >>>>>>>> we
> > > >>>>>>>>>> did
> > > >>>>>>>>>>>> not react to it in time.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> WDYT?
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > >>>>>> dependencies'
> > > >>>>>>>>>> versions
> > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > >>>>> hibernate
> > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > >>>>> maintenance
> > > >>>>>>>>> versions
> > > >>>>>>>>>>> to
> > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > > >>>>> between
> > > >>>>>>>>>> releases,
> > > >>>>>>>>>>> so
> > > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > > >>>>> formal
> > > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> > > >>>>> these
> > > >>>>>>>>> version
> > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Regards,
> > > >>>>>>>>>>>> --
> > > >>>>>>>>>>>> Ilya Kasnacheev
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > >>>>>>>>>>> < arzamas123@mail.ru.invalid
> > > >>>>>>>>>>>>> :
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > > >>>>> 2.7.6,
> > > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > >>> Xeon
> > > >>>>>> X5570
> > > >>>>>>>>> 96Gb
> > > >>>>>>>>>>>> 512GB
> > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> cacheMode — partitioned
> > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > >>>>>>>>>>>>> 1 backup
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > >>> disabled.
> > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> [1]
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > > >>>>>>>>>>>>>> Cc:
> > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > >>> Manager]
> > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Igniters,
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > >>> Apache
> > > >>>>>> Ignite
> > > >>>>>>>>> 2.7
> > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > >>> performance
> > > >>>>>>>>>> improvements
> > > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > > >>>>>> release
> > > >>>>>>>>> date.
> > > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > > >>>>> point
> > > >>>>>>>> since
> > > >>>>>>>>>> the
> > > >>>>>>>>>>>>>> last major release:
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Service Grid,
> > > >>>>>>>>>>>>>> Monitoring,
> > > >>>>>>>>>>>>>> Recovery Read
> > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > >>>>>>>>>>>>>> PDS compression,
> > > >>>>>>>>>>>>>> WAL page compression,
> > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > >>>>>>>>>>>>>> SQL query history
> > > >>>>>>>>>>>>>> SQL statistics
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > > >>>>>> branch
> > > >>>>>>>>>> anymore
> > > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > > >>> year.
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > > >>>>>> release
> > > >>>>>>>> and
> > > >>>>>>>>>> also
> > > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > > >>> the
> > > >>>>>>>> planning
> > > >>>>>>>>>>>>>> release.
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> WDYT?
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>> --
> > > >>>>>> Best regards,
> > > >>>>>> Ivan Pavlukhin
> > > >>>>>>
> > > >>>>>
> > > >>>
> > > >>
> > > >>
> > > >> --
> > > >> BR, Sergey Antonov
> > > >
> > >
> > >
> > >
> > >
>
>
>
> --
> Best regards,
> Ivan Pavlukhin
>
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Ivan Pavlukhin <vo...@gmail.com>]

Folks,

Some thoughts:
* Releasing an API with known fallacies sounds really bad thing to me.
It can have a negative consequences for a whole project for years. My
opinion here that we should resolve the problem with this API somehow
before release.
* We can mark cluster read-only API (without enum) as experimental and
change the API in e.g. 2.8.1.
* We can try to exclude read-only API from 2.8 at all.

What do you think?

пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <pl...@gmail.com>:
>
> Guys,
>
> There is also an issue with cluster activation by thin clients. This
> feature (.NET thin client API change and protocol change) was added by [1]
> without any discussion on dev-list. Sergey's patch [2] deprecate methods
> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't do
> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
> should not forget about thin client changes, since it will be strange if we
> introduce some methods to thin client API and protocol and in the same
> Ignite version deprecate these methods for servers and thick clients.
>
> [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> [2]: https://issues.apache.org/jira/browse/IGNITE-12225
>
>
> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <arzamas123@mail.ru.invalid
> >:
>
> >
> >
> > Agree with Nikolay, -1 from me, too.
> >
> > >Hello, Igniters.
> > >
> > >I’m -1 to include the read-only patch to 2.8.
> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > blockers and major issues.
> > >
> > >Guys, we don’t release Apache Ignite for 13 months!
> > >We should focus on the release and make it ASAP.
> > >
> > >We can’t extend the scope anymore.
> > >
> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov < antonovsergey93@gmail.com >
> > написал(а):
> > >>
> > >> Hello, Maxim!
> > >>
> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > >> changed.
> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> > >> presented. Changes in product code are minimal - only 30 changed files
> > in
> > >> /src/main/ part. And most of them are new control.sh commands and
> > >> configuration.
> > >>
> > >>> Do we have customer requests for this feature or maybe users who are
> > >> waiting for exactly that ENUM values exactly in 2.8 release (not the
> > 2.8.1
> > >> for instance)?
> > >> Can we introduce in new features in maintanance release (2.8.1)? Cluster
> > >> read-only mode will be new feature, if we remove IgniteCluster#readOnly
> > in
> > >> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
> > >> move ticket [1] to 2.8.1 release.
> > >>
> > >>> Do we have extended test results report (on just only TC.Bot green
> > visa)
> > >> on this feature to be sure that we will not add any blocker issues to
> > the
> > >> release?
> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
> > >> release branch.
> > >>
> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>
> > >>
> > >>
> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmuzaf@apache.org >:
> > >>
> > >>> Folks,
> > >>>
> > >>>
> > >>> Let me remind you that we are working on the 2.8 release branch
> > >>> stabilization currently (please, keep it in mind).
> > >>>
> > >>>
> > >>> Do we have a really STRONG reason for adding such a change [1] to the
> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > >>> −2,038, 111 files changed.
> > >>> Do we have customer requests for this feature or maybe users who are
> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not the
> > >>> 2.8.1 for instance)?
> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > >>> Do we have extended test results report (on just only TC.Bot green
> > >>> visa) on this feature to be sure that we will not add any blocker
> > >>> issues to the release? For instance, on pre-production environment.
> > >>>
> > >>> I'd like to notice that we also have more than enough the release
> > >>> blocker issues [3] which are still `in progress` and such a release
> > >>> run becomes endless. Such changes without strong reasons looks too
> > >>> scary for me a special after scope and code freeze dates.
> > >>>
> > >>> Please, dispel my doubts.
> > >>>
> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > >>> [3]
> > >>>
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > )
> > >>>
> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev < zaleslaw.sin@gmail.com
> > >
> > >>> wrote:
> > >>>>
> > >>>> +1
> > >>>>
> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > antonovsergey93@gmail.com >:
> > >>>>
> > >>>>> +1
> > >>>>>
> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
> > >>> will be
> > >>>>> at 13 Jan
> > >>>>>
> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < vololo100@gmail.com >:
> > >>>>>
> > >>>>>> +1
> > >>>>>>
> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < ivan.glukos@gmail.com >:
> > >>>>>>>
> > >>>>>>> Maxim M. and anyone who is interested,
> > >>>>>>>
> > >>>>>>> I suggest to include this fix to 2.8 release:
> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>>>>>> Basically, it's a result of the following discussion:
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > >>>>>>>
> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
> > >>> work
> > >>>>> with
> > >>>>>>> boolean are replaced with ones that work with enum.
> > >>>>>>> If we include it, we won't be obliged to keep deprecated boolean
> > >>>>> version
> > >>>>>> of
> > >>>>>>> API in the code (which is currently present in 2.8 branch) as it
> > >>> wasn't
> > >>>>>>> published in any release.
> > >>>>>>>
> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > >>>>>>  ilya.kasnacheev@gmail.com >
> > >>>>>>> wrote:
> > >>>>>>>
> > >>>>>>>> Hello!
> > >>>>>>>>
> > >>>>>>>> I have ran dependency checker plugin and quote the following:
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-urideploy:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-spring:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-spring-data:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-aop:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-visor-console:
> > >>>>>>>>
> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > >>>>>>>>
> > >>>>>>
> > >>>
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > >>>>> :
> > >>>>>>>> CVE-2018-15756
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-spring-data_2.0:
> > >>>>>>>>
> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > >>>>>>>>
> > >>>>>>
> > >>>
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-15756
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-rest-http:
> > >>>>>>>>
> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > >>>>>>>> jackson-databind-2.9.6.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-kubernetes:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-aws:
> > >>>>>>>>
> > >>>>>>>> jackson-databind-2.9.6.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > >>>>> CVE-2015-6644,
> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > >>>>> CVE-2016-1000341,
> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > >>>>> CVE-2016-1000345,
> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > >>> CVE-2017-13098,
> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-gce:
> > >>>>>>>>
> > >>>>>>>> httpclient-4.0.1.jar
> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > >>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-cloud:
> > >>>>>>>>
> > >>>>>>>> openstack-keystone-2.0.0.jar
> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > >>> CVE-2013-2014,
> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > >>>>>> CVE-2014-3520,
> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > >>>>>> CVE-2018-20170
> > >>>>>>>> cloudstack-2.0.0.jar
> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > >>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > >>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > >>>>>>>> CVE-2019-5736
> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > >>> ,
> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > >>>>> CVE-2015-6644,
> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > >>> CVE-2016-1000341,
> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > >>>>> CVE-2016-1000345,
> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > >>> CVE-2018-1000613
> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-mesos:
> > >>>>>>>>
> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > >>>>>>>> jackson-databind-2.9.6.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-kafka:
> > >>>>>>>>
> > >>>>>>>> kafka-clients-2.0.1.jar
> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > >>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >>>>>>>> connect-api-2.0.1.jar
> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-flume:
> > >>>>>>>>
> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > >>> CVE-2017-15095,
> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > >>>>>>>> commons-collections-3.2.1.jar
> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2015-6420,
> > >>>>>>>> CVE-2017-15708, Remote code execution
> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > >>>>>> CVE-2019-16869,
> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > >>>>>>>> servlet-api-2.5-20110124.jar
> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2005-3747,
> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > >>>>>> CVE-2009-5049,
> > >>>>>>>> CVE-2011-4461
> > >>>>>>>> jetty-util-6.1.26.jar
> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > >>>>> ,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > >>> CVE-2009-1523,
> > >>>>>>>> CVE-2011-4461
> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > >>> CVE-2009-1523,
> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > >>>>>> CVE-2017-9735,
> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > >>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > >>> :
> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > >>>>>>>> httpclient-4.1.3.jar
> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > >>>>>>>> CVE-2015-5262
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-twitter:
> > >>>>>>>>
> > >>>>>>>> httpclient-4.2.5.jar
> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > >>>>>>>> CVE-2015-5262
> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-zookeeper:
> > >>>>>>>>
> > >>>>>>>> jackson-databind-2.9.8.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2019-12086,
> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > >>>>>>>> netty-all-4.1.29.Final.jar
> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > >>>>> ,
> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-camel:
> > >>>>>>>>
> > >>>>>>>> camel-core-2.22.0.jar
> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-storm:
> > >>>>>>>>
> > >>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
> > >>> ,
> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >>>>> CVE-2019-10247
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > >>>>>>>> CVE-2015-5262
> > >>>>>>>>
> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > >>>>>> CVE-2014-3488,
> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > >>>>> support
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >>>>> CVE-2011-4461,
> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > >>>>>> CVE-2019-10241,
> > >>>>>>>> CVE-2019-10247
> > >>>>>>>>
> > >>>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >>>>> CVE-2011-4461,
> > >>>>>>>> CVE-2019-10247
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2016-1000031
> > >>>>>>>>
> > >>>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > >>>>>> CVE-2017-15713,
> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > >>>>>> CVE-2018-1296,
> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-cassandra-store:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-cassandra-serializers:
> > >>>>>>>>
> > >>>>>>>> commons-beanutils-1.9.2.jar
> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2019-10086
> > >>>>>>>> commons-collections-3.2.1.jar
> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2015-6420,
> > >>>>>>>> CVE-2017-15708, Remote code execution
> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > >>>>>>>>
> > >>>>>>
> > >>>
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > >>>>> :
> > >>>>>>>> CVE-2018-15756
> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-flink:
> > >>>>>>>>
> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > >>>>>> CVE-2016-4970,
> > >>>>>>>> CVE-2019-16869
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2017-15095,
> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-rocketmq:
> > >>>>>>>>
> > >>>>>>>> netty-all-4.0.42.Final.jar
> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > >>>>> ,
> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > >>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > >>> ,
> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > >>>>>> CVE-2006-7196,
> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > >>>>>> CVE-2012-5568,
> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > >>>>>> CVE-2013-4590,
> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > >>>>>> CVE-2014-0119,
> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > >>>>>>>>
> > >>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
> > >>>>>> releases
> > >>>>>>>> of Spring. I think we can bump most of that.
> > >>>>>>>>
> > >>>>>>>> Some integrations also clearly suffer, through it's a problem of
> > >>>>> their
> > >>>>>>>> users, since they need to declare their own libraries' versions
> > >>> by
> > >>>>>>>> convention.
> > >>>>>>>>
> > >>>>>>>> Regards,
> > >>>>>>>> --
> > >>>>>>>> Ilya Kasnacheev
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < dmagda@apache.org >:
> > >>>>>>>>
> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > >>> let's
> > >>>>>> update
> > >>>>>>>>> the versions of the dependencies to the latest.
> > >>>>>>>>>
> > >>>>>>>>> -
> > >>>>>>>>> Denis
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > >>>>>>>>>  ilya.kasnacheev@gmail.com >
> > >>>>>>>>> wrote:
> > >>>>>>>>>
> > >>>>>>>>>> Hello!
> > >>>>>>>>>>
> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > >>>>>>>>>>
> > >>>>>>>>>> By bumping versisons I mean the following:
> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > >>>>>>>>>>
> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > >>>>>>>> <!--
> > >>>>>>>>>> don't forget to update spring version -->
> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > >>>>> don't
> > >>>>>>>>> forget
> > >>>>>>>>>> to update spring-data version -->
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > >>>>>>>>>>
> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > >>>>>>>>> don't
> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > >>>>>>>>>>
> > >>>>>>>>>> All these libraries have maintenance release (such as our
> > >>>>> 2.7.*6*)
> > >>>>>> and
> > >>>>>>>> I
> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > >>> to the
> > >>>>>>>> latest
> > >>>>>>>>>> maintenance version found in Maven Central.
> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > >>>>>>>>>>
> > >>>>>>>>>> Regards,
> > >>>>>>>>>> --
> > >>>>>>>>>> Ilya Kasnacheev
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda < dmagda@apache.org
> > >>>> :
> > >>>>>>>>>>
> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > >>> fixes/improvements.
> > >>>>>> Ilya is
> > >>>>>>>>>> right
> > >>>>>>>>>>> that Spring Data related questions sparked last time due to
> > >>>>>> missing
> > >>>>>>>>>> support
> > >>>>>>>>>>> of 2.2 version.
> > >>>>>>>>>>>
> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > >>> the
> > >>>>>>>>> versions"?
> > >>>>>>>>>> Do
> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > >>>>>>>>> "ignite-spring-data"
> > >>>>>>>>>> to
> > >>>>>>>>>>> version 2.2 and introducing
> > >>> "ignite-spring-data-{old-version"}
> > >>>>>> for
> > >>>>>>>> the
> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > >>> proposal.
> > >>>>>>>>>>>
> > >>>>>>>>>>> -
> > >>>>>>>>>>> Denis
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > >>>>>>>>>>  ilya.kasnacheev@gmail.com
> > >>>>>>>>>>>>
> > >>>>>>>>>>> wrote:
> > >>>>>>>>>>>
> > >>>>>>>>>>>> Hello!
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > >>>>>> commits, be
> > >>>>>>>>>>> careful
> > >>>>>>>>>>>> with release version)
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > >>> will
> > >>>>>> provide
> > >>>>>>>>> the
> > >>>>>>>>>>>> following considerations:
> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > >>> currently do
> > >>>>>> not
> > >>>>>>>>> have,
> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > >>> and
> > >>>>>> mailing
> > >>>>>>>>>> list.
> > >>>>>>>>>>>> Spring Data is important to our public image since many
> > >>>>> people
> > >>>>>> may
> > >>>>>>>>>> learn
> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > >>> (just 2
> > >>>>> POM
> > >>>>>>>> file
> > >>>>>>>>>>>> touched and that's all).
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> * The core was ready since early November but, due to
> > >>> gmail
> > >>>>>> quirk,
> > >>>>>>>> we
> > >>>>>>>>>> did
> > >>>>>>>>>>>> not react to it in time.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> WDYT?
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > >>>>>> dependencies'
> > >>>>>>>>>> versions
> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > >>>>> hibernate
> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > >>>>> maintenance
> > >>>>>>>>> versions
> > >>>>>>>>>>> to
> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > >>>>> between
> > >>>>>>>>>> releases,
> > >>>>>>>>>>> so
> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > >>>>> formal
> > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> > >>>>> these
> > >>>>>>>>> version
> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Regards,
> > >>>>>>>>>>>> --
> > >>>>>>>>>>>> Ilya Kasnacheev
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > >>>>>>>>>>> < arzamas123@mail.ru.invalid
> > >>>>>>>>>>>>> :
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > >>>>> 2.7.6,
> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > >>> Xeon
> > >>>>>> X5570
> > >>>>>>>>> 96Gb
> > >>>>>>>>>>>> 512GB
> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> cacheMode — partitioned
> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > >>>>>>>>>>>>> 1 backup
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > >>> disabled.
> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> [1]
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> > >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> > >>>>>>>>>>>>>> Cc:
> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > >>> Manager]
> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Igniters,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > >>> Apache
> > >>>>>> Ignite
> > >>>>>>>>> 2.7
> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > >>> performance
> > >>>>>>>>>> improvements
> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > >>>>>> release
> > >>>>>>>>> date.
> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > >>>>> point
> > >>>>>>>> since
> > >>>>>>>>>> the
> > >>>>>>>>>>>>>> last major release:
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Service Grid,
> > >>>>>>>>>>>>>> Monitoring,
> > >>>>>>>>>>>>>> Recovery Read
> > >>>>>>>>>>>>>> BLT auto-adjust,
> > >>>>>>>>>>>>>> PDS compression,
> > >>>>>>>>>>>>>> WAL page compression,
> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > >>>>>>>>>>>>>> SQL query history
> > >>>>>>>>>>>>>> SQL statistics
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > >>>>>> branch
> > >>>>>>>>>> anymore
> > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > >>> year.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > >>>>>> release
> > >>>>>>>> and
> > >>>>>>>>>> also
> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > >>> the
> > >>>>>>>> planning
> > >>>>>>>>>>>>>> release.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> WDYT?
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> --
> > >>>>>> Best regards,
> > >>>>>> Ivan Pavlukhin
> > >>>>>>
> > >>>>>
> > >>>
> > >>
> > >>
> > >> --
> > >> BR, Sergey Antonov
> > >
> >
> >
> >
> >



-- 
Best regards,
Ivan Pavlukhin

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Alex Plehanov <pl...@gmail.com>]

Guys,

There is also an issue with cluster activation by thin clients. This
feature (.NET thin client API change and protocol change) was added by [1]
without any discussion on dev-list. Sergey's patch [2] deprecate methods
"IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't do
this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
should not forget about thin client changes, since it will be strange if we
introduce some methods to thin client API and protocol and in the same
Ignite version deprecate these methods for servers and thick clients.

[1]: https://issues.apache.org/jira/browse/IGNITE-11709
[2]: https://issues.apache.org/jira/browse/IGNITE-12225


пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <arzamas123@mail.ru.invalid
>:

>
>
> Agree with Nikolay, -1 from me, too.
>
> >Hello, Igniters.
> >
> >I’m -1 to include the read-only patch to 2.8.
> >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> blockers and major issues.
> >
> >Guys, we don’t release Apache Ignite for 13 months!
> >We should focus on the release and make it ASAP.
> >
> >We can’t extend the scope anymore.
> >
> >> 10 янв. 2020 г., в 04:29, Sergey Antonov < antonovsergey93@gmail.com >
> написал(а):
> >>
> >> Hello, Maxim!
> >>
> >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> >> changed.
> >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> >> presented. Changes in product code are minimal - only 30 changed files
> in
> >> /src/main/ part. And most of them are new control.sh commands and
> >> configuration.
> >>
> >>> Do we have customer requests for this feature or maybe users who are
> >> waiting for exactly that ENUM values exactly in 2.8 release (not the
> 2.8.1
> >> for instance)?
> >> Can we introduce in new features in maintanance release (2.8.1)? Cluster
> >> read-only mode will be new feature, if we remove IgniteCluster#readOnly
> in
> >> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
> >> move ticket [1] to 2.8.1 release.
> >>
> >>> Do we have extended test results report (on just only TC.Bot green
> visa)
> >> on this feature to be sure that we will not add any blocker issues to
> the
> >> release?
> >> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
> >> release branch.
> >>
> >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> >>
> >>
> >>
> >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmuzaf@apache.org >:
> >>
> >>> Folks,
> >>>
> >>>
> >>> Let me remind you that we are working on the 2.8 release branch
> >>> stabilization currently (please, keep it in mind).
> >>>
> >>>
> >>> Do we have a really STRONG reason for adding such a change [1] to the
> >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> >>> −2,038, 111 files changed.
> >>> Do we have customer requests for this feature or maybe users who are
> >>> waiting for exactly that ENUM values exactly in 2.8 release (not the
> >>> 2.8.1 for instance)?
> >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> >>> backward compatibility issues between 2.8 and 2.9 releases?
> >>> Do we have extended test results report (on just only TC.Bot green
> >>> visa) on this feature to be sure that we will not add any blocker
> >>> issues to the release? For instance, on pre-production environment.
> >>>
> >>> I'd like to notice that we also have more than enough the release
> >>> blocker issues [3] which are still `in progress` and such a release
> >>> run becomes endless. Such changes without strong reasons looks too
> >>> scary for me a special after scope and code freeze dates.
> >>>
> >>> Please, dispel my doubts.
> >>>
> >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> >>> [2]  https://github.com/apache/ignite/pull/7194
> >>> [3]
> >>>
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> )
> >>>
> >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev < zaleslaw.sin@gmail.com
> >
> >>> wrote:
> >>>>
> >>>> +1
> >>>>
> >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> antonovsergey93@gmail.com >:
> >>>>
> >>>>> +1
> >>>>>
> >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
> >>> will be
> >>>>> at 13 Jan
> >>>>>
> >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < vololo100@gmail.com >:
> >>>>>
> >>>>>> +1
> >>>>>>
> >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < ivan.glukos@gmail.com >:
> >>>>>>>
> >>>>>>> Maxim M. and anyone who is interested,
> >>>>>>>
> >>>>>>> I suggest to include this fix to 2.8 release:
> >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> >>>>>>> Basically, it's a result of the following discussion:
> >>>>>>>
> >>>>>>
> >>>>>
> >>>
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> >>>>>>>
> >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
> >>> work
> >>>>> with
> >>>>>>> boolean are replaced with ones that work with enum.
> >>>>>>> If we include it, we won't be obliged to keep deprecated boolean
> >>>>> version
> >>>>>> of
> >>>>>>> API in the code (which is currently present in 2.8 branch) as it
> >>> wasn't
> >>>>>>> published in any release.
> >>>>>>>
> >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> >>>>>>  ilya.kasnacheev@gmail.com >
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> Hello!
> >>>>>>>>
> >>>>>>>> I have ran dependency checker plugin and quote the following:
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-urideploy:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-spring:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-spring-data:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-aop:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-visor-console:
> >>>>>>>>
> >>>>>>>> spring-core-4.3.18.RELEASE.jar
> >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> >>>>>>>>
> >>>>>>
> >>>
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> >>>>> :
> >>>>>>>> CVE-2018-15756
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-spring-data_2.0:
> >>>>>>>>
> >>>>>>>> spring-core-5.0.8.RELEASE.jar
> >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> >>>>>>>>
> >>>>>>
> >>>
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-15756
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-rest-http:
> >>>>>>>>
> >>>>>>>> jetty-server-9.4.11.v20180605.jar
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> >>>>>>>> jackson-databind-2.9.6.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-kubernetes:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-aws:
> >>>>>>>>
> >>>>>>>> jackson-databind-2.9.6.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> >>>>> CVE-2015-6644,
> >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> >>>>> CVE-2016-1000341,
> >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> >>>>> CVE-2016-1000345,
> >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> >>> CVE-2017-13098,
> >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-gce:
> >>>>>>>>
> >>>>>>>> httpclient-4.0.1.jar
> >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> >>>>>>>> CVE-2014-3577, CVE-2015-5262
> >>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-cloud:
> >>>>>>>>
> >>>>>>>> openstack-keystone-2.0.0.jar
> >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> >>> CVE-2013-2014,
> >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> >>>>>> CVE-2014-3520,
> >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> >>>>>> CVE-2018-20170
> >>>>>>>> cloudstack-2.0.0.jar
> >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> >>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> >>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> >>>>>>>> CVE-2019-5736
> >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> >>> ,
> >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> >>>>>>>> CVE-2019-16884, CVE-2019-5736
> >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> >>>>> CVE-2015-6644,
> >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> >>> CVE-2016-1000341,
> >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> >>>>> CVE-2016-1000345,
> >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> >>> CVE-2018-1000613
> >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-mesos:
> >>>>>>>>
> >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> >>>>>>>> jetty-server-9.4.11.v20180605.jar
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> >>>>>>>> jackson-databind-2.9.6.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-kafka:
> >>>>>>>>
> >>>>>>>> kafka-clients-2.0.1.jar
> >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> >>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >>>>>>>> connect-api-2.0.1.jar
> >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-flume:
> >>>>>>>>
> >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> jackson-core-asl-1.8.8.jar
> >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> >>> CVE-2017-15095,
> >>>>>>>> CVE-2017-17485, CVE-2017-7525
> >>>>>>>> jackson-mapper-asl-1.8.8.jar
> >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> >>>>>>>> CVE-2019-16335, CVE-2019-17267
> >>>>>>>> commons-collections-3.2.1.jar
> >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> >>>>>> CVE-2015-6420,
> >>>>>>>> CVE-2017-15708, Remote code execution
> >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> >>>>>> CVE-2019-16869,
> >>>>>>>> POODLE vulnerability in SSLv3.0 support
> >>>>>>>> servlet-api-2.5-20110124.jar
> >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> >>>>>> CVE-2005-3747,
> >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> >>>>>> CVE-2009-5049,
> >>>>>>>> CVE-2011-4461
> >>>>>>>> jetty-util-6.1.26.jar
> >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> >>>>> ,
> >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> >>> CVE-2009-1523,
> >>>>>>>> CVE-2011-4461
> >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> >>> CVE-2009-1523,
> >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> >>>>>> CVE-2017-9735,
> >>>>>>>> CVE-2019-10241, CVE-2019-10247
> >>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> >>> :
> >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> >>>>>>>> httpclient-4.1.3.jar
> >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> >>>>>>>> CVE-2015-5262
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-twitter:
> >>>>>>>>
> >>>>>>>> httpclient-4.2.5.jar
> >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> >>>>>>>> CVE-2015-5262
> >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-zookeeper:
> >>>>>>>>
> >>>>>>>> jackson-databind-2.9.8.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> >>>>>> CVE-2019-12086,
> >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> >>>>>>>> CVE-2019-17267, CVE-2019-17531
> >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> jackson-mapper-asl-1.9.13.jar
> >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> >>>>>>>> netty-all-4.1.29.Final.jar
> >>> (pkg:maven/io.netty/netty-all@4.1.29.Final
> >>>>> ,
> >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-camel:
> >>>>>>>>
> >>>>>>>> camel-core-2.22.0.jar
> >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> >>>>>>>> CVE-2019-0188, CVE-2019-0194
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> >>>>>>>> CVE-2019-0188, CVE-2019-0194
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-storm:
> >>>>>>>>
> >>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
> >>> ,
> >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >>>>> CVE-2019-10247
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> >>>>>>>> CVE-2015-5262
> >>>>>>>>
> >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
> >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> >>>>>> CVE-2014-3488,
> >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> >>>>> support
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >>>>> CVE-2011-4461,
> >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> >>>>>> CVE-2019-10241,
> >>>>>>>> CVE-2019-10247
> >>>>>>>>
> >>>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >>>>> CVE-2011-4461,
> >>>>>>>> CVE-2019-10247
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> >>>>>> CVE-2016-1000031
> >>>>>>>>
> >>>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> >>>>>> CVE-2017-15713,
> >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> >>>>>> CVE-2018-1296,
> >>>>>>>> CVE-2018-8009, CVE-2018-8029
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-cassandra-store:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-cassandra-serializers:
> >>>>>>>>
> >>>>>>>> commons-beanutils-1.9.2.jar
> >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> >>>>>> CVE-2019-10086
> >>>>>>>> commons-collections-3.2.1.jar
> >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> >>>>>> CVE-2015-6420,
> >>>>>>>> CVE-2017-15708, Remote code execution
> >>>>>>>> spring-core-4.3.18.RELEASE.jar
> >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> >>>>>>>>
> >>>>>>
> >>>
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> >>>>> :
> >>>>>>>> CVE-2018-15756
> >>>>>>>> netty-transport-4.1.27.Final.jar
> >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-flink:
> >>>>>>>>
> >>>>>>>> flink-hadoop-fs-1.5.0.jar
> >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> >>>>>>>> CVE-2017-3161, CVE-2017-3162
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
> >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> >>>>>> CVE-2016-4970,
> >>>>>>>> CVE-2019-16869
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> >>>>>> CVE-2017-15095,
> >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> >>>>>>>> CVE-2019-17267, CVE-2019-17531
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-rocketmq:
> >>>>>>>>
> >>>>>>>> netty-all-4.0.42.Final.jar
> >>> (pkg:maven/io.netty/netty-all@4.0.42.Final
> >>>>> ,
> >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> >>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> >>> ,
> >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> >>>>>> CVE-2006-7196,
> >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> >>>>>> CVE-2012-5568,
> >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> >>>>>> CVE-2013-4590,
> >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> >>>>>> CVE-2014-0119,
> >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> >>>>>>>>
> >>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
> >>>>>> releases
> >>>>>>>> of Spring. I think we can bump most of that.
> >>>>>>>>
> >>>>>>>> Some integrations also clearly suffer, through it's a problem of
> >>>>> their
> >>>>>>>> users, since they need to declare their own libraries' versions
> >>> by
> >>>>>>>> convention.
> >>>>>>>>
> >>>>>>>> Regards,
> >>>>>>>> --
> >>>>>>>> Ilya Kasnacheev
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < dmagda@apache.org >:
> >>>>>>>>
> >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> >>> let's
> >>>>>> update
> >>>>>>>>> the versions of the dependencies to the latest.
> >>>>>>>>>
> >>>>>>>>> -
> >>>>>>>>> Denis
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> >>>>>>>>>  ilya.kasnacheev@gmail.com >
> >>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>> Hello!
> >>>>>>>>>>
> >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> >>>>>>>>>>
> >>>>>>>>>> By bumping versisons I mean the following:
> >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> >>>>>>>>>>
> >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> >>>>>>>> <!--
> >>>>>>>>>> don't forget to update spring version -->
> >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> >>>>> don't
> >>>>>>>>> forget
> >>>>>>>>>> to update spring-data version -->
> >>>>>>>>>>
> >>>>>>>>>
> >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> >>>>>>>>>>
> >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> >>>>>>>>> don't
> >>>>>>>>>> forget to update spring-data-2.0 version -->
> >>>>>>>>>>
> >>>>>>>>>> All these libraries have maintenance release (such as our
> >>>>> 2.7.*6*)
> >>>>>> and
> >>>>>>>> I
> >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> >>> to the
> >>>>>>>> latest
> >>>>>>>>>> maintenance version found in Maven Central.
> >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> >>>>>>>>>>
> >>>>>>>>>> Regards,
> >>>>>>>>>> --
> >>>>>>>>>> Ilya Kasnacheev
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda < dmagda@apache.org
> >>>> :
> >>>>>>>>>>
> >>>>>>>>>>> A huge +1 for adding Spring Data related
> >>> fixes/improvements.
> >>>>>> Ilya is
> >>>>>>>>>> right
> >>>>>>>>>>> that Spring Data related questions sparked last time due to
> >>>>>> missing
> >>>>>>>>>> support
> >>>>>>>>>>> of 2.2 version.
> >>>>>>>>>>>
> >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> >>> the
> >>>>>>>>> versions"?
> >>>>>>>>>> Do
> >>>>>>>>>>> you suggest performing a straightforward upgrade of
> >>>>>>>>> "ignite-spring-data"
> >>>>>>>>>> to
> >>>>>>>>>>> version 2.2 and introducing
> >>> "ignite-spring-data-{old-version"}
> >>>>>> for
> >>>>>>>> the
> >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> >>> proposal.
> >>>>>>>>>>>
> >>>>>>>>>>> -
> >>>>>>>>>>> Denis
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> >>>>>>>>>>  ilya.kasnacheev@gmail.com
> >>>>>>>>>>>>
> >>>>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Hello!
> >>>>>>>>>>>>
> >>>>>>>>>>>> I propose to add the following ticket to the scope:
> >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> >>>>>> commits, be
> >>>>>>>>>>> careful
> >>>>>>>>>>>> with release version)
> >>>>>>>>>>>>
> >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> >>> will
> >>>>>> provide
> >>>>>>>>> the
> >>>>>>>>>>>> following considerations:
> >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> >>> currently do
> >>>>>> not
> >>>>>>>>> have,
> >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> >>> and
> >>>>>> mailing
> >>>>>>>>>> list.
> >>>>>>>>>>>> Spring Data is important to our public image since many
> >>>>> people
> >>>>>> may
> >>>>>>>>>> learn
> >>>>>>>>>>>> about out project by starting with Spring Data.
> >>>>>>>>>>>>
> >>>>>>>>>>>> * It has zero code impact outside of its own module
> >>> (just 2
> >>>>> POM
> >>>>>>>> file
> >>>>>>>>>>>> touched and that's all).
> >>>>>>>>>>>>
> >>>>>>>>>>>> * The core was ready since early November but, due to
> >>> gmail
> >>>>>> quirk,
> >>>>>>>> we
> >>>>>>>>>> did
> >>>>>>>>>>>> not react to it in time.
> >>>>>>>>>>>>
> >>>>>>>>>>>> WDYT?
> >>>>>>>>>>>>
> >>>>>>>>>>>> Another semi-related question. *Should we bump our
> >>>>>> dependencies'
> >>>>>>>>>> versions
> >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> >>>>> hibernate
> >>>>>>>>>>>> dependencies. We could switch them to their latest
> >>>>> maintenance
> >>>>>>>>> versions
> >>>>>>>>>>> to
> >>>>>>>>>>>> avoid shipping default links to outdated packages.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I think this is one of things that are very hard to do
> >>>>> between
> >>>>>>>>>> releases,
> >>>>>>>>>>> so
> >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> >>>>> formal
> >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> >>>>> these
> >>>>>>>>> version
> >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Regards,
> >>>>>>>>>>>> --
> >>>>>>>>>>>> Ilya Kasnacheev
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> >>>>>>>>>>> < arzamas123@mail.ru.invalid
> >>>>>>>>>>>>> :
> >>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> >>>>> 2.7.6,
> >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> >>> Xeon
> >>>>>> X5570
> >>>>>>>>> 96Gb
> >>>>>>>>>>>> 512GB
> >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> cacheMode — partitioned
> >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> >>>>>>>>>>>>> 1 backup
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> >>> disabled.
> >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> [1]
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> do we need some bisect or other work here ?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> ------- Forwarded message -------
> >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
> >>>>>>>>>>>>>> To:  dev@ignite.apache.org
> >>>>>>>>>>>>>> Cc:
> >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> >>> Manager]
> >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Igniters,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> It's almost a year has passed since the last major
> >>> Apache
> >>>>>> Ignite
> >>>>>>>>> 2.7
> >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> >>> performance
> >>>>>>>>>> improvements
> >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> >>>>>> release
> >>>>>>>>> date.
> >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> >>>>> point
> >>>>>>>> since
> >>>>>>>>>> the
> >>>>>>>>>>>>>> last major release:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Service Grid,
> >>>>>>>>>>>>>> Monitoring,
> >>>>>>>>>>>>>> Recovery Read
> >>>>>>>>>>>>>> BLT auto-adjust,
> >>>>>>>>>>>>>> PDS compression,
> >>>>>>>>>>>>>> WAL page compression,
> >>>>>>>>>>>>>> Thin client: best effort affinity,
> >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> >>>>>>>>>>>>>> SQL query history
> >>>>>>>>>>>>>> SQL statistics
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> >>>>>> branch
> >>>>>>>>>> anymore
> >>>>>>>>>>>>>> and prepare the next major release by the end of the
> >>> year.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> >>>>>> release
> >>>>>>>> and
> >>>>>>>>>> also
> >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> >>> the
> >>>>>>>> planning
> >>>>>>>>>>>>>> release.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> >>>>>>>>>>>>>> Voting Date: December 10, 2019
> >>>>>>>>>>>>>> Release Date: December 17, 2019
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> WDYT?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Best regards,
> >>>>>> Ivan Pavlukhin
> >>>>>>
> >>>>>
> >>>
> >>
> >>
> >> --
> >> BR, Sergey Antonov
> >
>
>
>
>

Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Zhenya Stanilovsky <ar...@mail.ru.INVALID>]

Agree with Nikolay, -1 from me, too.
 
>Hello, Igniters.
>
>I’m -1 to include the read-only patch to 2.8.
>I think we shouldn’t accept any patches to 2.8 except bug fixes for blockers and major issues.
>
>Guys, we don’t release Apache Ignite for 13 months!
>We should focus on the release and make it ASAP.
>
>We can’t extend the scope anymore.
> 
>> 10 янв. 2020 г., в 04:29, Sergey Antonov < antonovsergey93@gmail.com > написал(а):
>>
>> Hello, Maxim!
>>
>>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
>> changed.
>> Yes, PR is huge, but I wrote a lot of new tests and reworked already
>> presented. Changes in product code are minimal - only 30 changed files in
>> /src/main/ part. And most of them are new control.sh commands and
>> configuration.
>>
>>> Do we have customer requests for this feature or maybe users who are
>> waiting for exactly that ENUM values exactly in 2.8 release (not the 2.8.1
>> for instance)?
>> Can we introduce in new features in maintanance release (2.8.1)? Cluster
>> read-only mode will be new feature, if we remove IgniteCluster#readOnly in
>> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
>> move ticket [1] to 2.8.1 release.
>>
>>> Do we have extended test results report (on just only TC.Bot green visa)
>> on this feature to be sure that we will not add any blocker issues to the
>> release?
>> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
>> release branch.
>>
>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
>>
>>
>>
>> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmuzaf@apache.org >:
>>
>>> Folks,
>>>
>>>
>>> Let me remind you that we are working on the 2.8 release branch
>>> stabilization currently (please, keep it in mind).
>>>
>>>
>>> Do we have a really STRONG reason for adding such a change [1] to the
>>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
>>> −2,038, 111 files changed.
>>> Do we have customer requests for this feature or maybe users who are
>>> waiting for exactly that ENUM values exactly in 2.8 release (not the
>>> 2.8.1 for instance)?
>>> Can we just simply remove IgniteCluster#readOnly to eliminate any
>>> backward compatibility issues between 2.8 and 2.9 releases?
>>> Do we have extended test results report (on just only TC.Bot green
>>> visa) on this feature to be sure that we will not add any blocker
>>> issues to the release? For instance, on pre-production environment.
>>>
>>> I'd like to notice that we also have more than enough the release
>>> blocker issues [3] which are still `in progress` and such a release
>>> run becomes endless. Such changes without strong reasons looks too
>>> scary for me a special after scope and code freeze dates.
>>>
>>> Please, dispel my doubts.
>>>
>>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
>>> [2]  https://github.com/apache/ignite/pull/7194
>>> [3]
>>>  https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation )
>>>
>>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev < zaleslaw.sin@gmail.com >
>>> wrote:
>>>>
>>>> +1
>>>>
>>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov < antonovsergey93@gmail.com >:
>>>>
>>>>> +1
>>>>>
>>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
>>> will be
>>>>> at 13 Jan
>>>>>
>>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < vololo100@gmail.com >:
>>>>>
>>>>>> +1
>>>>>>
>>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < ivan.glukos@gmail.com >:
>>>>>>>
>>>>>>> Maxim M. and anyone who is interested,
>>>>>>>
>>>>>>> I suggest to include this fix to 2.8 release:
>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
>>>>>>> Basically, it's a result of the following discussion:
>>>>>>>
>>>>>>
>>>>>
>>>  http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
>>>>>>>
>>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
>>> work
>>>>> with
>>>>>>> boolean are replaced with ones that work with enum.
>>>>>>> If we include it, we won't be obliged to keep deprecated boolean
>>>>> version
>>>>>> of
>>>>>>> API in the code (which is currently present in 2.8 branch) as it
>>> wasn't
>>>>>>> published in any release.
>>>>>>>
>>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
>>>>>>  ilya.kasnacheev@gmail.com >
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hello!
>>>>>>>>
>>>>>>>> I have ran dependency checker plugin and quote the following:
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-urideploy:
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-spring:
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-spring-data:
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-aop:
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-visor-console:
>>>>>>>>
>>>>>>>> spring-core-4.3.18.RELEASE.jar
>>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
>>>>>>>>
>>>>>>
>>> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>>>
>>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>>>
>>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>>>>> :
>>>>>>>> CVE-2018-15756
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-spring-data_2.0:
>>>>>>>>
>>>>>>>> spring-core-5.0.8.RELEASE.jar
>>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
>>>>>>>>
>>>>>>
>>> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>>>>>>>>
>>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>>>>>>>>
>>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2018-15756
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-rest-http:
>>>>>>>>
>>>>>>>> jetty-server-9.4.11.v20180605.jar
>>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>>>>>>>> jackson-databind-2.9.6.jar
>>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-kubernetes:
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-aws:
>>>>>>>>
>>>>>>>> jackson-databind-2.9.6.jar
>>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>>>>>>>> bcprov-ext-jdk15on-1.54.jar
>>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
>>>>> CVE-2015-6644,
>>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
>>>>> CVE-2016-1000341,
>>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>>>>> CVE-2016-1000345,
>>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
>>> CVE-2017-13098,
>>>>>>>> CVE-2018-1000180, CVE-2018-1000613
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-gce:
>>>>>>>>
>>>>>>>> httpclient-4.0.1.jar
>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
>>>>>>>> ,
>>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
>>>>>>>> CVE-2014-3577, CVE-2015-5262
>>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
>>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-cloud:
>>>>>>>>
>>>>>>>> openstack-keystone-2.0.0.jar
>>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
>>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
>>> CVE-2013-2014,
>>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
>>>>>> CVE-2014-3520,
>>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
>>>>>> CVE-2018-20170
>>>>>>>> cloudstack-2.0.0.jar
>>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
>>>>>> ,
>>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
>>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
>>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
>>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
>>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
>>>>>>>> CVE-2019-5736
>>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
>>> ,
>>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
>>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
>>>>>>>> CVE-2019-16884, CVE-2019-5736
>>>>>>>> jsch.agentproxy.core-0.0.8.jar
>>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
>>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
>>>>>>>> bcprov-ext-jdk15on-1.49.jar
>>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
>>>>> CVE-2015-6644,
>>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
>>> CVE-2016-1000341,
>>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>>>>> CVE-2016-1000345,
>>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
>>> CVE-2018-1000613
>>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
>>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-mesos:
>>>>>>>>
>>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
>>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
>>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
>>>>>>>> jetty-server-9.4.11.v20180605.jar
>>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>>>>>>>> jackson-databind-2.9.6.jar
>>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-kafka:
>>>>>>>>
>>>>>>>> kafka-clients-2.0.1.jar
>>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
>>>>>> ,
>>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>>>>>>>> connect-api-2.0.1.jar
>>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
>>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-flume:
>>>>>>>>
>>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
>>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>> jackson-core-asl-1.8.8.jar
>>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
>>> CVE-2017-15095,
>>>>>>>> CVE-2017-17485, CVE-2017-7525
>>>>>>>> jackson-mapper-asl-1.8.8.jar
>>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
>>>>>>>> CVE-2019-16335, CVE-2019-17267
>>>>>>>> commons-collections-3.2.1.jar
>>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>>>>>> CVE-2015-6420,
>>>>>>>> CVE-2017-15708, Remote code execution
>>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
>>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
>>>>>> CVE-2019-16869,
>>>>>>>> POODLE vulnerability in SSLv3.0 support
>>>>>>>> servlet-api-2.5-20110124.jar
>>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
>>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
>>>>>> CVE-2005-3747,
>>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
>>>>>> CVE-2009-5049,
>>>>>>>> CVE-2011-4461
>>>>>>>> jetty-util-6.1.26.jar
>>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
>>>>> ,
>>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>>> CVE-2009-1523,
>>>>>>>> CVE-2011-4461
>>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
>>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>>> CVE-2009-1523,
>>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
>>>>>> CVE-2017-9735,
>>>>>>>> CVE-2019-10241, CVE-2019-10247
>>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
>>> :
>>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
>>>>>>>> httpclient-4.1.3.jar
>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
>>>>>>>> ,
>>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>>>>>>>> CVE-2015-5262
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-twitter:
>>>>>>>>
>>>>>>>> httpclient-4.2.5.jar
>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
>>>>>>>> ,
>>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
>>>>>>>> CVE-2015-5262
>>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
>>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-zookeeper:
>>>>>>>>
>>>>>>>> jackson-databind-2.9.8.jar
>>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
>>>>>> CVE-2019-12086,
>>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>>>>>>>> CVE-2019-17267, CVE-2019-17531
>>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>> jackson-mapper-asl-1.9.13.jar
>>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
>>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
>>>>>>>> netty-all-4.1.29.Final.jar
>>> (pkg:maven/io.netty/netty-all@4.1.29.Final
>>>>> ,
>>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-camel:
>>>>>>>>
>>>>>>>> camel-core-2.22.0.jar
>>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
>>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>>>>>>>> CVE-2019-0188, CVE-2019-0194
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
>>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
>>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>>>>>>>> CVE-2019-0188, CVE-2019-0194
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-storm:
>>>>>>>>
>>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
>>> ,
>>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
>>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
>>>>>>>>
>>>>>>
>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
>>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
>>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>>>>> CVE-2019-10247
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
>>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
>>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>>>>>>>> CVE-2015-5262
>>>>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
>>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
>>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
>>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
>>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
>>>>>> CVE-2014-3488,
>>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
>>>>> support
>>>>>>>>
>>>>>>
>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
>>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
>>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>>>>> CVE-2011-4461,
>>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
>>>>>> CVE-2019-10241,
>>>>>>>> CVE-2019-10247
>>>>>>>>
>>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
>>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
>>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>>>>> CVE-2011-4461,
>>>>>>>> CVE-2019-10247
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
>>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
>>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
>>>>>> CVE-2016-1000031
>>>>>>>>
>>>>>>
>>> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
>>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
>>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
>>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
>>>>>> CVE-2017-15713,
>>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
>>>>>> CVE-2018-1296,
>>>>>>>> CVE-2018-8009, CVE-2018-8029
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-cassandra-store:
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-cassandra-serializers:
>>>>>>>>
>>>>>>>> commons-beanutils-1.9.2.jar
>>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
>>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
>>>>>> CVE-2019-10086
>>>>>>>> commons-collections-3.2.1.jar
>>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>>>>>> CVE-2015-6420,
>>>>>>>> CVE-2017-15708, Remote code execution
>>>>>>>> spring-core-4.3.18.RELEASE.jar
>>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
>>>>>>>>
>>>>>>
>>> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>>>
>>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>>>
>>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>>>>> :
>>>>>>>> CVE-2018-15756
>>>>>>>> netty-transport-4.1.27.Final.jar
>>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
>>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-flink:
>>>>>>>>
>>>>>>>> flink-hadoop-fs-1.5.0.jar
>>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
>>>>>>>> ,
>>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
>>>>>>>> CVE-2017-3161, CVE-2017-3162
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
>>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
>>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
>>>>>> CVE-2016-4970,
>>>>>>>> CVE-2019-16869
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
>>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
>>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
>>>>>> CVE-2017-15095,
>>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
>>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
>>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
>>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
>>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>>>>>>>> CVE-2019-17267, CVE-2019-17531
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
>>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
>>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>>>
>>>>>>>> One or more dependencies were identified with known
>>> vulnerabilities
>>>>> in
>>>>>>>> ignite-rocketmq:
>>>>>>>>
>>>>>>>> netty-all-4.0.42.Final.jar
>>> (pkg:maven/io.netty/netty-all@4.0.42.Final
>>>>> ,
>>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
>>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
>>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
>>> ,
>>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
>>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
>>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
>>>>>> CVE-2006-7196,
>>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
>>>>>> CVE-2012-5568,
>>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
>>>>>> CVE-2013-4590,
>>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
>>>>>> CVE-2014-0119,
>>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
>>>>>>>>
>>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
>>>>>> releases
>>>>>>>> of Spring. I think we can bump most of that.
>>>>>>>>
>>>>>>>> Some integrations also clearly suffer, through it's a problem of
>>>>> their
>>>>>>>> users, since they need to declare their own libraries' versions
>>> by
>>>>>>>> convention.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> --
>>>>>>>> Ilya Kasnacheev
>>>>>>>>
>>>>>>>>
>>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < dmagda@apache.org >:
>>>>>>>>
>>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
>>> let's
>>>>>> update
>>>>>>>>> the versions of the dependencies to the latest.
>>>>>>>>>
>>>>>>>>> -
>>>>>>>>> Denis
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
>>>>>>>>>  ilya.kasnacheev@gmail.com >
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hello!
>>>>>>>>>>
>>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
>>>>>>>>>>
>>>>>>>>>> By bumping versisons I mean the following:
>>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
>>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
>>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
>>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
>>>>>>>>>> <spark.version>2.3.*0*</spark.version>
>>>>>>>>>>
>>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
>>>>>>>> <!--
>>>>>>>>>> don't forget to update spring version -->
>>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
>>>>> don't
>>>>>>>>> forget
>>>>>>>>>> to update spring-data version -->
>>>>>>>>>>
>>>>>>>>>
>>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
>>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
>>>>>>>>>>
>>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
>>>>>>>>> don't
>>>>>>>>>> forget to update spring-data-2.0 version -->
>>>>>>>>>>
>>>>>>>>>> All these libraries have maintenance release (such as our
>>>>> 2.7.*6*)
>>>>>> and
>>>>>>>> I
>>>>>>>>>> think it would be beneficial to upgrade these dependencies
>>> to the
>>>>>>>> latest
>>>>>>>>>> maintenance version found in Maven Central.
>>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> --
>>>>>>>>>> Ilya Kasnacheev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda < dmagda@apache.org
>>>> :
>>>>>>>>>>
>>>>>>>>>>> A huge +1 for adding Spring Data related
>>> fixes/improvements.
>>>>>> Ilya is
>>>>>>>>>> right
>>>>>>>>>>> that Spring Data related questions sparked last time due to
>>>>>> missing
>>>>>>>>>> support
>>>>>>>>>>> of 2.2 version.
>>>>>>>>>>>
>>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
>>> the
>>>>>>>>> versions"?
>>>>>>>>>> Do
>>>>>>>>>>> you suggest performing a straightforward upgrade of
>>>>>>>>> "ignite-spring-data"
>>>>>>>>>> to
>>>>>>>>>>> version 2.2 and introducing
>>> "ignite-spring-data-{old-version"}
>>>>>> for
>>>>>>>> the
>>>>>>>>>>> previous versions? If it's so, I fully agree with the
>>> proposal.
>>>>>>>>>>>
>>>>>>>>>>> -
>>>>>>>>>>> Denis
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
>>>>>>>>>>  ilya.kasnacheev@gmail.com
>>>>>>>>>>>>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello!
>>>>>>>>>>>>
>>>>>>>>>>>> I propose to add the following ticket to the scope:
>>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
>>>>>> commits, be
>>>>>>>>>>> careful
>>>>>>>>>>>> with release version)
>>>>>>>>>>>>
>>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
>>> will
>>>>>> provide
>>>>>>>>> the
>>>>>>>>>>>> following considerations:
>>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
>>> currently do
>>>>>> not
>>>>>>>>> have,
>>>>>>>>>>>> leading to lots of confused questions on stack overflow
>>> and
>>>>>> mailing
>>>>>>>>>> list.
>>>>>>>>>>>> Spring Data is important to our public image since many
>>>>> people
>>>>>> may
>>>>>>>>>> learn
>>>>>>>>>>>> about out project by starting with Spring Data.
>>>>>>>>>>>>
>>>>>>>>>>>> * It has zero code impact outside of its own module
>>> (just 2
>>>>> POM
>>>>>>>> file
>>>>>>>>>>>> touched and that's all).
>>>>>>>>>>>>
>>>>>>>>>>>> * The core was ready since early November but, due to
>>> gmail
>>>>>> quirk,
>>>>>>>> we
>>>>>>>>>> did
>>>>>>>>>>>> not react to it in time.
>>>>>>>>>>>>
>>>>>>>>>>>> WDYT?
>>>>>>>>>>>>
>>>>>>>>>>>> Another semi-related question. *Should we bump our
>>>>>> dependencies'
>>>>>>>>>> versions
>>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
>>>>> hibernate
>>>>>>>>>>>> dependencies. We could switch them to their latest
>>>>> maintenance
>>>>>>>>> versions
>>>>>>>>>>> to
>>>>>>>>>>>> avoid shipping default links to outdated packages.
>>>>>>>>>>>>
>>>>>>>>>>>> I think this is one of things that are very hard to do
>>>>> between
>>>>>>>>>> releases,
>>>>>>>>>>> so
>>>>>>>>>>>> I think this dependencies bumping should be a part of a
>>>>> formal
>>>>>>>>>>>> release/testing cycle, and then be backported to master.
>>>>>>>>>>>>
>>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
>>>>> these
>>>>>>>>> version
>>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> --
>>>>>>>>>>>> Ilya Kasnacheev
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
>>>>>>>>>>> < arzamas123@mail.ru.invalid
>>>>>>>>>>>>> :
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
>>>>> 2.7.6,
>>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
>>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
>>> Xeon
>>>>>> X5570
>>>>>>>>> 96Gb
>>>>>>>>>>>> 512GB
>>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
>>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
>>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
>>>>>>>>>>>>>
>>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
>>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
>>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
>>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
>>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
>>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
>>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
>>>>>>>>>>>>>
>>>>>>>>>>>>> cacheMode — partitioned
>>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
>>>>>>>>>>>>> 1 backup
>>>>>>>>>>>>>
>>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
>>> disabled.
>>>>>>>>>>>>> Thanks Maxim for wiki page [1]
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>  https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
>>>>>>>>>>>>>
>>>>>>>>>>>>> do we need some bisect or other work here ?
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ------- Forwarded message -------
>>>>>>>>>>>>>> From: "Maxim Muzafarov" <  mmuzaf@apache.org >
>>>>>>>>>>>>>> To:  dev@ignite.apache.org
>>>>>>>>>>>>>> Cc:
>>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
>>> Manager]
>>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Igniters,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> It's almost a year has passed since the last major
>>> Apache
>>>>>> Ignite
>>>>>>>>> 2.7
>>>>>>>>>>>>>> has been released. We've accumulated a lot of
>>> performance
>>>>>>>>>> improvements
>>>>>>>>>>>>>> and a lot of new features which are waiting for their
>>>>>> release
>>>>>>>>> date.
>>>>>>>>>>>>>> Here is my list of the most interesting things from my
>>>>> point
>>>>>>>> since
>>>>>>>>>> the
>>>>>>>>>>>>>> last major release:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Service Grid,
>>>>>>>>>>>>>> Monitoring,
>>>>>>>>>>>>>> Recovery Read
>>>>>>>>>>>>>> BLT auto-adjust,
>>>>>>>>>>>>>> PDS compression,
>>>>>>>>>>>>>> WAL page compression,
>>>>>>>>>>>>>> Thin client: best effort affinity,
>>>>>>>>>>>>>> Thin client: transactions support (not yet)
>>>>>>>>>>>>>> SQL query history
>>>>>>>>>>>>>> SQL statistics
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I think we should no longer wait and freeze the master
>>>>>> branch
>>>>>>>>>> anymore
>>>>>>>>>>>>>> and prepare the next major release by the end of the
>>> year.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
>>>>>> release
>>>>>>>> and
>>>>>>>>>> also
>>>>>>>>>>>>>> I want to propose myself to be the release manager of
>>> the
>>>>>>>> planning
>>>>>>>>>>>>>> release.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Scope Freeze: November 4, 2019
>>>>>>>>>>>>>> Code Freeze: November 18, 2019
>>>>>>>>>>>>>> Voting Date: December 10, 2019
>>>>>>>>>>>>>> Release Date: December 17, 2019
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> WDYT?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Ivan Pavlukhin
>>>>>>
>>>>>
>>>
>>
>>
>> --
>> BR, Sergey Antonov
>  
 
 
 
 

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Николай Ижиков <ni...@apache.org>]

Hello, Igniters.

I’m -1 to include the read-only patch to 2.8.
I think we shouldn’t accept any patches to 2.8 except bug fixes for blockers and major issues.

Guys, we don’t release Apache Ignite for 13 months!
We should focus on the release and make it ASAP.

We can’t extend the scope anymore.

> 10 янв. 2020 г., в 04:29, Sergey Antonov <an...@gmail.com> написал(а):
> 
> Hello, Maxim!
> 
>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> changed.
> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> presented. Changes in product code are minimal - only 30 changed files in
> /src/main/ part. And most of them are new control.sh commands and
> configuration.
> 
>> Do we have customer requests for this feature or maybe users who are
> waiting for exactly that ENUM values exactly in 2.8 release (not the 2.8.1
> for instance)?
> Can we introduce in new features in maintanance release (2.8.1)? Cluster
> read-only mode will be new feature, if we remove IgniteCluster#readOnly in
> 2.8 release. If all ok with that, lets remove  IgniteCluster#readOnly and
> move ticket [1] to 2.8.1 release.
> 
>> Do we have extended test results report (on just only TC.Bot green visa)
> on this feature to be sure that we will not add any blocker issues to the
> release?
> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
> release branch.
> 
> [1] https://issues.apache.org/jira/browse/IGNITE-12225
> 
> 
> 
> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <mm...@apache.org>:
> 
>> Folks,
>> 
>> 
>> Let me remind you that we are working on the 2.8 release branch
>> stabilization currently (please, keep it in mind).
>> 
>> 
>> Do we have a really STRONG reason for adding such a change [1] to the
>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
>> −2,038, 111 files changed.
>> Do we have customer requests for this feature or maybe users who are
>> waiting for exactly that ENUM values exactly in 2.8 release (not the
>> 2.8.1 for instance)?
>> Can we just simply remove IgniteCluster#readOnly to eliminate any
>> backward compatibility issues between 2.8 and 2.9 releases?
>> Do we have extended test results report (on just only TC.Bot green
>> visa) on this feature to be sure that we will not add any blocker
>> issues to the release? For instance, on pre-production environment.
>> 
>> I'd like to notice that we also have more than enough the release
>> blocker issues [3] which are still `in progress` and such a release
>> run becomes endless. Such changes without strong reasons looks too
>> scary for me a special after scope and code freeze dates.
>> 
>> Please, dispel my doubts.
>> 
>> [1] https://issues.apache.org/jira/browse/IGNITE-12225
>> [2] https://github.com/apache/ignite/pull/7194
>> [3]
>> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation)
>> 
>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <za...@gmail.com>
>> wrote:
>>> 
>>> +1
>>> 
>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <an...@gmail.com>:
>>> 
>>>> +1
>>>> 
>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
>> will be
>>>> at 13 Jan
>>>> 
>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <vo...@gmail.com>:
>>>> 
>>>>> +1
>>>>> 
>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
>>>>>> 
>>>>>> Maxim M. and anyone who is interested,
>>>>>> 
>>>>>> I suggest to include this fix to 2.8 release:
>>>>>> https://issues.apache.org/jira/browse/IGNITE-12225
>>>>>> Basically, it's a result of the following discussion:
>>>>>> 
>>>>> 
>>>> 
>> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
>>>>>> 
>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
>> work
>>>> with
>>>>>> boolean are replaced with ones that work with enum.
>>>>>> If we include it, we won't be obliged to keep deprecated boolean
>>>> version
>>>>> of
>>>>>> API in the code (which is currently present in 2.8 branch) as it
>> wasn't
>>>>>> published in any release.
>>>>>> 
>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
>>>>> ilya.kasnacheev@gmail.com>
>>>>>> wrote:
>>>>>> 
>>>>>>> Hello!
>>>>>>> 
>>>>>>> I have ran dependency checker plugin and quote the following:
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-urideploy:
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-spring:
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-spring-data:
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-aop:
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-visor-console:
>>>>>>> 
>>>>>>> spring-core-4.3.18.RELEASE.jar
>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
>>>>>>> 
>>>>> 
>> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>> 
>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>> 
>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>>>> :
>>>>>>> CVE-2018-15756
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-spring-data_2.0:
>>>>>>> 
>>>>>>> spring-core-5.0.8.RELEASE.jar
>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
>>>>>>> 
>>>>> 
>> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>>>>>>> 
>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>>>>>>> 
>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
>>>>>>> CVE-2018-15756
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-rest-http:
>>>>>>> 
>>>>>>> jetty-server-9.4.11.v20180605.jar
>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>>>>>>> jackson-databind-2.9.6.jar
>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-kubernetes:
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-aws:
>>>>>>> 
>>>>>>> jackson-databind-2.9.6.jar
>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>>>>>>> bcprov-ext-jdk15on-1.54.jar
>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
>>>> CVE-2015-6644,
>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
>>>> CVE-2016-1000341,
>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>>>> CVE-2016-1000345,
>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
>> CVE-2017-13098,
>>>>>>> CVE-2018-1000180, CVE-2018-1000613
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-gce:
>>>>>>> 
>>>>>>> httpclient-4.0.1.jar
>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
>>>>>>> ,
>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
>>>>>>> CVE-2014-3577, CVE-2015-5262
>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-cloud:
>>>>>>> 
>>>>>>> openstack-keystone-2.0.0.jar
>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
>> CVE-2013-2014,
>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
>>>>> CVE-2014-3520,
>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
>>>>> CVE-2018-20170
>>>>>>> cloudstack-2.0.0.jar
>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
>>>>> ,
>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
>>>>>>> CVE-2019-5736
>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
>> ,
>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
>>>>>>> CVE-2019-16884, CVE-2019-5736
>>>>>>> jsch.agentproxy.core-0.0.8.jar
>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
>>>>>>> bcprov-ext-jdk15on-1.49.jar
>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
>>>> CVE-2015-6644,
>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
>> CVE-2016-1000341,
>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>>>> CVE-2016-1000345,
>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
>> CVE-2018-1000613
>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-mesos:
>>>>>>> 
>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
>>>>>>> jetty-server-9.4.11.v20180605.jar
>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>>>>>>> jackson-databind-2.9.6.jar
>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-kafka:
>>>>>>> 
>>>>>>> kafka-clients-2.0.1.jar
>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
>>>>> ,
>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>>>>>>> connect-api-2.0.1.jar
>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-flume:
>>>>>>> 
>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> jackson-core-asl-1.8.8.jar
>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
>> CVE-2017-15095,
>>>>>>> CVE-2017-17485, CVE-2017-7525
>>>>>>> jackson-mapper-asl-1.8.8.jar
>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
>>>>>>> CVE-2019-16335, CVE-2019-17267
>>>>>>> commons-collections-3.2.1.jar
>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>>>>> CVE-2015-6420,
>>>>>>> CVE-2017-15708, Remote code execution
>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
>>>>> CVE-2019-16869,
>>>>>>> POODLE vulnerability in SSLv3.0 support
>>>>>>> servlet-api-2.5-20110124.jar
>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
>>>>> CVE-2005-3747,
>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
>>>>> CVE-2009-5049,
>>>>>>> CVE-2011-4461
>>>>>>> jetty-util-6.1.26.jar
>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
>>>> ,
>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>> CVE-2009-1523,
>>>>>>> CVE-2011-4461
>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>> CVE-2009-1523,
>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
>>>>> CVE-2017-9735,
>>>>>>> CVE-2019-10241, CVE-2019-10247
>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
>> :
>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
>>>>>>> httpclient-4.1.3.jar
>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
>>>>>>> ,
>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>>>>>>> CVE-2015-5262
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-twitter:
>>>>>>> 
>>>>>>> httpclient-4.2.5.jar
>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
>>>>>>> ,
>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
>>>>>>> CVE-2015-5262
>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-zookeeper:
>>>>>>> 
>>>>>>> jackson-databind-2.9.8.jar
>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
>>>>> CVE-2019-12086,
>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>>>>>>> CVE-2019-17267, CVE-2019-17531
>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> jackson-mapper-asl-1.9.13.jar
>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
>>>>>>> netty-all-4.1.29.Final.jar
>> (pkg:maven/io.netty/netty-all@4.1.29.Final
>>>> ,
>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-camel:
>>>>>>> 
>>>>>>> camel-core-2.22.0.jar
>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>>>>>>> CVE-2019-0188, CVE-2019-0194
>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>>>>>>> CVE-2019-0188, CVE-2019-0194
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-storm:
>>>>>>> 
>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
>> ,
>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
>>>>>>> 
>>>>> 
>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>>>> CVE-2019-10247
>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>>>>>>> CVE-2015-5262
>>>>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final,
>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
>>>>> CVE-2014-3488,
>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
>>>> support
>>>>>>> 
>>>>> 
>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>>>> CVE-2011-4461,
>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
>>>>> CVE-2019-10241,
>>>>>>> CVE-2019-10247
>>>>>>> 
>>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>>>> CVE-2011-4461,
>>>>>>> CVE-2019-10247
>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
>>>>> CVE-2016-1000031
>>>>>>> 
>>>>> 
>> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
>>>>> CVE-2017-15713,
>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
>>>>> CVE-2018-1296,
>>>>>>> CVE-2018-8009, CVE-2018-8029
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-cassandra-store:
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-cassandra-serializers:
>>>>>>> 
>>>>>>> commons-beanutils-1.9.2.jar
>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
>>>>> CVE-2019-10086
>>>>>>> commons-collections-3.2.1.jar
>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>>>>> CVE-2015-6420,
>>>>>>> CVE-2017-15708, Remote code execution
>>>>>>> spring-core-4.3.18.RELEASE.jar
>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
>>>>>>> 
>>>>> 
>> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>> 
>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>>>>>>> 
>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>>>> :
>>>>>>> CVE-2018-15756
>>>>>>> netty-transport-4.1.27.Final.jar
>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final,
>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-flink:
>>>>>>> 
>>>>>>> flink-hadoop-fs-1.5.0.jar
>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
>>>>>>> ,
>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
>>>>>>> CVE-2017-3161, CVE-2017-3162
>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final,
>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
>>>>> CVE-2016-4970,
>>>>>>> CVE-2019-16869
>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
>>>>> CVE-2017-15095,
>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>>>>>>> CVE-2019-17267, CVE-2019-17531
>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
>>>>>>> 
>>>>>>> One or more dependencies were identified with known
>> vulnerabilities
>>>> in
>>>>>>> ignite-rocketmq:
>>>>>>> 
>>>>>>> netty-all-4.0.42.Final.jar
>> (pkg:maven/io.netty/netty-all@4.0.42.Final
>>>> ,
>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
>> ,
>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
>>>>> CVE-2006-7196,
>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
>>>>> CVE-2012-5568,
>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
>>>>> CVE-2013-4590,
>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
>>>>> CVE-2014-0119,
>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
>>>>>>> 
>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
>>>>> releases
>>>>>>> of Spring. I think we can bump most of that.
>>>>>>> 
>>>>>>> Some integrations also clearly suffer, through it's a problem of
>>>> their
>>>>>>> users, since they need to declare their own libraries' versions
>> by
>>>>>>> convention.
>>>>>>> 
>>>>>>> Regards,
>>>>>>> --
>>>>>>> Ilya Kasnacheev
>>>>>>> 
>>>>>>> 
>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
>>>>>>> 
>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
>> let's
>>>>> update
>>>>>>>> the versions of the dependencies to the latest.
>>>>>>>> 
>>>>>>>> -
>>>>>>>> Denis
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
>>>>>>>> ilya.kasnacheev@gmail.com>
>>>>>>>> wrote:
>>>>>>>> 
>>>>>>>>> Hello!
>>>>>>>>> 
>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
>>>>>>>>> 
>>>>>>>>> By bumping versisons I mean the following:
>>>>>>>>>        <slf4j.version>1.7.*7*</slf4j.version>
>>>>>>>>>        <slf4j16.version>1.6.*4*</slf4j16.version>
>>>>>>>>>        <snappy.version>1.1.7.*2*</snappy.version>
>>>>>>>>>        <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
>>>>>>>>>        <spark.version>2.3.*0*</spark.version>
>>>>>>>>> 
>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
>>>>>>> <!--
>>>>>>>>> don't forget to update spring version -->
>>>>>>>>>        <spring.version>4.3.*18*.RELEASE</spring.version><!--
>>>> don't
>>>>>>>> forget
>>>>>>>>> to update spring-data version -->
>>>>>>>>> 
>>>>>>>> 
>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
>>>>>>>>> 
>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
>>>>>>>> don't
>>>>>>>>> forget to update spring-data-2.0 version -->
>>>>>>>>> 
>>>>>>>>> All these libraries have maintenance release (such as our
>>>> 2.7.*6*)
>>>>> and
>>>>>>> I
>>>>>>>>> think it would be beneficial to upgrade these dependencies
>> to the
>>>>>>> latest
>>>>>>>>> maintenance version found in Maven Central.
>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
>>>>>>>>> 
>>>>>>>>> Regards,
>>>>>>>>> --
>>>>>>>>> Ilya Kasnacheev
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <dmagda@apache.org
>>> :
>>>>>>>>> 
>>>>>>>>>> A huge +1 for adding Spring Data related
>> fixes/improvements.
>>>>> Ilya is
>>>>>>>>> right
>>>>>>>>>> that Spring Data related questions sparked last time due to
>>>>> missing
>>>>>>>>> support
>>>>>>>>>> of 2.2 version.
>>>>>>>>>> 
>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
>> the
>>>>>>>> versions"?
>>>>>>>>> Do
>>>>>>>>>> you suggest performing a straightforward upgrade of
>>>>>>>> "ignite-spring-data"
>>>>>>>>> to
>>>>>>>>>> version 2.2 and introducing
>> "ignite-spring-data-{old-version"}
>>>>> for
>>>>>>> the
>>>>>>>>>> previous versions? If it's so, I fully agree with the
>> proposal.
>>>>>>>>>> 
>>>>>>>>>> -
>>>>>>>>>> Denis
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
>>>>>>>>> ilya.kasnacheev@gmail.com
>>>>>>>>>>> 
>>>>>>>>>> wrote:
>>>>>>>>>> 
>>>>>>>>>>> Hello!
>>>>>>>>>>> 
>>>>>>>>>>> I propose to add the following ticket to the scope:
>>>>>>>>>>> https://issues.apache.org/jira/browse/IGNITE-12259 (3
>>>>> commits, be
>>>>>>>>>> careful
>>>>>>>>>>> with release version)
>>>>>>>>>>> 
>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
>> will
>>>>> provide
>>>>>>>> the
>>>>>>>>>>> following considerations:
>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
>> currently do
>>>>> not
>>>>>>>> have,
>>>>>>>>>>> leading to lots of confused questions on stack overflow
>> and
>>>>> mailing
>>>>>>>>> list.
>>>>>>>>>>> Spring Data is important to our public image since many
>>>> people
>>>>> may
>>>>>>>>> learn
>>>>>>>>>>> about out project by starting with Spring Data.
>>>>>>>>>>> 
>>>>>>>>>>> * It has zero code impact outside of its own module
>> (just 2
>>>> POM
>>>>>>> file
>>>>>>>>>>> touched and that's all).
>>>>>>>>>>> 
>>>>>>>>>>> * The core was ready since early November but, due to
>> gmail
>>>>> quirk,
>>>>>>> we
>>>>>>>>> did
>>>>>>>>>>> not react to it in time.
>>>>>>>>>>> 
>>>>>>>>>>> WDYT?
>>>>>>>>>>> 
>>>>>>>>>>> Another semi-related question. *Should we bump our
>>>>> dependencies'
>>>>>>>>> versions
>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
>>>> hibernate
>>>>>>>>>>> dependencies. We could switch them to their latest
>>>> maintenance
>>>>>>>> versions
>>>>>>>>>> to
>>>>>>>>>>> avoid shipping default links to outdated packages.
>>>>>>>>>>> 
>>>>>>>>>>> I think this is one of things that are very hard to do
>>>> between
>>>>>>>>> releases,
>>>>>>>>>> so
>>>>>>>>>>> I think this dependencies bumping should be a part of a
>>>> formal
>>>>>>>>>>> release/testing cycle, and then be backported to master.
>>>>>>>>>>> 
>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
>>>> these
>>>>>>>> version
>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
>>>>>>>>>>> 
>>>>>>>>>>> Regards,
>>>>>>>>>>> --
>>>>>>>>>>> Ilya Kasnacheev
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
>>>>>>>>>> <arzamas123@mail.ru.invalid
>>>>>>>>>>>> :
>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
>>>> 2.7.6,
>>>>>>>>>>>> last sha 2.8 was build from :  9d114f3137f92aebc2562a
>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with:  2x
>> Xeon
>>>>> X5570
>>>>>>>> 96Gb
>>>>>>>>>>> 512GB
>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
>>>>>>>>>>>> 1 for  client (driver) and 3 for servers.
>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
>>>>>>>>>>>> 
>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
>>>>>>>>>>>> 
>>>>>>>>>>>> cacheMode — partitioned
>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
>>>>>>>>>>>> 1 backup
>>>>>>>>>>>> 
>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
>> disabled.
>>>>>>>>>>>> Thanks Maxim for wiki page [1]
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> [1]
>>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>> 
>>>> 
>> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
>>>>>>>>>>>> 
>>>>>>>>>>>> do we need some bisect or other work here ?
>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> ------- Forwarded message -------
>>>>>>>>>>>>> From: "Maxim Muzafarov" < mmuzaf@apache.org >
>>>>>>>>>>>>> To:  dev@ignite.apache.org
>>>>>>>>>>>>> Cc:
>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
>> Manager]
>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Igniters,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> It's almost a year has passed since the last major
>> Apache
>>>>> Ignite
>>>>>>>> 2.7
>>>>>>>>>>>>> has been released. We've accumulated a lot of
>> performance
>>>>>>>>> improvements
>>>>>>>>>>>>> and a lot of new features which are waiting for their
>>>>> release
>>>>>>>> date.
>>>>>>>>>>>>> Here is my list of the most interesting things from my
>>>> point
>>>>>>> since
>>>>>>>>> the
>>>>>>>>>>>>> last major release:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Service Grid,
>>>>>>>>>>>>> Monitoring,
>>>>>>>>>>>>> Recovery Read
>>>>>>>>>>>>> BLT auto-adjust,
>>>>>>>>>>>>> PDS compression,
>>>>>>>>>>>>> WAL page compression,
>>>>>>>>>>>>> Thin client: best effort affinity,
>>>>>>>>>>>>> Thin client: transactions support (not yet)
>>>>>>>>>>>>> SQL query history
>>>>>>>>>>>>> SQL statistics
>>>>>>>>>>>>> 
>>>>>>>>>>>>> I think we should no longer wait and freeze the master
>>>>> branch
>>>>>>>>> anymore
>>>>>>>>>>>>> and prepare the next major release by the end of the
>> year.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
>>>>> release
>>>>>>> and
>>>>>>>>> also
>>>>>>>>>>>>> I want to propose myself to be the release manager of
>> the
>>>>>>> planning
>>>>>>>>>>>>> release.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Scope Freeze: November 4, 2019
>>>>>>>>>>>>> Code Freeze: November 18, 2019
>>>>>>>>>>>>> Voting Date: December 10, 2019
>>>>>>>>>>>>> Release Date: December 17, 2019
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> WDYT?
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Best regards,
>>>>> Ivan Pavlukhin
>>>>> 
>>>> 
>> 
> 
> 
> -- 
> BR, Sergey Antonov

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Sergey Antonov <an...@gmail.com>]

Hello, Maxim!

>  This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
changed.
Yes, PR is huge, but I wrote a lot of new tests and reworked already
presented. Changes in product code are minimal - only 30 changed files in
/src/main/ part. And most of them are new control.sh commands and
configuration.

> Do we have customer requests for this feature or maybe users who are
waiting for exactly that ENUM values exactly in 2.8 release (not the 2.8.1
for instance)?
Can we introduce in new features in maintanance release (2.8.1)? Cluster
read-only mode will be new feature, if we remove IgniteCluster#readOnly in
2.8 release. If all ok with that, lets remove  IgniteCluster#readOnly and
move ticket [1] to 2.8.1 release.

> Do we have extended test results report (on just only TC.Bot green visa)
on this feature to be sure that we will not add any blocker issues to the
release?
I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
release branch.

[1] https://issues.apache.org/jira/browse/IGNITE-12225



чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <mm...@apache.org>:

> Folks,
>
>
> Let me remind you that we are working on the 2.8 release branch
> stabilization currently (please, keep it in mind).
>
>
> Do we have a really STRONG reason for adding such a change [1] to the
> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> −2,038, 111 files changed.
> Do we have customer requests for this feature or maybe users who are
> waiting for exactly that ENUM values exactly in 2.8 release (not the
> 2.8.1 for instance)?
> Can we just simply remove IgniteCluster#readOnly to eliminate any
> backward compatibility issues between 2.8 and 2.9 releases?
> Do we have extended test results report (on just only TC.Bot green
> visa) on this feature to be sure that we will not add any blocker
> issues to the release? For instance, on pre-production environment.
>
> I'd like to notice that we also have more than enough the release
> blocker issues [3] which are still `in progress` and such a release
> run becomes endless. Such changes without strong reasons looks too
> scary for me a special after scope and code freeze dates.
>
> Please, dispel my doubts.
>
> [1] https://issues.apache.org/jira/browse/IGNITE-12225
> [2] https://github.com/apache/ignite/pull/7194
> [3]
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation)
>
> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <za...@gmail.com>
> wrote:
> >
> > +1
> >
> > чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <an...@gmail.com>:
> >
> > > +1
> > >
> > > I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
> will be
> > > at 13 Jan
> > >
> > > чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <vo...@gmail.com>:
> > >
> > > > +1
> > > >
> > > > чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
> > > > >
> > > > > Maxim M. and anyone who is interested,
> > > > >
> > > > > I suggest to include this fix to 2.8 release:
> > > > > https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > Basically, it's a result of the following discussion:
> > > > >
> > > >
> > >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > >
> > > > > The fix affects public API: IgniteCluster#readOnly methods that
> work
> > > with
> > > > > boolean are replaced with ones that work with enum.
> > > > > If we include it, we won't be obliged to keep deprecated boolean
> > > version
> > > > of
> > > > > API in the code (which is currently present in 2.8 branch) as it
> wasn't
> > > > > published in any release.
> > > > >
> > > > > On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > ilya.kasnacheev@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Hello!
> > > > > >
> > > > > > I have ran dependency checker plugin and quote the following:
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-urideploy:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-spring:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-spring-data:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-aop:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-visor-console:
> > > > > >
> > > > > > spring-core-4.3.18.RELEASE.jar
> > > > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > > >
> > > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > :
> > > > > > CVE-2018-15756
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-spring-data_2.0:
> > > > > >
> > > > > > spring-core-5.0.8.RELEASE.jar
> > > > > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > > > >
> > > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-15756
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-rest-http:
> > > > > >
> > > > > > jetty-server-9.4.11.v20180605.jar
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > jackson-databind-2.9.6.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-kubernetes:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-aws:
> > > > > >
> > > > > > jackson-databind-2.9.6.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > bcprov-ext-jdk15on-1.54.jar
> > > > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > CVE-2015-6644,
> > > > > > CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > CVE-2016-1000341,
> > > > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > CVE-2016-1000345,
> > > > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> CVE-2017-13098,
> > > > > > CVE-2018-1000180, CVE-2018-1000613
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-gce:
> > > > > >
> > > > > > httpclient-4.0.1.jar
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > > ,
> > > > > > cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > > > > > CVE-2014-3577, CVE-2015-5262
> > > > > > guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > > cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-cloud:
> > > > > >
> > > > > > openstack-keystone-2.0.0.jar
> > > > > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > > > cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> CVE-2013-2014,
> > > > > > CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > > CVE-2014-3520,
> > > > > > CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > > CVE-2018-20170
> > > > > > cloudstack-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > ,
> > > > > > cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > > > > > CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > > > docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > > cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > > > > CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > > > > > CVE-2019-5736
> > > > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> ,
> > > > > > cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > > > > CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > > > CVE-2019-16884, CVE-2019-5736
> > > > > > jsch.agentproxy.core-0.0.8.jar
> > > > > > (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > > cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > > > bcprov-ext-jdk15on-1.49.jar
> > > > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > CVE-2015-6644,
> > > > > > CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> CVE-2016-1000341,
> > > > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > CVE-2016-1000345,
> > > > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> CVE-2018-1000613
> > > > > > okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > > > > cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-mesos:
> > > > > >
> > > > > > mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > > > cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > > > > CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > > > jetty-server-9.4.11.v20180605.jar
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > jackson-databind-2.9.6.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-kafka:
> > > > > >
> > > > > > kafka-clients-2.0.1.jar
> > > (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > ,
> > > > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > > > connect-api-2.0.1.jar
> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-flume:
> > > > > >
> > > > > > guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > > > > cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > jackson-core-asl-1.8.8.jar
> > > > > > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> CVE-2017-15095,
> > > > > > CVE-2017-17485, CVE-2017-7525
> > > > > > jackson-mapper-asl-1.8.8.jar
> > > > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > > > > CVE-2019-16335, CVE-2019-17267
> > > > > > commons-collections-3.2.1.jar
> > > > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > CVE-2015-6420,
> > > > > > CVE-2017-15708, Remote code execution
> > > > > > netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > > > cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > CVE-2019-16869,
> > > > > > POODLE vulnerability in SSLv3.0 support
> > > > > > servlet-api-2.5-20110124.jar
> > > > > > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > > cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > CVE-2005-3747,
> > > > > > CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > > CVE-2009-5049,
> > > > > > CVE-2011-4461
> > > > > > jetty-util-6.1.26.jar
> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > ,
> > > > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> CVE-2009-1523,
> > > > > > CVE-2011-4461
> > > > > > jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> CVE-2009-1523,
> > > > > > CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > > CVE-2017-9735,
> > > > > > CVE-2019-10241, CVE-2019-10247
> > > > > > libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> :
> > > > > > CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > > > httpclient-4.1.3.jar
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > > ,
> > > > > > cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > > CVE-2015-5262
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-twitter:
> > > > > >
> > > > > > httpclient-4.2.5.jar
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > > ,
> > > > > > cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > > CVE-2015-5262
> > > > > > guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > > > > cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-zookeeper:
> > > > > >
> > > > > > jackson-databind-2.9.8.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > CVE-2019-12086,
> > > > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > > > CVE-2019-17267, CVE-2019-17531
> > > > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > jackson-mapper-asl-1.9.13.jar
> > > > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > > > > cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > > netty-all-4.1.29.Final.jar
> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > ,
> > > > > > cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-camel:
> > > > > >
> > > > > > camel-core-2.22.0.jar
> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > > > CVE-2019-0188, CVE-2019-0194
> > > > > >
> > > > > >
> > > >
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > > (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > > > CVE-2019-0188, CVE-2019-0194
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-storm:
> > > > > >
> > > > > > storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
> ,
> > > > > > cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > > > > CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > CVE-2019-10247
> > > > > >
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > > cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > > CVE-2015-5262
> > > > > >
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > > (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > > cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > > CVE-2014-3488,
> > > > > > CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > > support
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > CVE-2011-4461,
> > > > > > CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > > CVE-2019-10241,
> > > > > > CVE-2019-10247
> > > > > >
> > > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > CVE-2011-4461,
> > > > > > CVE-2019-10247
> > > > > >
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > CVE-2016-1000031
> > > > > >
> > > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > > (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > > cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > > > > CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > > CVE-2017-15713,
> > > > > > CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > > CVE-2018-1296,
> > > > > > CVE-2018-8009, CVE-2018-8029
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-cassandra-store:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-cassandra-serializers:
> > > > > >
> > > > > > commons-beanutils-1.9.2.jar
> > > > > > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > CVE-2019-10086
> > > > > > commons-collections-3.2.1.jar
> > > > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > CVE-2015-6420,
> > > > > > CVE-2017-15708, Remote code execution
> > > > > > spring-core-4.3.18.RELEASE.jar
> > > > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > > >
> > > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > :
> > > > > > CVE-2018-15756
> > > > > > netty-transport-4.1.27.Final.jar
> > > > > > (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > > cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-flink:
> > > > > >
> > > > > > flink-hadoop-fs-1.5.0.jar
> > > > (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > > ,
> > > > > > cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > > > > CVE-2017-3161, CVE-2017-3162
> > > > > >
> > > > > >
> > > >
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > > (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > > cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > CVE-2016-4970,
> > > > > > CVE-2019-16869
> > > > > >
> > > > > >
> > > >
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > CVE-2017-15095,
> > > > > > CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > > > > > CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > > > > > CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > > > CVE-2019-17267, CVE-2019-17531
> > > > > >
> > > > > >
> > > >
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > (pkg:maven/com.google.guava/guava@18.0,
> > > > > > cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-rocketmq:
> > > > > >
> > > > > > netty-all-4.0.42.Final.jar
> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > ,
> > > > > > cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > > netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> ,
> > > > > > cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > > > CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > > CVE-2006-7196,
> > > > > > CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > > CVE-2012-5568,
> > > > > > CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > > CVE-2013-4590,
> > > > > > CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > > CVE-2014-0119,
> > > > > > CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > > > >
> > > > > > Main offenders seem to be "jackson-databind" and old maintenance
> > > > releases
> > > > > > of Spring. I think we can bump most of that.
> > > > > >
> > > > > > Some integrations also clearly suffer, through it's a problem of
> > > their
> > > > > > users, since they need to declare their own libraries' versions
> by
> > > > > > convention.
> > > > > >
> > > > > > Regards,
> > > > > > --
> > > > > > Ilya Kasnacheev
> > > > > >
> > > > > >
> > > > > > пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
> > > > > >
> > > > > > > Ilya, no I see, thanks for the explanation. Agree with you,
> let's
> > > > update
> > > > > > > the versions of the dependencies to the latest.
> > > > > > >
> > > > > > > -
> > > > > > > Denis
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > > ilya.kasnacheev@gmail.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Hello!
> > > > > > > >
> > > > > > > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > > > >
> > > > > > > > By bumping versisons I mean the following:
> > > > > > > >         <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > > >         <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > > >         <spark.version>2.3.*0*</spark.version>
> > > > > > > >
> > > >  <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > > <!--
> > > > > > > > don't forget to update spring version -->
> > > > > > > >         <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > don't
> > > > > > > forget
> > > > > > > > to update spring-data version -->
> > > > > > > >
> > > > > > >
> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > > > <!-- don't forget to update spring-5.0 version -->
> > > > > > > >
> > > >  <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > > don't
> > > > > > > > forget to update spring-data-2.0 version -->
> > > > > > > >
> > > > > > > > All these libraries have maintenance release (such as our
> > > 2.7.*6*)
> > > > and
> > > > > > I
> > > > > > > > think it would be beneficial to upgrade these dependencies
> to the
> > > > > > latest
> > > > > > > > maintenance version found in Maven Central.
> > > > > > > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > --
> > > > > > > > Ilya Kasnacheev
> > > > > > > >
> > > > > > > >
> > > > > > > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dmagda@apache.org
> >:
> > > > > > > >
> > > > > > > > > A huge +1 for adding Spring Data related
> fixes/improvements.
> > > > Ilya is
> > > > > > > > right
> > > > > > > > > that Spring Data related questions sparked last time due to
> > > > missing
> > > > > > > > support
> > > > > > > > > of 2.2 version.
> > > > > > > > >
> > > > > > > > > Ilya, could you elaborate on what you mean under "bumping
> the
> > > > > > > versions"?
> > > > > > > > Do
> > > > > > > > > you suggest performing a straightforward upgrade of
> > > > > > > "ignite-spring-data"
> > > > > > > > to
> > > > > > > > > version 2.2 and introducing
> "ignite-spring-data-{old-version"}
> > > > for
> > > > > > the
> > > > > > > > > previous versions? If it's so, I fully agree with the
> proposal.
> > > > > > > > >
> > > > > > > > > -
> > > > > > > > > Denis
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > > > > ilya.kasnacheev@gmail.com
> > > > > > > > > >
> > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > Hello!
> > > > > > > > > >
> > > > > > > > > > I propose to add the following ticket to the scope:
> > > > > > > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > > commits, be
> > > > > > > > > careful
> > > > > > > > > > with release version)
> > > > > > > > > >
> > > > > > > > > > Adding tickets to scope surely seems crazy now, but I
> will
> > > > provide
> > > > > > > the
> > > > > > > > > > following considerations:
> > > > > > > > > > * This is Spring Data 2.2 integration, which we
> currently do
> > > > not
> > > > > > > have,
> > > > > > > > > > leading to lots of confused questions on stack overflow
> and
> > > > mailing
> > > > > > > > list.
> > > > > > > > > > Spring Data is important to our public image since many
> > > people
> > > > may
> > > > > > > > learn
> > > > > > > > > > about out project by starting with Spring Data.
> > > > > > > > > >
> > > > > > > > > > * It has zero code impact outside of its own module
> (just 2
> > > POM
> > > > > > file
> > > > > > > > > > touched and that's all).
> > > > > > > > > >
> > > > > > > > > > * The core was ready since early November but, due to
> gmail
> > > > quirk,
> > > > > > we
> > > > > > > > did
> > > > > > > > > > not react to it in time.
> > > > > > > > > >
> > > > > > > > > > WDYT?
> > > > > > > > > >
> > > > > > > > > > Another semi-related question. *Should we bump our
> > > > dependencies'
> > > > > > > > versions
> > > > > > > > > > before releasing 2.8?* I talk mainly about spring and
> > > hibernate
> > > > > > > > > > dependencies. We could switch them to their latest
> > > maintenance
> > > > > > > versions
> > > > > > > > > to
> > > > > > > > > > avoid shipping default links to outdated packages.
> > > > > > > > > >
> > > > > > > > > > I think this is one of things that are very hard to do
> > > between
> > > > > > > > releases,
> > > > > > > > > so
> > > > > > > > > > I think this dependencies bumping should be a part of a
> > > formal
> > > > > > > > > > release/testing cycle, and then be backported to master.
> > > > > > > > > >
> > > > > > > > > > I could volunteer to do that myself, if we agree to merge
> > > these
> > > > > > > version
> > > > > > > > > > upgrades to ignite-2.8 and then re-test.
> > > > > > > > > >
> > > > > > > > > > Regards,
> > > > > > > > > > --
> > > > > > > > > > Ilya Kasnacheev
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > > > > <arzamas123@mail.ru.invalid
> > > > > > > > > > >:
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Igniters, i`l try to compare 2.8 release candidate vs
> > > 2.7.6,
> > > > > > > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > > > > > > i use yardstick benchmarks, 4 bare machine with:  2x
> Xeon
> > > > X5570
> > > > > > > 96Gb
> > > > > > > > > > 512GB
> > > > > > > > > > > SSD 2048GB HDD 10GB/s
> > > > > > > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > > > > > > this mappings for graphs and real yardstick tests:
> > > > > > > > > > >
> > > > > > > > > > > atomic-put: IgnitePutBenchmark
> > > > > > > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > > > > > atomic-get: IgniteGetBenchmark
> > > > > > > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > > > > > >
> > > > > > > > > > > cacheMode — partitioned
> > > > > > > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > > > > > 1 backup
> > > > > > > > > > >
> > > > > > > > > > > 1. wal = log_only 2. wal = none 3. persistence
> disabled.
> > > > > > > > > > > Thanks Maxim for wiki page [1]
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > [1]
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > > > > > >
> > > > > > > > > > > do we need some bisect or other work here ?
> > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >------- Forwarded message -------
> > > > > > > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > > > > > > >To:  dev@ignite.apache.org
> > > > > > > > > > > >Cc:
> > > > > > > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> Manager]
> > > > > > > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > > > > > >
> > > > > > > > > > > >Igniters,
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >It's almost a year has passed since the last major
> Apache
> > > > Ignite
> > > > > > > 2.7
> > > > > > > > > > > >has been released. We've accumulated a lot of
> performance
> > > > > > > > improvements
> > > > > > > > > > > >and a lot of new features which are waiting for their
> > > > release
> > > > > > > date.
> > > > > > > > > > > >Here is my list of the most interesting things from my
> > > point
> > > > > > since
> > > > > > > > the
> > > > > > > > > > > >last major release:
> > > > > > > > > > > >
> > > > > > > > > > > >Service Grid,
> > > > > > > > > > > >Monitoring,
> > > > > > > > > > > >Recovery Read
> > > > > > > > > > > >BLT auto-adjust,
> > > > > > > > > > > >PDS compression,
> > > > > > > > > > > >WAL page compression,
> > > > > > > > > > > >Thin client: best effort affinity,
> > > > > > > > > > > >Thin client: transactions support (not yet)
> > > > > > > > > > > >SQL query history
> > > > > > > > > > > >SQL statistics
> > > > > > > > > > > >
> > > > > > > > > > > >I think we should no longer wait and freeze the master
> > > > branch
> > > > > > > > anymore
> > > > > > > > > > > >and prepare the next major release by the end of the
> year.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8
> > > > release
> > > > > > and
> > > > > > > > also
> > > > > > > > > > > >I want to propose myself to be the release manager of
> the
> > > > > > planning
> > > > > > > > > > > >release.
> > > > > > > > > > > >
> > > > > > > > > > > >Scope Freeze: November 4, 2019
> > > > > > > > > > > >Code Freeze: November 18, 2019
> > > > > > > > > > > >Voting Date: December 10, 2019
> > > > > > > > > > > >Release Date: December 17, 2019
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >WDYT?
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > > Ivan Pavlukhin
> > > >
> > >
>


-- 
BR, Sergey Antonov

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Alexey Zinoviev <za...@gmail.com>]

Agree, that we could plan 2.8.1 for bug-fixing and 2.9 for new major
changes and maybe it will help Ivan to decide move it to next releases.

Agree that scope is frozen, agree that it makes the release is hard for our
release manager.

чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <mm...@apache.org>:

> Folks,
>
>
> Let me remind you that we are working on the 2.8 release branch
> stabilization currently (please, keep it in mind).
>
>
> Do we have a really STRONG reason for adding such a change [1] to the
> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> −2,038, 111 files changed.
> Do we have customer requests for this feature or maybe users who are
> waiting for exactly that ENUM values exactly in 2.8 release (not the
> 2.8.1 for instance)?
> Can we just simply remove IgniteCluster#readOnly to eliminate any
> backward compatibility issues between 2.8 and 2.9 releases?
> Do we have extended test results report (on just only TC.Bot green
> visa) on this feature to be sure that we will not add any blocker
> issues to the release? For instance, on pre-production environment.
>
> I'd like to notice that we also have more than enough the release
> blocker issues [3] which are still `in progress` and such a release
> run becomes endless. Such changes without strong reasons looks too
> scary for me a special after scope and code freeze dates.
>
> Please, dispel my doubts.
>
> [1] https://issues.apache.org/jira/browse/IGNITE-12225
> [2] https://github.com/apache/ignite/pull/7194
> [3]
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation)
>
> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <za...@gmail.com>
> wrote:
> >
> > +1
> >
> > чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <an...@gmail.com>:
> >
> > > +1
> > >
> > > I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
> will be
> > > at 13 Jan
> > >
> > > чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <vo...@gmail.com>:
> > >
> > > > +1
> > > >
> > > > чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
> > > > >
> > > > > Maxim M. and anyone who is interested,
> > > > >
> > > > > I suggest to include this fix to 2.8 release:
> > > > > https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > Basically, it's a result of the following discussion:
> > > > >
> > > >
> > >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > >
> > > > > The fix affects public API: IgniteCluster#readOnly methods that
> work
> > > with
> > > > > boolean are replaced with ones that work with enum.
> > > > > If we include it, we won't be obliged to keep deprecated boolean
> > > version
> > > > of
> > > > > API in the code (which is currently present in 2.8 branch) as it
> wasn't
> > > > > published in any release.
> > > > >
> > > > > On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > ilya.kasnacheev@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Hello!
> > > > > >
> > > > > > I have ran dependency checker plugin and quote the following:
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-urideploy:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-spring:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-spring-data:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-aop:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-visor-console:
> > > > > >
> > > > > > spring-core-4.3.18.RELEASE.jar
> > > > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > > >
> > > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > :
> > > > > > CVE-2018-15756
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-spring-data_2.0:
> > > > > >
> > > > > > spring-core-5.0.8.RELEASE.jar
> > > > > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > > > >
> > > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-15756
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-rest-http:
> > > > > >
> > > > > > jetty-server-9.4.11.v20180605.jar
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > jackson-databind-2.9.6.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-kubernetes:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-aws:
> > > > > >
> > > > > > jackson-databind-2.9.6.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > bcprov-ext-jdk15on-1.54.jar
> > > > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > CVE-2015-6644,
> > > > > > CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > CVE-2016-1000341,
> > > > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > CVE-2016-1000345,
> > > > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> CVE-2017-13098,
> > > > > > CVE-2018-1000180, CVE-2018-1000613
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-gce:
> > > > > >
> > > > > > httpclient-4.0.1.jar
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > > ,
> > > > > > cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > > > > > CVE-2014-3577, CVE-2015-5262
> > > > > > guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > > cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-cloud:
> > > > > >
> > > > > > openstack-keystone-2.0.0.jar
> > > > > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > > > cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> CVE-2013-2014,
> > > > > > CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > > CVE-2014-3520,
> > > > > > CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > > CVE-2018-20170
> > > > > > cloudstack-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > ,
> > > > > > cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > > > > > CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > > > docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > > cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > > > > CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > > > > > CVE-2019-5736
> > > > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> ,
> > > > > > cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > > > > CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > > > CVE-2019-16884, CVE-2019-5736
> > > > > > jsch.agentproxy.core-0.0.8.jar
> > > > > > (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > > cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > > > bcprov-ext-jdk15on-1.49.jar
> > > > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > CVE-2015-6644,
> > > > > > CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> CVE-2016-1000341,
> > > > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > CVE-2016-1000345,
> > > > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> CVE-2018-1000613
> > > > > > okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > > > > cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-mesos:
> > > > > >
> > > > > > mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > > > cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > > > > CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > > > jetty-server-9.4.11.v20180605.jar
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > jackson-databind-2.9.6.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-kafka:
> > > > > >
> > > > > > kafka-clients-2.0.1.jar
> > > (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > ,
> > > > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > > > connect-api-2.0.1.jar
> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-flume:
> > > > > >
> > > > > > guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > > > > cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > jackson-core-asl-1.8.8.jar
> > > > > > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> CVE-2017-15095,
> > > > > > CVE-2017-17485, CVE-2017-7525
> > > > > > jackson-mapper-asl-1.8.8.jar
> > > > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > > > > CVE-2019-16335, CVE-2019-17267
> > > > > > commons-collections-3.2.1.jar
> > > > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > CVE-2015-6420,
> > > > > > CVE-2017-15708, Remote code execution
> > > > > > netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > > > cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > CVE-2019-16869,
> > > > > > POODLE vulnerability in SSLv3.0 support
> > > > > > servlet-api-2.5-20110124.jar
> > > > > > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > > cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > CVE-2005-3747,
> > > > > > CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > > CVE-2009-5049,
> > > > > > CVE-2011-4461
> > > > > > jetty-util-6.1.26.jar
> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > ,
> > > > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> CVE-2009-1523,
> > > > > > CVE-2011-4461
> > > > > > jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> CVE-2009-1523,
> > > > > > CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > > CVE-2017-9735,
> > > > > > CVE-2019-10241, CVE-2019-10247
> > > > > > libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> :
> > > > > > CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > > > httpclient-4.1.3.jar
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > > ,
> > > > > > cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > > CVE-2015-5262
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-twitter:
> > > > > >
> > > > > > httpclient-4.2.5.jar
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > > ,
> > > > > > cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > > CVE-2015-5262
> > > > > > guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > > > > cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-zookeeper:
> > > > > >
> > > > > > jackson-databind-2.9.8.jar
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > CVE-2019-12086,
> > > > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > > > CVE-2019-17267, CVE-2019-17531
> > > > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > jackson-mapper-asl-1.9.13.jar
> > > > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > > > > cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > > netty-all-4.1.29.Final.jar
> (pkg:maven/io.netty/netty-all@4.1.29.Final
> > > ,
> > > > > > cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-camel:
> > > > > >
> > > > > > camel-core-2.22.0.jar
> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > > > CVE-2019-0188, CVE-2019-0194
> > > > > >
> > > > > >
> > > >
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > > (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > > > CVE-2019-0188, CVE-2019-0194
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-storm:
> > > > > >
> > > > > > storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
> ,
> > > > > > cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > > > > CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > CVE-2019-10247
> > > > > >
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > > cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > > CVE-2015-5262
> > > > > >
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > > (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > > cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > > CVE-2014-3488,
> > > > > > CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > > support
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > CVE-2011-4461,
> > > > > > CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > > CVE-2019-10241,
> > > > > > CVE-2019-10247
> > > > > >
> > > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > CVE-2011-4461,
> > > > > > CVE-2019-10247
> > > > > >
> > > > > >
> > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > CVE-2016-1000031
> > > > > >
> > > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > > (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > > cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > > > > CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > > CVE-2017-15713,
> > > > > > CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > > CVE-2018-1296,
> > > > > > CVE-2018-8009, CVE-2018-8029
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-cassandra-store:
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-cassandra-serializers:
> > > > > >
> > > > > > commons-beanutils-1.9.2.jar
> > > > > > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > CVE-2019-10086
> > > > > > commons-collections-3.2.1.jar
> > > > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > CVE-2015-6420,
> > > > > > CVE-2017-15708, Remote code execution
> > > > > > spring-core-4.3.18.RELEASE.jar
> > > > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > > >
> > > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > :
> > > > > > CVE-2018-15756
> > > > > > netty-transport-4.1.27.Final.jar
> > > > > > (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > > cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-flink:
> > > > > >
> > > > > > flink-hadoop-fs-1.5.0.jar
> > > > (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > > ,
> > > > > > cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > > > > CVE-2017-3161, CVE-2017-3162
> > > > > >
> > > > > >
> > > >
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > > (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > > cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > CVE-2016-4970,
> > > > > > CVE-2019-16869
> > > > > >
> > > > > >
> > > >
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > > > > cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > CVE-2017-15095,
> > > > > > CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > > > > > CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > > > > > CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > > CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > > > CVE-2019-17267, CVE-2019-17531
> > > > > >
> > > > > >
> > > >
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > (pkg:maven/com.google.guava/guava@18.0,
> > > > > > cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > >
> > > > > > One or more dependencies were identified with known
> vulnerabilities
> > > in
> > > > > > ignite-rocketmq:
> > > > > >
> > > > > > netty-all-4.0.42.Final.jar
> (pkg:maven/io.netty/netty-all@4.0.42.Final
> > > ,
> > > > > > cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > > netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> ,
> > > > > > cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > > > CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > > CVE-2006-7196,
> > > > > > CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > > CVE-2012-5568,
> > > > > > CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > > CVE-2013-4590,
> > > > > > CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > > CVE-2014-0119,
> > > > > > CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > > > >
> > > > > > Main offenders seem to be "jackson-databind" and old maintenance
> > > > releases
> > > > > > of Spring. I think we can bump most of that.
> > > > > >
> > > > > > Some integrations also clearly suffer, through it's a problem of
> > > their
> > > > > > users, since they need to declare their own libraries' versions
> by
> > > > > > convention.
> > > > > >
> > > > > > Regards,
> > > > > > --
> > > > > > Ilya Kasnacheev
> > > > > >
> > > > > >
> > > > > > пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
> > > > > >
> > > > > > > Ilya, no I see, thanks for the explanation. Agree with you,
> let's
> > > > update
> > > > > > > the versions of the dependencies to the latest.
> > > > > > >
> > > > > > > -
> > > > > > > Denis
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > > ilya.kasnacheev@gmail.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Hello!
> > > > > > > >
> > > > > > > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > > > >
> > > > > > > > By bumping versisons I mean the following:
> > > > > > > >         <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > > >         <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > > >         <spark.version>2.3.*0*</spark.version>
> > > > > > > >
> > > >  <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > > <!--
> > > > > > > > don't forget to update spring version -->
> > > > > > > >         <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > don't
> > > > > > > forget
> > > > > > > > to update spring-data version -->
> > > > > > > >
> > > > > > >
> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > > > <!-- don't forget to update spring-5.0 version -->
> > > > > > > >
> > > >  <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > > don't
> > > > > > > > forget to update spring-data-2.0 version -->
> > > > > > > >
> > > > > > > > All these libraries have maintenance release (such as our
> > > 2.7.*6*)
> > > > and
> > > > > > I
> > > > > > > > think it would be beneficial to upgrade these dependencies
> to the
> > > > > > latest
> > > > > > > > maintenance version found in Maven Central.
> > > > > > > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > --
> > > > > > > > Ilya Kasnacheev
> > > > > > > >
> > > > > > > >
> > > > > > > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dmagda@apache.org
> >:
> > > > > > > >
> > > > > > > > > A huge +1 for adding Spring Data related
> fixes/improvements.
> > > > Ilya is
> > > > > > > > right
> > > > > > > > > that Spring Data related questions sparked last time due to
> > > > missing
> > > > > > > > support
> > > > > > > > > of 2.2 version.
> > > > > > > > >
> > > > > > > > > Ilya, could you elaborate on what you mean under "bumping
> the
> > > > > > > versions"?
> > > > > > > > Do
> > > > > > > > > you suggest performing a straightforward upgrade of
> > > > > > > "ignite-spring-data"
> > > > > > > > to
> > > > > > > > > version 2.2 and introducing
> "ignite-spring-data-{old-version"}
> > > > for
> > > > > > the
> > > > > > > > > previous versions? If it's so, I fully agree with the
> proposal.
> > > > > > > > >
> > > > > > > > > -
> > > > > > > > > Denis
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > > > > ilya.kasnacheev@gmail.com
> > > > > > > > > >
> > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > Hello!
> > > > > > > > > >
> > > > > > > > > > I propose to add the following ticket to the scope:
> > > > > > > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > > commits, be
> > > > > > > > > careful
> > > > > > > > > > with release version)
> > > > > > > > > >
> > > > > > > > > > Adding tickets to scope surely seems crazy now, but I
> will
> > > > provide
> > > > > > > the
> > > > > > > > > > following considerations:
> > > > > > > > > > * This is Spring Data 2.2 integration, which we
> currently do
> > > > not
> > > > > > > have,
> > > > > > > > > > leading to lots of confused questions on stack overflow
> and
> > > > mailing
> > > > > > > > list.
> > > > > > > > > > Spring Data is important to our public image since many
> > > people
> > > > may
> > > > > > > > learn
> > > > > > > > > > about out project by starting with Spring Data.
> > > > > > > > > >
> > > > > > > > > > * It has zero code impact outside of its own module
> (just 2
> > > POM
> > > > > > file
> > > > > > > > > > touched and that's all).
> > > > > > > > > >
> > > > > > > > > > * The core was ready since early November but, due to
> gmail
> > > > quirk,
> > > > > > we
> > > > > > > > did
> > > > > > > > > > not react to it in time.
> > > > > > > > > >
> > > > > > > > > > WDYT?
> > > > > > > > > >
> > > > > > > > > > Another semi-related question. *Should we bump our
> > > > dependencies'
> > > > > > > > versions
> > > > > > > > > > before releasing 2.8?* I talk mainly about spring and
> > > hibernate
> > > > > > > > > > dependencies. We could switch them to their latest
> > > maintenance
> > > > > > > versions
> > > > > > > > > to
> > > > > > > > > > avoid shipping default links to outdated packages.
> > > > > > > > > >
> > > > > > > > > > I think this is one of things that are very hard to do
> > > between
> > > > > > > > releases,
> > > > > > > > > so
> > > > > > > > > > I think this dependencies bumping should be a part of a
> > > formal
> > > > > > > > > > release/testing cycle, and then be backported to master.
> > > > > > > > > >
> > > > > > > > > > I could volunteer to do that myself, if we agree to merge
> > > these
> > > > > > > version
> > > > > > > > > > upgrades to ignite-2.8 and then re-test.
> > > > > > > > > >
> > > > > > > > > > Regards,
> > > > > > > > > > --
> > > > > > > > > > Ilya Kasnacheev
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > > > > <arzamas123@mail.ru.invalid
> > > > > > > > > > >:
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Igniters, i`l try to compare 2.8 release candidate vs
> > > 2.7.6,
> > > > > > > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > > > > > > i use yardstick benchmarks, 4 bare machine with:  2x
> Xeon
> > > > X5570
> > > > > > > 96Gb
> > > > > > > > > > 512GB
> > > > > > > > > > > SSD 2048GB HDD 10GB/s
> > > > > > > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > > > > > > this mappings for graphs and real yardstick tests:
> > > > > > > > > > >
> > > > > > > > > > > atomic-put: IgnitePutBenchmark
> > > > > > > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > > > > > atomic-get: IgniteGetBenchmark
> > > > > > > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > > > > > >
> > > > > > > > > > > cacheMode — partitioned
> > > > > > > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > > > > > 1 backup
> > > > > > > > > > >
> > > > > > > > > > > 1. wal = log_only 2. wal = none 3. persistence
> disabled.
> > > > > > > > > > > Thanks Maxim for wiki page [1]
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > [1]
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > > > > > >
> > > > > > > > > > > do we need some bisect or other work here ?
> > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >------- Forwarded message -------
> > > > > > > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > > > > > > >To:  dev@ignite.apache.org
> > > > > > > > > > > >Cc:
> > > > > > > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> Manager]
> > > > > > > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > > > > > >
> > > > > > > > > > > >Igniters,
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >It's almost a year has passed since the last major
> Apache
> > > > Ignite
> > > > > > > 2.7
> > > > > > > > > > > >has been released. We've accumulated a lot of
> performance
> > > > > > > > improvements
> > > > > > > > > > > >and a lot of new features which are waiting for their
> > > > release
> > > > > > > date.
> > > > > > > > > > > >Here is my list of the most interesting things from my
> > > point
> > > > > > since
> > > > > > > > the
> > > > > > > > > > > >last major release:
> > > > > > > > > > > >
> > > > > > > > > > > >Service Grid,
> > > > > > > > > > > >Monitoring,
> > > > > > > > > > > >Recovery Read
> > > > > > > > > > > >BLT auto-adjust,
> > > > > > > > > > > >PDS compression,
> > > > > > > > > > > >WAL page compression,
> > > > > > > > > > > >Thin client: best effort affinity,
> > > > > > > > > > > >Thin client: transactions support (not yet)
> > > > > > > > > > > >SQL query history
> > > > > > > > > > > >SQL statistics
> > > > > > > > > > > >
> > > > > > > > > > > >I think we should no longer wait and freeze the master
> > > > branch
> > > > > > > > anymore
> > > > > > > > > > > >and prepare the next major release by the end of the
> year.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8
> > > > release
> > > > > > and
> > > > > > > > also
> > > > > > > > > > > >I want to propose myself to be the release manager of
> the
> > > > > > planning
> > > > > > > > > > > >release.
> > > > > > > > > > > >
> > > > > > > > > > > >Scope Freeze: November 4, 2019
> > > > > > > > > > > >Code Freeze: November 18, 2019
> > > > > > > > > > > >Voting Date: December 10, 2019
> > > > > > > > > > > >Release Date: December 17, 2019
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >WDYT?
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > > Ivan Pavlukhin
> > > >
> > >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Maxim Muzafarov <mm...@apache.org>]

Folks,


Let me remind you that we are working on the 2.8 release branch
stabilization currently (please, keep it in mind).


Do we have a really STRONG reason for adding such a change [1] to the
ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
−2,038, 111 files changed.
Do we have customer requests for this feature or maybe users who are
waiting for exactly that ENUM values exactly in 2.8 release (not the
2.8.1 for instance)?
Can we just simply remove IgniteCluster#readOnly to eliminate any
backward compatibility issues between 2.8 and 2.9 releases?
Do we have extended test results report (on just only TC.Bot green
visa) on this feature to be sure that we will not add any blocker
issues to the release? For instance, on pre-production environment.

I'd like to notice that we also have more than enough the release
blocker issues [3] which are still `in progress` and such a release
run becomes endless. Such changes without strong reasons looks too
scary for me a special after scope and code freeze dates.

Please, dispel my doubts.

[1] https://issues.apache.org/jira/browse/IGNITE-12225
[2] https://github.com/apache/ignite/pull/7194
[3] https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation)

On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <za...@gmail.com> wrote:
>
> +1
>
> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <an...@gmail.com>:
>
> > +1
> >
> > I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch will be
> > at 13 Jan
> >
> > чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <vo...@gmail.com>:
> >
> > > +1
> > >
> > > чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
> > > >
> > > > Maxim M. and anyone who is interested,
> > > >
> > > > I suggest to include this fix to 2.8 release:
> > > > https://issues.apache.org/jira/browse/IGNITE-12225
> > > > Basically, it's a result of the following discussion:
> > > >
> > >
> > http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > >
> > > > The fix affects public API: IgniteCluster#readOnly methods that work
> > with
> > > > boolean are replaced with ones that work with enum.
> > > > If we include it, we won't be obliged to keep deprecated boolean
> > version
> > > of
> > > > API in the code (which is currently present in 2.8 branch) as it wasn't
> > > > published in any release.
> > > >
> > > > On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > ilya.kasnacheev@gmail.com>
> > > > wrote:
> > > >
> > > > > Hello!
> > > > >
> > > > > I have ran dependency checker plugin and quote the following:
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-urideploy:
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-spring:
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-spring-data:
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-aop:
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-visor-console:
> > > > >
> > > > > spring-core-4.3.18.RELEASE.jar
> > > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > >
> > > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > :
> > > > > CVE-2018-15756
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-spring-data_2.0:
> > > > >
> > > > > spring-core-5.0.8.RELEASE.jar
> > > > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > > >
> > > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > CVE-2018-15756
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-rest-http:
> > > > >
> > > > > jetty-server-9.4.11.v20180605.jar
> > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > jackson-databind-2.9.6.jar
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-kubernetes:
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-aws:
> > > > >
> > > > > jackson-databind-2.9.6.jar
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > bcprov-ext-jdk15on-1.54.jar
> > > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > CVE-2015-6644,
> > > > > CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > CVE-2016-1000341,
> > > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > CVE-2016-1000345,
> > > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098,
> > > > > CVE-2018-1000180, CVE-2018-1000613
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-gce:
> > > > >
> > > > > httpclient-4.0.1.jar
> > > (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > ,
> > > > > cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > > > > CVE-2014-3577, CVE-2015-5262
> > > > > guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-cloud:
> > > > >
> > > > > openstack-keystone-2.0.0.jar
> > > > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > > cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2014,
> > > > > CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > CVE-2014-3520,
> > > > > CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > CVE-2018-20170
> > > > > cloudstack-2.0.0.jar
> > (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > ,
> > > > > cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > > > > CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > > docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > > > CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > > > > CVE-2019-5736
> > > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3,
> > > > > cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > > > CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > > CVE-2019-16884, CVE-2019-5736
> > > > > jsch.agentproxy.core-0.0.8.jar
> > > > > (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > > bcprov-ext-jdk15on-1.49.jar
> > > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > CVE-2015-6644,
> > > > > CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000341,
> > > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > CVE-2016-1000345,
> > > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000613
> > > > > okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > > > cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-mesos:
> > > > >
> > > > > mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > > cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > > > CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > > jetty-server-9.4.11.v20180605.jar
> > > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > jackson-databind-2.9.6.jar
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-kafka:
> > > > >
> > > > > kafka-clients-2.0.1.jar
> > (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > ,
> > > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > > connect-api-2.0.1.jar (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-flume:
> > > > >
> > > > > guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > > > cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > jackson-core-asl-1.8.8.jar
> > > > > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) : CVE-2017-15095,
> > > > > CVE-2017-17485, CVE-2017-7525
> > > > > jackson-mapper-asl-1.8.8.jar
> > > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > > > CVE-2019-16335, CVE-2019-17267
> > > > > commons-collections-3.2.1.jar
> > > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > CVE-2015-6420,
> > > > > CVE-2017-15708, Remote code execution
> > > > > netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > > cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > CVE-2019-16869,
> > > > > POODLE vulnerability in SSLv3.0 support
> > > > > servlet-api-2.5-20110124.jar
> > > > > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > CVE-2005-3747,
> > > > > CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > CVE-2009-5049,
> > > > > CVE-2011-4461
> > > > > jetty-util-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > ,
> > > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > > > > CVE-2011-4461
> > > > > jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > > > > CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > CVE-2017-9735,
> > > > > CVE-2019-10241, CVE-2019-10247
> > > > > libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0) :
> > > > > CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > > httpclient-4.1.3.jar
> > > (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > ,
> > > > > cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > CVE-2015-5262
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-twitter:
> > > > >
> > > > > httpclient-4.2.5.jar
> > > (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > ,
> > > > > cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > CVE-2015-5262
> > > > > guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > > > cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-zookeeper:
> > > > >
> > > > > jackson-databind-2.9.8.jar
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > > > cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > CVE-2019-12086,
> > > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > > CVE-2019-17267, CVE-2019-17531
> > > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > jackson-mapper-asl-1.9.13.jar
> > > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > > > cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > netty-all-4.1.29.Final.jar (pkg:maven/io.netty/netty-all@4.1.29.Final
> > ,
> > > > > cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-camel:
> > > > >
> > > > > camel-core-2.22.0.jar (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > > CVE-2019-0188, CVE-2019-0194
> > > > >
> > > > >
> > >
> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > > CVE-2019-0188, CVE-2019-0194
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-storm:
> > > > >
> > > > > storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1,
> > > > > cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > > > CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > CVE-2019-10247
> > > > >
> > > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > > CVE-2015-5262
> > > > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > > cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > CVE-2014-3488,
> > > > > CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > support
> > > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > CVE-2011-4461,
> > > > > CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > CVE-2019-10241,
> > > > > CVE-2019-10247
> > > > >
> > > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > CVE-2011-4461,
> > > > > CVE-2019-10247
> > > > >
> > > > >
> > >
> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > CVE-2016-1000031
> > > > >
> > > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > > > CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > CVE-2017-15713,
> > > > > CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > CVE-2018-1296,
> > > > > CVE-2018-8009, CVE-2018-8029
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-cassandra-store:
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-cassandra-serializers:
> > > > >
> > > > > commons-beanutils-1.9.2.jar
> > > > > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > CVE-2019-10086
> > > > > commons-collections-3.2.1.jar
> > > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > CVE-2015-6420,
> > > > > CVE-2017-15708, Remote code execution
> > > > > spring-core-4.3.18.RELEASE.jar
> > > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > > >
> > > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > :
> > > > > CVE-2018-15756
> > > > > netty-transport-4.1.27.Final.jar
> > > > > (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > > cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-flink:
> > > > >
> > > > > flink-hadoop-fs-1.5.0.jar
> > > (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > ,
> > > > > cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > > > CVE-2017-3161, CVE-2017-3162
> > > > >
> > > > >
> > >
> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > > cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > CVE-2016-4970,
> > > > > CVE-2019-16869
> > > > >
> > > > >
> > >
> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > > > cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > CVE-2017-15095,
> > > > > CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > > > > CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > > > > CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > > CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > > CVE-2019-17267, CVE-2019-17531
> > > > >
> > > > >
> > >
> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > (pkg:maven/com.google.guava/guava@18.0,
> > > > > cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >
> > > > > One or more dependencies were identified with known vulnerabilities
> > in
> > > > > ignite-rocketmq:
> > > > >
> > > > > netty-all-4.0.42.Final.jar (pkg:maven/io.netty/netty-all@4.0.42.Final
> > ,
> > > > > cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > > netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26,
> > > > > cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > > CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > CVE-2006-7196,
> > > > > CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > CVE-2012-5568,
> > > > > CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > CVE-2013-4590,
> > > > > CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > CVE-2014-0119,
> > > > > CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > > >
> > > > > Main offenders seem to be "jackson-databind" and old maintenance
> > > releases
> > > > > of Spring. I think we can bump most of that.
> > > > >
> > > > > Some integrations also clearly suffer, through it's a problem of
> > their
> > > > > users, since they need to declare their own libraries' versions by
> > > > > convention.
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Ilya Kasnacheev
> > > > >
> > > > >
> > > > > пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
> > > > >
> > > > > > Ilya, no I see, thanks for the explanation. Agree with you, let's
> > > update
> > > > > > the versions of the dependencies to the latest.
> > > > > >
> > > > > > -
> > > > > > Denis
> > > > > >
> > > > > >
> > > > > > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > ilya.kasnacheev@gmail.com>
> > > > > > wrote:
> > > > > >
> > > > > > > Hello!
> > > > > > >
> > > > > > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > > >
> > > > > > > By bumping versisons I mean the following:
> > > > > > >         <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > >         <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > >         <spark.version>2.3.*0*</spark.version>
> > > > > > >
> > >  <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > <!--
> > > > > > > don't forget to update spring version -->
> > > > > > >         <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > don't
> > > > > > forget
> > > > > > > to update spring-data version -->
> > > > > > >
> > > > > >  <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > > <!-- don't forget to update spring-5.0 version -->
> > > > > > >
> > >  <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > don't
> > > > > > > forget to update spring-data-2.0 version -->
> > > > > > >
> > > > > > > All these libraries have maintenance release (such as our
> > 2.7.*6*)
> > > and
> > > > > I
> > > > > > > think it would be beneficial to upgrade these dependencies to the
> > > > > latest
> > > > > > > maintenance version found in Maven Central.
> > > > > > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > > > >
> > > > > > > Regards,
> > > > > > > --
> > > > > > > Ilya Kasnacheev
> > > > > > >
> > > > > > >
> > > > > > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dm...@apache.org>:
> > > > > > >
> > > > > > > > A huge +1 for adding Spring Data related fixes/improvements.
> > > Ilya is
> > > > > > > right
> > > > > > > > that Spring Data related questions sparked last time due to
> > > missing
> > > > > > > support
> > > > > > > > of 2.2 version.
> > > > > > > >
> > > > > > > > Ilya, could you elaborate on what you mean under "bumping the
> > > > > > versions"?
> > > > > > > Do
> > > > > > > > you suggest performing a straightforward upgrade of
> > > > > > "ignite-spring-data"
> > > > > > > to
> > > > > > > > version 2.2 and introducing "ignite-spring-data-{old-version"}
> > > for
> > > > > the
> > > > > > > > previous versions? If it's so, I fully agree with the proposal.
> > > > > > > >
> > > > > > > > -
> > > > > > > > Denis
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > > > ilya.kasnacheev@gmail.com
> > > > > > > > >
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > > Hello!
> > > > > > > > >
> > > > > > > > > I propose to add the following ticket to the scope:
> > > > > > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > commits, be
> > > > > > > > careful
> > > > > > > > > with release version)
> > > > > > > > >
> > > > > > > > > Adding tickets to scope surely seems crazy now, but I will
> > > provide
> > > > > > the
> > > > > > > > > following considerations:
> > > > > > > > > * This is Spring Data 2.2 integration, which we currently do
> > > not
> > > > > > have,
> > > > > > > > > leading to lots of confused questions on stack overflow and
> > > mailing
> > > > > > > list.
> > > > > > > > > Spring Data is important to our public image since many
> > people
> > > may
> > > > > > > learn
> > > > > > > > > about out project by starting with Spring Data.
> > > > > > > > >
> > > > > > > > > * It has zero code impact outside of its own module (just 2
> > POM
> > > > > file
> > > > > > > > > touched and that's all).
> > > > > > > > >
> > > > > > > > > * The core was ready since early November but, due to gmail
> > > quirk,
> > > > > we
> > > > > > > did
> > > > > > > > > not react to it in time.
> > > > > > > > >
> > > > > > > > > WDYT?
> > > > > > > > >
> > > > > > > > > Another semi-related question. *Should we bump our
> > > dependencies'
> > > > > > > versions
> > > > > > > > > before releasing 2.8?* I talk mainly about spring and
> > hibernate
> > > > > > > > > dependencies. We could switch them to their latest
> > maintenance
> > > > > > versions
> > > > > > > > to
> > > > > > > > > avoid shipping default links to outdated packages.
> > > > > > > > >
> > > > > > > > > I think this is one of things that are very hard to do
> > between
> > > > > > > releases,
> > > > > > > > so
> > > > > > > > > I think this dependencies bumping should be a part of a
> > formal
> > > > > > > > > release/testing cycle, and then be backported to master.
> > > > > > > > >
> > > > > > > > > I could volunteer to do that myself, if we agree to merge
> > these
> > > > > > version
> > > > > > > > > upgrades to ignite-2.8 and then re-test.
> > > > > > > > >
> > > > > > > > > Regards,
> > > > > > > > > --
> > > > > > > > > Ilya Kasnacheev
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > > > <arzamas123@mail.ru.invalid
> > > > > > > > > >:
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Igniters, i`l try to compare 2.8 release candidate vs
> > 2.7.6,
> > > > > > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > > > > > i use yardstick benchmarks, 4 bare machine with:  2x Xeon
> > > X5570
> > > > > > 96Gb
> > > > > > > > > 512GB
> > > > > > > > > > SSD 2048GB HDD 10GB/s
> > > > > > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > > > > > this mappings for graphs and real yardstick tests:
> > > > > > > > > >
> > > > > > > > > > atomic-put: IgnitePutBenchmark
> > > > > > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > > > > atomic-get: IgniteGetBenchmark
> > > > > > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > > > > >
> > > > > > > > > > cacheMode — partitioned
> > > > > > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > > > > 1 backup
> > > > > > > > > >
> > > > > > > > > > 1. wal = log_only 2. wal = none 3. persistence disabled.
> > > > > > > > > > Thanks Maxim for wiki page [1]
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > [1]
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > > > > >
> > > > > > > > > > do we need some bisect or other work here ?
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >------- Forwarded message -------
> > > > > > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > > > > > >To:  dev@ignite.apache.org
> > > > > > > > > > >Cc:
> > > > > > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]
> > > > > > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > > > > >
> > > > > > > > > > >Igniters,
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >It's almost a year has passed since the last major Apache
> > > Ignite
> > > > > > 2.7
> > > > > > > > > > >has been released. We've accumulated a lot of performance
> > > > > > > improvements
> > > > > > > > > > >and a lot of new features which are waiting for their
> > > release
> > > > > > date.
> > > > > > > > > > >Here is my list of the most interesting things from my
> > point
> > > > > since
> > > > > > > the
> > > > > > > > > > >last major release:
> > > > > > > > > > >
> > > > > > > > > > >Service Grid,
> > > > > > > > > > >Monitoring,
> > > > > > > > > > >Recovery Read
> > > > > > > > > > >BLT auto-adjust,
> > > > > > > > > > >PDS compression,
> > > > > > > > > > >WAL page compression,
> > > > > > > > > > >Thin client: best effort affinity,
> > > > > > > > > > >Thin client: transactions support (not yet)
> > > > > > > > > > >SQL query history
> > > > > > > > > > >SQL statistics
> > > > > > > > > > >
> > > > > > > > > > >I think we should no longer wait and freeze the master
> > > branch
> > > > > > > anymore
> > > > > > > > > > >and prepare the next major release by the end of the year.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8
> > > release
> > > > > and
> > > > > > > also
> > > > > > > > > > >I want to propose myself to be the release manager of the
> > > > > planning
> > > > > > > > > > >release.
> > > > > > > > > > >
> > > > > > > > > > >Scope Freeze: November 4, 2019
> > > > > > > > > > >Code Freeze: November 18, 2019
> > > > > > > > > > >Voting Date: December 10, 2019
> > > > > > > > > > >Release Date: December 17, 2019
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >WDYT?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> > >
> > >
> > > --
> > > Best regards,
> > > Ivan Pavlukhin
> > >
> >

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Alexey Zinoviev <za...@gmail.com>]

+1

чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <an...@gmail.com>:

> +1
>
> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch will be
> at 13 Jan
>
> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <vo...@gmail.com>:
>
> > +1
> >
> > чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
> > >
> > > Maxim M. and anyone who is interested,
> > >
> > > I suggest to include this fix to 2.8 release:
> > > https://issues.apache.org/jira/browse/IGNITE-12225
> > > Basically, it's a result of the following discussion:
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > >
> > > The fix affects public API: IgniteCluster#readOnly methods that work
> with
> > > boolean are replaced with ones that work with enum.
> > > If we include it, we won't be obliged to keep deprecated boolean
> version
> > of
> > > API in the code (which is currently present in 2.8 branch) as it wasn't
> > > published in any release.
> > >
> > > On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > ilya.kasnacheev@gmail.com>
> > > wrote:
> > >
> > > > Hello!
> > > >
> > > > I have ran dependency checker plugin and quote the following:
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-urideploy:
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-spring:
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-spring-data:
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-aop:
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-visor-console:
> > > >
> > > > spring-core-4.3.18.RELEASE.jar
> > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> :
> > > > CVE-2018-15756
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-spring-data_2.0:
> > > >
> > > > spring-core-5.0.8.RELEASE.jar
> > > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > CVE-2018-15756
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-rest-http:
> > > >
> > > > jetty-server-9.4.11.v20180605.jar
> > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > jackson-databind-2.9.6.jar
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-kubernetes:
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-aws:
> > > >
> > > > jackson-databind-2.9.6.jar
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > bcprov-ext-jdk15on-1.54.jar
> > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> CVE-2015-6644,
> > > > CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> CVE-2016-1000341,
> > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> CVE-2016-1000345,
> > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098,
> > > > CVE-2018-1000180, CVE-2018-1000613
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-gce:
> > > >
> > > > httpclient-4.0.1.jar
> > (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > ,
> > > > cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > > > CVE-2014-3577, CVE-2015-5262
> > > > guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-cloud:
> > > >
> > > > openstack-keystone-2.0.0.jar
> > > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2014,
> > > > CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > CVE-2014-3520,
> > > > CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > CVE-2018-20170
> > > > cloudstack-2.0.0.jar
> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > ,
> > > > cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > > > CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > > CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > > > CVE-2019-5736
> > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3,
> > > > cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > > CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > CVE-2019-16884, CVE-2019-5736
> > > > jsch.agentproxy.core-0.0.8.jar
> > > > (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > bcprov-ext-jdk15on-1.49.jar
> > > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> CVE-2015-6644,
> > > > CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000341,
> > > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> CVE-2016-1000345,
> > > > CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000613
> > > > okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > > cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-mesos:
> > > >
> > > > mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > > CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > jetty-server-9.4.11.v20180605.jar
> > > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > jackson-databind-2.9.6.jar
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-kafka:
> > > >
> > > > kafka-clients-2.0.1.jar
> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > ,
> > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > connect-api-2.0.1.jar (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-flume:
> > > >
> > > > guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > > cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > jackson-core-asl-1.8.8.jar
> > > > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) : CVE-2017-15095,
> > > > CVE-2017-17485, CVE-2017-7525
> > > > jackson-mapper-asl-1.8.8.jar
> > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > > CVE-2019-16335, CVE-2019-17267
> > > > commons-collections-3.2.1.jar
> > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > CVE-2015-6420,
> > > > CVE-2017-15708, Remote code execution
> > > > netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > > > cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > CVE-2019-16869,
> > > > POODLE vulnerability in SSLv3.0 support
> > > > servlet-api-2.5-20110124.jar
> > > > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > CVE-2005-3747,
> > > > CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > CVE-2009-5049,
> > > > CVE-2011-4461
> > > > jetty-util-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> ,
> > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > > > CVE-2011-4461
> > > > jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > > > CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > CVE-2017-9735,
> > > > CVE-2019-10241, CVE-2019-10247
> > > > libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0) :
> > > > CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > httpclient-4.1.3.jar
> > (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > ,
> > > > cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > CVE-2015-5262
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-twitter:
> > > >
> > > > httpclient-4.2.5.jar
> > (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > ,
> > > > cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > CVE-2015-5262
> > > > guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > > cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-zookeeper:
> > > >
> > > > jackson-databind-2.9.8.jar
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > > cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > CVE-2019-12086,
> > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > CVE-2019-17267, CVE-2019-17531
> > > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > jackson-mapper-asl-1.9.13.jar
> > > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > > cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > netty-all-4.1.29.Final.jar (pkg:maven/io.netty/netty-all@4.1.29.Final
> ,
> > > > cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-camel:
> > > >
> > > > camel-core-2.22.0.jar (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > CVE-2019-0188, CVE-2019-0194
> > > >
> > > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > > CVE-2019-0188, CVE-2019-0194
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-storm:
> > > >
> > > > storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1,
> > > > cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > > CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> CVE-2019-10247
> > > >
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > > CVE-2015-5262
> > > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > (pkg:maven/com.google.guava/guava@16.0.1,
> > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > (pkg:maven/io.netty/netty@3.9.0.Final,
> > > > cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > CVE-2014-3488,
> > > > CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> support
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> CVE-2011-4461,
> > > > CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > CVE-2019-10241,
> > > > CVE-2019-10247
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> CVE-2011-4461,
> > > > CVE-2019-10247
> > > >
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > CVE-2016-1000031
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > > CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > CVE-2017-15713,
> > > > CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > CVE-2018-1296,
> > > > CVE-2018-8009, CVE-2018-8029
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-cassandra-store:
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-cassandra-serializers:
> > > >
> > > > commons-beanutils-1.9.2.jar
> > > > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > CVE-2019-10086
> > > > commons-collections-3.2.1.jar
> > > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > CVE-2015-6420,
> > > > CVE-2017-15708, Remote code execution
> > > > spring-core-4.3.18.RELEASE.jar
> > > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> :
> > > > CVE-2018-15756
> > > > netty-transport-4.1.27.Final.jar
> > > > (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > > cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-flink:
> > > >
> > > > flink-hadoop-fs-1.5.0.jar
> > (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > ,
> > > > cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > > CVE-2017-3161, CVE-2017-3162
> > > >
> > > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > > cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > CVE-2016-4970,
> > > > CVE-2019-16869
> > > >
> > > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > > cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > CVE-2017-15095,
> > > > CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > > > CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > > CVE-2019-17267, CVE-2019-17531
> > > >
> > > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > (pkg:maven/com.google.guava/guava@18.0,
> > > > cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >
> > > > One or more dependencies were identified with known vulnerabilities
> in
> > > > ignite-rocketmq:
> > > >
> > > > netty-all-4.0.42.Final.jar (pkg:maven/io.netty/netty-all@4.0.42.Final
> ,
> > > > cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26,
> > > > cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > > CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > CVE-2006-7196,
> > > > CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > CVE-2012-5568,
> > > > CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > CVE-2013-4590,
> > > > CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > CVE-2014-0119,
> > > > CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > >
> > > > Main offenders seem to be "jackson-databind" and old maintenance
> > releases
> > > > of Spring. I think we can bump most of that.
> > > >
> > > > Some integrations also clearly suffer, through it's a problem of
> their
> > > > users, since they need to declare their own libraries' versions by
> > > > convention.
> > > >
> > > > Regards,
> > > > --
> > > > Ilya Kasnacheev
> > > >
> > > >
> > > > пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
> > > >
> > > > > Ilya, no I see, thanks for the explanation. Agree with you, let's
> > update
> > > > > the versions of the dependencies to the latest.
> > > > >
> > > > > -
> > > > > Denis
> > > > >
> > > > >
> > > > > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > ilya.kasnacheev@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Hello!
> > > > > >
> > > > > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > >
> > > > > > By bumping versisons I mean the following:
> > > > > >         <slf4j.version>1.7.*7*</slf4j.version>
> > > > > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > >         <snappy.version>1.1.7.*2*</snappy.version>
> > > > > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > >         <spark.version>2.3.*0*</spark.version>
> > > > > >
> >  <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > <!--
> > > > > > don't forget to update spring version -->
> > > > > >         <spring.version>4.3.*18*.RELEASE</spring.version><!--
> don't
> > > > > forget
> > > > > > to update spring-data version -->
> > > > > >
> > > > >  <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > <!-- don't forget to update spring-5.0 version -->
> > > > > >
> >  <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > don't
> > > > > > forget to update spring-data-2.0 version -->
> > > > > >
> > > > > > All these libraries have maintenance release (such as our
> 2.7.*6*)
> > and
> > > > I
> > > > > > think it would be beneficial to upgrade these dependencies to the
> > > > latest
> > > > > > maintenance version found in Maven Central.
> > > > > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > > >
> > > > > > Regards,
> > > > > > --
> > > > > > Ilya Kasnacheev
> > > > > >
> > > > > >
> > > > > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dm...@apache.org>:
> > > > > >
> > > > > > > A huge +1 for adding Spring Data related fixes/improvements.
> > Ilya is
> > > > > > right
> > > > > > > that Spring Data related questions sparked last time due to
> > missing
> > > > > > support
> > > > > > > of 2.2 version.
> > > > > > >
> > > > > > > Ilya, could you elaborate on what you mean under "bumping the
> > > > > versions"?
> > > > > > Do
> > > > > > > you suggest performing a straightforward upgrade of
> > > > > "ignite-spring-data"
> > > > > > to
> > > > > > > version 2.2 and introducing "ignite-spring-data-{old-version"}
> > for
> > > > the
> > > > > > > previous versions? If it's so, I fully agree with the proposal.
> > > > > > >
> > > > > > > -
> > > > > > > Denis
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > > ilya.kasnacheev@gmail.com
> > > > > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Hello!
> > > > > > > >
> > > > > > > > I propose to add the following ticket to the scope:
> > > > > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > commits, be
> > > > > > > careful
> > > > > > > > with release version)
> > > > > > > >
> > > > > > > > Adding tickets to scope surely seems crazy now, but I will
> > provide
> > > > > the
> > > > > > > > following considerations:
> > > > > > > > * This is Spring Data 2.2 integration, which we currently do
> > not
> > > > > have,
> > > > > > > > leading to lots of confused questions on stack overflow and
> > mailing
> > > > > > list.
> > > > > > > > Spring Data is important to our public image since many
> people
> > may
> > > > > > learn
> > > > > > > > about out project by starting with Spring Data.
> > > > > > > >
> > > > > > > > * It has zero code impact outside of its own module (just 2
> POM
> > > > file
> > > > > > > > touched and that's all).
> > > > > > > >
> > > > > > > > * The core was ready since early November but, due to gmail
> > quirk,
> > > > we
> > > > > > did
> > > > > > > > not react to it in time.
> > > > > > > >
> > > > > > > > WDYT?
> > > > > > > >
> > > > > > > > Another semi-related question. *Should we bump our
> > dependencies'
> > > > > > versions
> > > > > > > > before releasing 2.8?* I talk mainly about spring and
> hibernate
> > > > > > > > dependencies. We could switch them to their latest
> maintenance
> > > > > versions
> > > > > > > to
> > > > > > > > avoid shipping default links to outdated packages.
> > > > > > > >
> > > > > > > > I think this is one of things that are very hard to do
> between
> > > > > > releases,
> > > > > > > so
> > > > > > > > I think this dependencies bumping should be a part of a
> formal
> > > > > > > > release/testing cycle, and then be backported to master.
> > > > > > > >
> > > > > > > > I could volunteer to do that myself, if we agree to merge
> these
> > > > > version
> > > > > > > > upgrades to ignite-2.8 and then re-test.
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > --
> > > > > > > > Ilya Kasnacheev
> > > > > > > >
> > > > > > > >
> > > > > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > > <arzamas123@mail.ru.invalid
> > > > > > > > >:
> > > > > > > >
> > > > > > > > >
> > > > > > > > > Igniters, i`l try to compare 2.8 release candidate vs
> 2.7.6,
> > > > > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > > > > i use yardstick benchmarks, 4 bare machine with:  2x Xeon
> > X5570
> > > > > 96Gb
> > > > > > > > 512GB
> > > > > > > > > SSD 2048GB HDD 10GB/s
> > > > > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > > > > this mappings for graphs and real yardstick tests:
> > > > > > > > >
> > > > > > > > > atomic-put: IgnitePutBenchmark
> > > > > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > > > atomic-get: IgniteGetBenchmark
> > > > > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > > > >
> > > > > > > > > cacheMode — partitioned
> > > > > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > > > 1 backup
> > > > > > > > >
> > > > > > > > > 1. wal = log_only 2. wal = none 3. persistence disabled.
> > > > > > > > > Thanks Maxim for wiki page [1]
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > [1]
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > > > >
> > > > > > > > > do we need some bisect or other work here ?
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >------- Forwarded message -------
> > > > > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > > > > >To:  dev@ignite.apache.org
> > > > > > > > > >Cc:
> > > > > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]
> > > > > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > > > >
> > > > > > > > > >Igniters,
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >It's almost a year has passed since the last major Apache
> > Ignite
> > > > > 2.7
> > > > > > > > > >has been released. We've accumulated a lot of performance
> > > > > > improvements
> > > > > > > > > >and a lot of new features which are waiting for their
> > release
> > > > > date.
> > > > > > > > > >Here is my list of the most interesting things from my
> point
> > > > since
> > > > > > the
> > > > > > > > > >last major release:
> > > > > > > > > >
> > > > > > > > > >Service Grid,
> > > > > > > > > >Monitoring,
> > > > > > > > > >Recovery Read
> > > > > > > > > >BLT auto-adjust,
> > > > > > > > > >PDS compression,
> > > > > > > > > >WAL page compression,
> > > > > > > > > >Thin client: best effort affinity,
> > > > > > > > > >Thin client: transactions support (not yet)
> > > > > > > > > >SQL query history
> > > > > > > > > >SQL statistics
> > > > > > > > > >
> > > > > > > > > >I think we should no longer wait and freeze the master
> > branch
> > > > > > anymore
> > > > > > > > > >and prepare the next major release by the end of the year.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8
> > release
> > > > and
> > > > > > also
> > > > > > > > > >I want to propose myself to be the release manager of the
> > > > planning
> > > > > > > > > >release.
> > > > > > > > > >
> > > > > > > > > >Scope Freeze: November 4, 2019
> > > > > > > > > >Code Freeze: November 18, 2019
> > > > > > > > > >Voting Date: December 10, 2019
> > > > > > > > > >Release Date: December 17, 2019
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >WDYT?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> >
> >
> >
> > --
> > Best regards,
> > Ivan Pavlukhin
> >
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Sergey Antonov <an...@gmail.com>]

+1

I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch will be
at 13 Jan

чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <vo...@gmail.com>:

> +1
>
> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
> >
> > Maxim M. and anyone who is interested,
> >
> > I suggest to include this fix to 2.8 release:
> > https://issues.apache.org/jira/browse/IGNITE-12225
> > Basically, it's a result of the following discussion:
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> >
> > The fix affects public API: IgniteCluster#readOnly methods that work with
> > boolean are replaced with ones that work with enum.
> > If we include it, we won't be obliged to keep deprecated boolean version
> of
> > API in the code (which is currently present in 2.8 branch) as it wasn't
> > published in any release.
> >
> > On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> ilya.kasnacheev@gmail.com>
> > wrote:
> >
> > > Hello!
> > >
> > > I have ran dependency checker plugin and quote the following:
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-urideploy:
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-spring:
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-spring-data:
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-aop:
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-visor-console:
> > >
> > > spring-core-4.3.18.RELEASE.jar
> > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) :
> > > CVE-2018-15756
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-spring-data_2.0:
> > >
> > > spring-core-5.0.8.RELEASE.jar
> > > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > CVE-2018-15756
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-rest-http:
> > >
> > > jetty-server-9.4.11.v20180605.jar
> > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > jackson-databind-2.9.6.jar
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-kubernetes:
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-aws:
> > >
> > > jackson-databind-2.9.6.jar
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > bcprov-ext-jdk15on-1.54.jar
> > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) : CVE-2015-6644,
> > > CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341,
> > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345,
> > > CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098,
> > > CVE-2018-1000180, CVE-2018-1000613
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-gce:
> > >
> > > httpclient-4.0.1.jar
> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > ,
> > > cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > > CVE-2014-3577, CVE-2015-5262
> > > guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-cloud:
> > >
> > > openstack-keystone-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2014,
> > > CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> CVE-2014-3520,
> > > CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> CVE-2018-20170
> > > cloudstack-2.0.0.jar (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> ,
> > > cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > > CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > > CVE-2019-5736
> > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3,
> > > cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > CVE-2019-16884, CVE-2019-5736
> > > jsch.agentproxy.core-0.0.8.jar
> > > (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > bcprov-ext-jdk15on-1.49.jar
> > > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) : CVE-2015-6644,
> > > CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000341,
> > > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345,
> > > CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000613
> > > okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-mesos:
> > >
> > > mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > jetty-server-9.4.11.v20180605.jar
> > > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > jackson-databind-2.9.6.jar
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-kafka:
> > >
> > > kafka-clients-2.0.1.jar (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> ,
> > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > connect-api-2.0.1.jar (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-flume:
> > >
> > > guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > jackson-core-asl-1.8.8.jar
> > > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) : CVE-2017-15095,
> > > CVE-2017-17485, CVE-2017-7525
> > > jackson-mapper-asl-1.8.8.jar
> > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > CVE-2019-16335, CVE-2019-17267
> > > commons-collections-3.2.1.jar
> > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> CVE-2015-6420,
> > > CVE-2017-15708, Remote code execution
> > > netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > > cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> CVE-2019-16869,
> > > POODLE vulnerability in SSLv3.0 support
> > > servlet-api-2.5-20110124.jar
> > > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> CVE-2005-3747,
> > > CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> CVE-2009-5049,
> > > CVE-2011-4461
> > > jetty-util-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26,
> > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > > CVE-2011-4461
> > > jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > > CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> CVE-2017-9735,
> > > CVE-2019-10241, CVE-2019-10247
> > > libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0) :
> > > CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > httpclient-4.1.3.jar
> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > ,
> > > cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > CVE-2015-5262
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-twitter:
> > >
> > > httpclient-4.2.5.jar
> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > ,
> > > cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > CVE-2015-5262
> > > guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-zookeeper:
> > >
> > > jackson-databind-2.9.8.jar
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> CVE-2019-12086,
> > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > CVE-2019-17267, CVE-2019-17531
> > > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > jackson-mapper-asl-1.9.13.jar
> > > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > netty-all-4.1.29.Final.jar (pkg:maven/io.netty/netty-all@4.1.29.Final,
> > > cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-camel:
> > >
> > > camel-core-2.22.0.jar (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > CVE-2019-0188, CVE-2019-0194
> > >
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > CVE-2019-0188, CVE-2019-0194
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-storm:
> > >
> > > storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1,
> > > cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2019-10247
> > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > > CVE-2015-5262
> > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > (pkg:maven/com.google.guava/guava@16.0.1,
> > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > (pkg:maven/io.netty/netty@3.9.0.Final,
> > > cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> CVE-2014-3488,
> > > CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0 support
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2011-4461,
> > > CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> CVE-2019-10241,
> > > CVE-2019-10247
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2011-4461,
> > > CVE-2019-10247
> > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> CVE-2016-1000031
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> CVE-2017-15713,
> > > CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> CVE-2018-1296,
> > > CVE-2018-8009, CVE-2018-8029
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-cassandra-store:
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-cassandra-serializers:
> > >
> > > commons-beanutils-1.9.2.jar
> > > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> CVE-2019-10086
> > > commons-collections-3.2.1.jar
> > > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> CVE-2015-6420,
> > > CVE-2017-15708, Remote code execution
> > > spring-core-4.3.18.RELEASE.jar
> > > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) :
> > > CVE-2018-15756
> > > netty-transport-4.1.27.Final.jar
> > > (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > > cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-flink:
> > >
> > > flink-hadoop-fs-1.5.0.jar
> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > ,
> > > cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > CVE-2017-3161, CVE-2017-3162
> > >
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > > cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> CVE-2016-4970,
> > > CVE-2019-16869
> > >
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> CVE-2017-15095,
> > > CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > > CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > > CVE-2019-17267, CVE-2019-17531
> > >
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > (pkg:maven/com.google.guava/guava@18.0,
> > > cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >
> > > One or more dependencies were identified with known vulnerabilities in
> > > ignite-rocketmq:
> > >
> > > netty-all-4.0.42.Final.jar (pkg:maven/io.netty/netty-all@4.0.42.Final,
> > > cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26,
> > > cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> CVE-2006-7196,
> > > CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> CVE-2012-5568,
> > > CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> CVE-2013-4590,
> > > CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> CVE-2014-0119,
> > > CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > >
> > > Main offenders seem to be "jackson-databind" and old maintenance
> releases
> > > of Spring. I think we can bump most of that.
> > >
> > > Some integrations also clearly suffer, through it's a problem of their
> > > users, since they need to declare their own libraries' versions by
> > > convention.
> > >
> > > Regards,
> > > --
> > > Ilya Kasnacheev
> > >
> > >
> > > пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
> > >
> > > > Ilya, no I see, thanks for the explanation. Agree with you, let's
> update
> > > > the versions of the dependencies to the latest.
> > > >
> > > > -
> > > > Denis
> > > >
> > > >
> > > > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > ilya.kasnacheev@gmail.com>
> > > > wrote:
> > > >
> > > > > Hello!
> > > > >
> > > > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > >
> > > > > By bumping versisons I mean the following:
> > > > >         <slf4j.version>1.7.*7*</slf4j.version>
> > > > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > >         <snappy.version>1.1.7.*2*</snappy.version>
> > > > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > >         <spark.version>2.3.*0*</spark.version>
> > > > >
>  <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > <!--
> > > > > don't forget to update spring version -->
> > > > >         <spring.version>4.3.*18*.RELEASE</spring.version><!-- don't
> > > > forget
> > > > > to update spring-data version -->
> > > > >
> > > >  <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > <!-- don't forget to update spring-5.0 version -->
> > > > >
>  <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > don't
> > > > > forget to update spring-data-2.0 version -->
> > > > >
> > > > > All these libraries have maintenance release (such as our 2.7.*6*)
> and
> > > I
> > > > > think it would be beneficial to upgrade these dependencies to the
> > > latest
> > > > > maintenance version found in Maven Central.
> > > > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Ilya Kasnacheev
> > > > >
> > > > >
> > > > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dm...@apache.org>:
> > > > >
> > > > > > A huge +1 for adding Spring Data related fixes/improvements.
> Ilya is
> > > > > right
> > > > > > that Spring Data related questions sparked last time due to
> missing
> > > > > support
> > > > > > of 2.2 version.
> > > > > >
> > > > > > Ilya, could you elaborate on what you mean under "bumping the
> > > > versions"?
> > > > > Do
> > > > > > you suggest performing a straightforward upgrade of
> > > > "ignite-spring-data"
> > > > > to
> > > > > > version 2.2 and introducing "ignite-spring-data-{old-version"}
> for
> > > the
> > > > > > previous versions? If it's so, I fully agree with the proposal.
> > > > > >
> > > > > > -
> > > > > > Denis
> > > > > >
> > > > > >
> > > > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > ilya.kasnacheev@gmail.com
> > > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Hello!
> > > > > > >
> > > > > > > I propose to add the following ticket to the scope:
> > > > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3
> commits, be
> > > > > > careful
> > > > > > > with release version)
> > > > > > >
> > > > > > > Adding tickets to scope surely seems crazy now, but I will
> provide
> > > > the
> > > > > > > following considerations:
> > > > > > > * This is Spring Data 2.2 integration, which we currently do
> not
> > > > have,
> > > > > > > leading to lots of confused questions on stack overflow and
> mailing
> > > > > list.
> > > > > > > Spring Data is important to our public image since many people
> may
> > > > > learn
> > > > > > > about out project by starting with Spring Data.
> > > > > > >
> > > > > > > * It has zero code impact outside of its own module (just 2 POM
> > > file
> > > > > > > touched and that's all).
> > > > > > >
> > > > > > > * The core was ready since early November but, due to gmail
> quirk,
> > > we
> > > > > did
> > > > > > > not react to it in time.
> > > > > > >
> > > > > > > WDYT?
> > > > > > >
> > > > > > > Another semi-related question. *Should we bump our
> dependencies'
> > > > > versions
> > > > > > > before releasing 2.8?* I talk mainly about spring and hibernate
> > > > > > > dependencies. We could switch them to their latest maintenance
> > > > versions
> > > > > > to
> > > > > > > avoid shipping default links to outdated packages.
> > > > > > >
> > > > > > > I think this is one of things that are very hard to do between
> > > > > releases,
> > > > > > so
> > > > > > > I think this dependencies bumping should be a part of a formal
> > > > > > > release/testing cycle, and then be backported to master.
> > > > > > >
> > > > > > > I could volunteer to do that myself, if we agree to merge these
> > > > version
> > > > > > > upgrades to ignite-2.8 and then re-test.
> > > > > > >
> > > > > > > Regards,
> > > > > > > --
> > > > > > > Ilya Kasnacheev
> > > > > > >
> > > > > > >
> > > > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > <arzamas123@mail.ru.invalid
> > > > > > > >:
> > > > > > >
> > > > > > > >
> > > > > > > > Igniters, i`l try to compare 2.8 release candidate vs 2.7.6,
> > > > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > > > i use yardstick benchmarks, 4 bare machine with:  2x Xeon
> X5570
> > > > 96Gb
> > > > > > > 512GB
> > > > > > > > SSD 2048GB HDD 10GB/s
> > > > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > > > this mappings for graphs and real yardstick tests:
> > > > > > > >
> > > > > > > > atomic-put: IgnitePutBenchmark
> > > > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > > atomic-get: IgniteGetBenchmark
> > > > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > > >
> > > > > > > > cacheMode — partitioned
> > > > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > > 1 backup
> > > > > > > >
> > > > > > > > 1. wal = log_only 2. wal = none 3. persistence disabled.
> > > > > > > > Thanks Maxim for wiki page [1]
> > > > > > > >
> > > > > > > >
> > > > > > > > [1]
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > > >
> > > > > > > > do we need some bisect or other work here ?
> > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >------- Forwarded message -------
> > > > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > > > >To:  dev@ignite.apache.org
> > > > > > > > >Cc:
> > > > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]
> > > > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > > >
> > > > > > > > >Igniters,
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >It's almost a year has passed since the last major Apache
> Ignite
> > > > 2.7
> > > > > > > > >has been released. We've accumulated a lot of performance
> > > > > improvements
> > > > > > > > >and a lot of new features which are waiting for their
> release
> > > > date.
> > > > > > > > >Here is my list of the most interesting things from my point
> > > since
> > > > > the
> > > > > > > > >last major release:
> > > > > > > > >
> > > > > > > > >Service Grid,
> > > > > > > > >Monitoring,
> > > > > > > > >Recovery Read
> > > > > > > > >BLT auto-adjust,
> > > > > > > > >PDS compression,
> > > > > > > > >WAL page compression,
> > > > > > > > >Thin client: best effort affinity,
> > > > > > > > >Thin client: transactions support (not yet)
> > > > > > > > >SQL query history
> > > > > > > > >SQL statistics
> > > > > > > > >
> > > > > > > > >I think we should no longer wait and freeze the master
> branch
> > > > > anymore
> > > > > > > > >and prepare the next major release by the end of the year.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8
> release
> > > and
> > > > > also
> > > > > > > > >I want to propose myself to be the release manager of the
> > > planning
> > > > > > > > >release.
> > > > > > > > >
> > > > > > > > >Scope Freeze: November 4, 2019
> > > > > > > > >Code Freeze: November 18, 2019
> > > > > > > > >Voting Date: December 10, 2019
> > > > > > > > >Release Date: December 17, 2019
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >WDYT?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
>
>
>
> --
> Best regards,
> Ivan Pavlukhin
>

Re: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

[Ivan Pavlukhin <vo...@gmail.com>]

+1

чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <iv...@gmail.com>:
>
> Maxim M. and anyone who is interested,
>
> I suggest to include this fix to 2.8 release:
> https://issues.apache.org/jira/browse/IGNITE-12225
> Basically, it's a result of the following discussion:
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
>
> The fix affects public API: IgniteCluster#readOnly methods that work with
> boolean are replaced with ones that work with enum.
> If we include it, we won't be obliged to keep deprecated boolean version of
> API in the code (which is currently present in 2.8 branch) as it wasn't
> published in any release.
>
> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <il...@gmail.com>
> wrote:
>
> > Hello!
> >
> > I have ran dependency checker plugin and quote the following:
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-urideploy:
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-spring:
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-spring-data:
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-aop:
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-visor-console:
> >
> > spring-core-4.3.18.RELEASE.jar
> > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) :
> > CVE-2018-15756
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-spring-data_2.0:
> >
> > spring-core-5.0.8.RELEASE.jar
> > (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE,
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > CVE-2018-15756
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-rest-http:
> >
> > jetty-server-9.4.11.v20180605.jar
> > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > jackson-databind-2.9.6.jar
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-kubernetes:
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-aws:
> >
> > jackson-databind-2.9.6.jar
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > bcprov-ext-jdk15on-1.54.jar
> > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) : CVE-2015-6644,
> > CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341,
> > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345,
> > CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098,
> > CVE-2018-1000180, CVE-2018-1000613
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-gce:
> >
> > httpclient-4.0.1.jar (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > ,
> > cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > CVE-2014-3577, CVE-2015-5262
> > guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-cloud:
> >
> > openstack-keystone-2.0.0.jar
> > (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2014,
> > CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476, CVE-2014-3520,
> > CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432, CVE-2018-20170
> > cloudstack-2.0.0.jar (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0,
> > cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > CVE-2019-5736
> > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3,
> > cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > CVE-2019-16884, CVE-2019-5736
> > jsch.agentproxy.core-0.0.8.jar
> > (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > bcprov-ext-jdk15on-1.49.jar
> > (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) : CVE-2015-6644,
> > CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000341,
> > CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345,
> > CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000613
> > okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-mesos:
> >
> > mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > jetty-server-9.4.11.v20180605.jar
> > (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > jackson-databind-2.9.6.jar
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-kafka:
> >
> > kafka-clients-2.0.1.jar (pkg:maven/org.apache.kafka/kafka-clients@2.0.1,
> > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > connect-api-2.0.1.jar (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-flume:
> >
> > guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > jackson-core-asl-1.8.8.jar
> > (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) : CVE-2017-15095,
> > CVE-2017-17485, CVE-2017-7525
> > jackson-mapper-asl-1.8.8.jar
> > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > CVE-2019-16335, CVE-2019-17267
> > commons-collections-3.2.1.jar
> > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : CVE-2015-6420,
> > CVE-2017-15708, Remote code execution
> > netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final,
> > cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156, CVE-2019-16869,
> > POODLE vulnerability in SSLv3.0 support
> > servlet-api-2.5-20110124.jar
> > (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) : CVE-2005-3747,
> > CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048, CVE-2009-5049,
> > CVE-2011-4461
> > jetty-util-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26,
> > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > CVE-2011-4461
> > jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : CVE-2009-1523,
> > CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > CVE-2019-10241, CVE-2019-10247
> > libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0) :
> > CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > httpclient-4.1.3.jar (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > ,
> > cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > CVE-2015-5262
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-twitter:
> >
> > httpclient-4.2.5.jar (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > ,
> > cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > CVE-2015-5262
> > guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-zookeeper:
> >
> > jackson-databind-2.9.8.jar
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) : CVE-2019-12086,
> > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > CVE-2019-17267, CVE-2019-17531
> > guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > jackson-mapper-asl-1.9.13.jar
> > (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > netty-all-4.1.29.Final.jar (pkg:maven/io.netty/netty-all@4.1.29.Final,
> > cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-camel:
> >
> > camel-core-2.22.0.jar (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > CVE-2019-0188, CVE-2019-0194
> >
> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > CVE-2019-0188, CVE-2019-0194
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-storm:
> >
> > storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1,
> > cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2019-10247
> >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > CVE-2015-5262
> > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > (pkg:maven/com.google.guava/guava@16.0.1,
> > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > (pkg:maven/io.netty/netty@3.9.0.Final,
> > cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193, CVE-2014-3488,
> > CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0 support
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2011-4461,
> > CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735, CVE-2019-10241,
> > CVE-2019-10247
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : CVE-2011-4461,
> > CVE-2019-10247
> >
> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) : CVE-2016-1000031
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811, CVE-2017-15713,
> > CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768, CVE-2018-1296,
> > CVE-2018-8009, CVE-2018-8029
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-cassandra-store:
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-cassandra-serializers:
> >
> > commons-beanutils-1.9.2.jar
> > (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) : CVE-2019-10086
> > commons-collections-3.2.1.jar
> > (pkg:maven/commons-collections/commons-collections@3.2.1,
> > cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : CVE-2015-6420,
> > CVE-2017-15708, Remote code execution
> > spring-core-4.3.18.RELEASE.jar
> > (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE,
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) :
> > CVE-2018-15756
> > netty-transport-4.1.27.Final.jar
> > (pkg:maven/io.netty/netty-transport@4.1.27.Final,
> > cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-flink:
> >
> > flink-hadoop-fs-1.5.0.jar (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > ,
> > cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > CVE-2017-3161, CVE-2017-3162
> >
> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > (pkg:maven/io.netty/netty-all@4.0.27.Final,
> > cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156, CVE-2016-4970,
> > CVE-2019-16869
> >
> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) : CVE-2017-15095,
> > CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > CVE-2019-17267, CVE-2019-17531
> >
> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > (pkg:maven/com.google.guava/guava@18.0,
> > cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >
> > One or more dependencies were identified with known vulnerabilities in
> > ignite-rocketmq:
> >
> > netty-all-4.0.42.Final.jar (pkg:maven/io.netty/netty-all@4.0.42.Final,
> > cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26,
> > cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838, CVE-2006-7196,
> > CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696, CVE-2012-5568,
> > CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444, CVE-2013-4590,
> > CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119,
> > CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> >
> > Main offenders seem to be "jackson-databind" and old maintenance releases
> > of Spring. I think we can bump most of that.
> >
> > Some integrations also clearly suffer, through it's a problem of their
> > users, since they need to declare their own libraries' versions by
> > convention.
> >
> > Regards,
> > --
> > Ilya Kasnacheev
> >
> >
> > пт, 27 дек. 2019 г. в 23:59, Denis Magda <dm...@apache.org>:
> >
> > > Ilya, no I see, thanks for the explanation. Agree with you, let's update
> > > the versions of the dependencies to the latest.
> > >
> > > -
> > > Denis
> > >
> > >
> > > On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > ilya.kasnacheev@gmail.com>
> > > wrote:
> > >
> > > > Hello!
> > > >
> > > > I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > >
> > > > By bumping versisons I mean the following:
> > > >         <slf4j.version>1.7.*7*</slf4j.version>
> > > >         <slf4j16.version>1.6.*4*</slf4j16.version>
> > > >         <snappy.version>1.1.7.*2*</snappy.version>
> > > >         <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > >         <spark.version>2.3.*0*</spark.version>
> > > >         <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > <!--
> > > > don't forget to update spring version -->
> > > >         <spring.version>4.3.*18*.RELEASE</spring.version><!-- don't
> > > forget
> > > > to update spring-data version -->
> > > >
> > >  <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > <!-- don't forget to update spring-5.0 version -->
> > > >         <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > don't
> > > > forget to update spring-data-2.0 version -->
> > > >
> > > > All these libraries have maintenance release (such as our 2.7.*6*) and
> > I
> > > > think it would be beneficial to upgrade these dependencies to the
> > latest
> > > > maintenance version found in Maven Central.
> > > > For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > >
> > > > Regards,
> > > > --
> > > > Ilya Kasnacheev
> > > >
> > > >
> > > > чт, 26 дек. 2019 г. в 19:32, Denis Magda <dm...@apache.org>:
> > > >
> > > > > A huge +1 for adding Spring Data related fixes/improvements. Ilya is
> > > > right
> > > > > that Spring Data related questions sparked last time due to missing
> > > > support
> > > > > of 2.2 version.
> > > > >
> > > > > Ilya, could you elaborate on what you mean under "bumping the
> > > versions"?
> > > > Do
> > > > > you suggest performing a straightforward upgrade of
> > > "ignite-spring-data"
> > > > to
> > > > > version 2.2 and introducing "ignite-spring-data-{old-version"} for
> > the
> > > > > previous versions? If it's so, I fully agree with the proposal.
> > > > >
> > > > > -
> > > > > Denis
> > > > >
> > > > >
> > > > > On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > ilya.kasnacheev@gmail.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > Hello!
> > > > > >
> > > > > > I propose to add the following ticket to the scope:
> > > > > > https://issues.apache.org/jira/browse/IGNITE-12259 (3 commits, be
> > > > > careful
> > > > > > with release version)
> > > > > >
> > > > > > Adding tickets to scope surely seems crazy now, but I will provide
> > > the
> > > > > > following considerations:
> > > > > > * This is Spring Data 2.2 integration, which we currently do not
> > > have,
> > > > > > leading to lots of confused questions on stack overflow and mailing
> > > > list.
> > > > > > Spring Data is important to our public image since many people may
> > > > learn
> > > > > > about out project by starting with Spring Data.
> > > > > >
> > > > > > * It has zero code impact outside of its own module (just 2 POM
> > file
> > > > > > touched and that's all).
> > > > > >
> > > > > > * The core was ready since early November but, due to gmail quirk,
> > we
> > > > did
> > > > > > not react to it in time.
> > > > > >
> > > > > > WDYT?
> > > > > >
> > > > > > Another semi-related question. *Should we bump our dependencies'
> > > > versions
> > > > > > before releasing 2.8?* I talk mainly about spring and hibernate
> > > > > > dependencies. We could switch them to their latest maintenance
> > > versions
> > > > > to
> > > > > > avoid shipping default links to outdated packages.
> > > > > >
> > > > > > I think this is one of things that are very hard to do between
> > > > releases,
> > > > > so
> > > > > > I think this dependencies bumping should be a part of a formal
> > > > > > release/testing cycle, and then be backported to master.
> > > > > >
> > > > > > I could volunteer to do that myself, if we agree to merge these
> > > version
> > > > > > upgrades to ignite-2.8 and then re-test.
> > > > > >
> > > > > > Regards,
> > > > > > --
> > > > > > Ilya Kasnacheev
> > > > > >
> > > > > >
> > > > > > вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > <arzamas123@mail.ru.invalid
> > > > > > >:
> > > > > >
> > > > > > >
> > > > > > > Igniters, i`l try to compare 2.8 release candidate vs 2.7.6,
> > > > > > > last sha 2.8 was build from :  9d114f3137f92aebc2562a
> > > > > > > i use yardstick benchmarks, 4 bare machine with:  2x Xeon X5570
> > > 96Gb
> > > > > > 512GB
> > > > > > > SSD 2048GB HDD 10GB/s
> > > > > > > 1 for  client (driver) and 3 for servers.
> > > > > > > this mappings for graphs and real yardstick tests:
> > > > > > >
> > > > > > > atomic-put: IgnitePutBenchmark
> > > > > > > sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > > atomic-get: IgniteGetBenchmark
> > > > > > > tx-get: IgniteGetTxBenchmark
> > > > > > > tx-put: IgnitePutTxBenchmark
> > > > > > > atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > > tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > >
> > > > > > > cacheMode — partitioned
> > > > > > > CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > > 1 backup
> > > > > > >
> > > > > > > 1. wal = log_only 2. wal = none 3. persistence disabled.
> > > > > > > Thanks Maxim for wiki page [1]
> > > > > > >
> > > > > > >
> > > > > > > [1]
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > >
> > > > > > > do we need some bisect or other work here ?
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >------- Forwarded message -------
> > > > > > > >From: "Maxim Muzafarov" < mmuzaf@apache.org >
> > > > > > > >To:  dev@ignite.apache.org
> > > > > > > >Cc:
> > > > > > > >Subject: Apache Ignite 2.8 RELEASE [Time, Scope, Manager]
> > > > > > > >Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > > >
> > > > > > > >Igniters,
> > > > > > > >
> > > > > > > >
> > > > > > > >It's almost a year has passed since the last major Apache Ignite
> > > 2.7
> > > > > > > >has been released. We've accumulated a lot of performance
> > > > improvements
> > > > > > > >and a lot of new features which are waiting for their release
> > > date.
> > > > > > > >Here is my list of the most interesting things from my point
> > since
> > > > the
> > > > > > > >last major release:
> > > > > > > >
> > > > > > > >Service Grid,
> > > > > > > >Monitoring,
> > > > > > > >Recovery Read
> > > > > > > >BLT auto-adjust,
> > > > > > > >PDS compression,
> > > > > > > >WAL page compression,
> > > > > > > >Thin client: best effort affinity,
> > > > > > > >Thin client: transactions support (not yet)
> > > > > > > >SQL query history
> > > > > > > >SQL statistics
> > > > > > > >
> > > > > > > >I think we should no longer wait and freeze the master branch
> > > > anymore
> > > > > > > >and prepare the next major release by the end of the year.
> > > > > > > >
> > > > > > > >
> > > > > > > >I propose to discuss Time, Scope of Apache Ignite 2.8 release
> > and
> > > > also
> > > > > > > >I want to propose myself to be the release manager of the
> > planning
> > > > > > > >release.
> > > > > > > >
> > > > > > > >Scope Freeze: November 4, 2019
> > > > > > > >Code Freeze: November 18, 2019
> > > > > > > >Voting Date: December 10, 2019
> > > > > > > >Release Date: December 17, 2019
> > > > > > > >
> > > > > > > >
> > > > > > > >WDYT?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >



-- 
Best regards,
Ivan Pavlukhin