You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by GitBox <gi...@apache.org> on 2020/08/18 03:42:45 UTC
[GitHub] [incubator-pinot] jackjlli opened a new pull request #5888: Bump up swagger ui version to 3.18.2
jackjlli opened a new pull request #5888:
URL: https://github.com/apache/incubator-pinot/pull/5888
## Description
vulnerability: Swagger-ui before 3.18.0 is vulnerable to Reverse Tabnabbing. Setting target="_blank" on anchor tags is unsafe unless used in conjunction with the rel="noopener" attribute. Opening a link via target blank attribute can change the original page, origin policy restrictions set by the browser can be bypassed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org
[GitHub] [incubator-pinot] jackjlli commented on pull request #5888: Bump up swagger ui version to 3.18.2
Posted by GitBox <gi...@apache.org>.
jackjlli commented on pull request #5888:
URL: https://github.com/apache/incubator-pinot/pull/5888#issuecomment-675674744
Let me roll back this PR and will take a look at this
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org
[GitHub] [incubator-pinot] Jackie-Jiang commented on pull request #5888: Bump up swagger ui version to 3.18.2
Posted by GitBox <gi...@apache.org>.
Jackie-Jiang commented on pull request #5888:
URL: https://github.com/apache/incubator-pinot/pull/5888#issuecomment-675664230
Here is the stacktrace of the exception
```
Failed to start a [ CONTROLLER ] Service
java.lang.NullPointerException: null
at java.util.ArrayDeque.addLast(ArrayDeque.java:304) ~[?:?]
at java.util.ArrayDeque.add(ArrayDeque.java:495) ~[?:?]
at jdk.internal.loader.URLClassPath.<init>(URLClassPath.java:154) ~[?:?]
at jdk.internal.loader.URLClassPath.<init>(URLClassPath.java:171) ~[?:?]
at java.net.URLClassLoader.<init>(URLClassLoader.java:165) ~[?:?]
at org.apache.pinot.controller.api.ControllerAdminApiApplication.setupSwagger(ControllerAdminApiApplication.java:160) ~[pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.controller.api.ControllerAdminApiApplication.start(ControllerAdminApiApplication.java:125) ~[pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.controller.ControllerStarter.setUpPinotController(ControllerStarter.java:416) ~[pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.controller.ControllerStarter.start(ControllerStarter.java:287) ~[pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.service.PinotServiceManager.startController(PinotServiceManager.java:113) ~[pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.service.PinotServiceManager.startRole(PinotServiceManager.java:90) ~[pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.admin.command.StartServiceManagerCommand.startPinotService(StartServiceManagerCommand.java:200) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.admin.command.StartServiceManagerCommand.startPinotService(StartServiceManagerCommand.java:195) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.admin.command.StartServiceManagerCommand.execute(StartServiceManagerCommand.java:166) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.admin.command.StartControllerCommand.execute(StartControllerCommand.java:130) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.admin.command.QuickstartRunner.startControllers(QuickstartRunner.java:105) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.admin.command.QuickstartRunner.startAll(QuickstartRunner.java:140) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.Quickstart.execute(Quickstart.java:167) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
at org.apache.pinot.tools.Quickstart.main(Quickstart.java:222) [pinot-all-0.5.0-SNAPSHOT-jar-with-dependencies.jar:0.5.0-SNAPSHOT-31137f31c282c11ce70c935ffc6557dc76ec2f0e]
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org
[GitHub] [incubator-pinot] jackjlli merged pull request #5888: Bump up swagger ui version to 3.18.2
Posted by GitBox <gi...@apache.org>.
jackjlli merged pull request #5888:
URL: https://github.com/apache/incubator-pinot/pull/5888
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org
[GitHub] [incubator-pinot] codecov-commenter commented on pull request #5888: Bump up swagger ui version to 3.18.2
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on pull request #5888:
URL: https://github.com/apache/incubator-pinot/pull/5888#issuecomment-675274138
# [Codecov](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=h1) Report
> Merging [#5888](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=desc) into [master](https://codecov.io/gh/apache/incubator-pinot/commit/1beaab59b73f26c4e35f3b9bc856b03806cddf5a&el=desc) will **increase** coverage by `0.93%`.
> The diff coverage is `74.68%`.
[![Impacted file tree graph](https://codecov.io/gh/apache/incubator-pinot/pull/5888/graphs/tree.svg?width=650&height=150&src=pr&token=4ibza2ugkz)](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #5888 +/- ##
==========================================
+ Coverage 66.44% 67.38% +0.93%
==========================================
Files 1075 1181 +106
Lines 54773 61590 +6817
Branches 8168 9412 +1244
==========================================
+ Hits 36396 41500 +5104
- Misses 15700 17044 +1344
- Partials 2677 3046 +369
```
| Flag | Coverage Δ | |
|---|---|---|
| #integration | `44.07% <52.55%> (?)` | |
| #unittests | `58.65% <60.74%> (?)` | |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=tree) | Coverage Δ | |
|---|---|---|
| [...ot/broker/broker/AllowAllAccessControlFactory.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtYnJva2VyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9icm9rZXIvYnJva2VyL0FsbG93QWxsQWNjZXNzQ29udHJvbEZhY3RvcnkuamF2YQ==) | `100.00% <ø> (ø)` | |
| [.../helix/BrokerUserDefinedMessageHandlerFactory.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtYnJva2VyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9icm9rZXIvYnJva2VyL2hlbGl4L0Jyb2tlclVzZXJEZWZpbmVkTWVzc2FnZUhhbmRsZXJGYWN0b3J5LmphdmE=) | `52.83% <0.00%> (-13.84%)` | :arrow_down: |
| [...ava/org/apache/pinot/client/AbstractResultSet.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY2xpZW50cy9waW5vdC1qYXZhLWNsaWVudC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcGlub3QvY2xpZW50L0Fic3RyYWN0UmVzdWx0U2V0LmphdmE=) | `53.33% <0.00%> (-3.81%)` | :arrow_down: |
| [.../main/java/org/apache/pinot/client/Connection.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY2xpZW50cy9waW5vdC1qYXZhLWNsaWVudC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcGlub3QvY2xpZW50L0Nvbm5lY3Rpb24uamF2YQ==) | `44.44% <0.00%> (-4.40%)` | :arrow_down: |
| [.../org/apache/pinot/client/ResultTableResultSet.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY2xpZW50cy9waW5vdC1qYXZhLWNsaWVudC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcGlub3QvY2xpZW50L1Jlc3VsdFRhYmxlUmVzdWx0U2V0LmphdmE=) | `24.00% <0.00%> (-10.29%)` | :arrow_down: |
| [...g/apache/pinot/common/metrics/AbstractMetrics.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9jb21tb24vbWV0cmljcy9BYnN0cmFjdE1ldHJpY3MuamF2YQ==) | `82.57% <ø> (+7.90%)` | :arrow_up: |
| [...a/org/apache/pinot/common/metrics/BrokerGauge.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9jb21tb24vbWV0cmljcy9Ccm9rZXJHYXVnZS5qYXZh) | `91.66% <ø> (+1.66%)` | :arrow_up: |
| [...g/apache/pinot/common/metrics/ControllerMeter.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9jb21tb24vbWV0cmljcy9Db250cm9sbGVyTWV0ZXIuamF2YQ==) | `100.00% <ø> (ø)` | |
| [...mxReporterMetricsRegistryRegistrationListener.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9jb21tb24vbWV0cmljcy9KbXhSZXBvcnRlck1ldHJpY3NSZWdpc3RyeVJlZ2lzdHJhdGlvbkxpc3RlbmVyLmphdmE=) | `100.00% <ø> (ø)` | |
| [...org/apache/pinot/common/metrics/MetricsHelper.java](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree#diff-cGlub3QtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9waW5vdC9jb21tb24vbWV0cmljcy9NZXRyaWNzSGVscGVyLmphdmE=) | `50.60% <ø> (+1.85%)` | :arrow_up: |
| ... and [846 more](https://codecov.io/gh/apache/incubator-pinot/pull/5888/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=footer). Last update [87b5b77...dc62e69](https://codecov.io/gh/apache/incubator-pinot/pull/5888?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org
[GitHub] [incubator-pinot] Jackie-Jiang commented on pull request #5888: Bump up swagger ui version to 3.18.2
Posted by GitBox <gi...@apache.org>.
Jackie-Jiang commented on pull request #5888:
URL: https://github.com/apache/incubator-pinot/pull/5888#issuecomment-675663209
@jackjlli @mcvsubbu This change breaks quick-start tests on JDK 11-14. Can you please revert it and fix it accordingly? Let's make sure all the tests passed before merging
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org