[jira] [Commented] (OAK-10731) oak-pojosr: remove unused gmongo dependency

2024-03-28 Thread Julian Reschke (Jira) 


[ 
https://issues.apache.org/jira/browse/OAK-10731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17831872#comment-17831872
 ] 

Julian Reschke commented on OAK-10731:
--

trunk: 
[d4bd2d729a|https://github.com/apache/jackrabbit-oak/commit/d4bd2d729aa861d5c216108f95b50c87fdab104a]

> oak-pojosr: remove unused gmongo dependency
> ---
>
> Key: OAK-10731
> URL: https://issues.apache.org/jira/browse/OAK-10731
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: pojosr
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Trivial
>  Labels: candidate_oak_1_22
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (OAK-10731) oak-pojosr: remove unused gmongo dependency

2024-03-28 Thread Julian Reschke (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Reschke resolved OAK-10731.
--
Fix Version/s: 1.62.0
   Resolution: Fixed

> oak-pojosr: remove unused gmongo dependency
> ---
>
> Key: OAK-10731
> URL: https://issues.apache.org/jira/browse/OAK-10731
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: pojosr
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Trivial
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10731) oak-pojosr: remove unused gmongo dependency

2024-03-28 Thread Julian Reschke (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Reschke updated OAK-10731:
-
Labels: candidate_oak_1_22  (was: )

> oak-pojosr: remove unused gmongo dependency
> ---
>
> Key: OAK-10731
> URL: https://issues.apache.org/jira/browse/OAK-10731
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: pojosr
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Trivial
>  Labels: candidate_oak_1_22
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10731) oak-pojosr: remove unused gmongo dependency

2024-03-28 Thread Julian Reschke (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Reschke updated OAK-10731:
-
Component/s: pojosr

> oak-pojosr: remove unused gmongo dependency
> ---
>
> Key: OAK-10731
> URL: https://issues.apache.org/jira/browse/OAK-10731
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: pojosr
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Trivial
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Moved] (OAK-10731) oak-pojosr: remove unused gmongo dependency

2024-03-28 Thread Julian Reschke (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Reschke moved JCR-5043 to OAK-10731:
---

 Key: OAK-10731  (was: JCR-5043)
Workflow: no-reopen-closed  (was: no-reopen-closed, patch-avail)
 Project: Jackrabbit Oak  (was: Jackrabbit Content Repository)

> oak-pojosr: remove unused gmongo dependency
> ---
>
> Key: OAK-10731
> URL: https://issues.apache.org/jira/browse/OAK-10731
> Project: Jackrabbit Oak
>  Issue Type: Task
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Trivial
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (OAK-10730) Log MongoException previously swallowed

2024-03-28 Thread Stefan Egli (Jira) 
Stefan Egli created OAK-10730:
-

 Summary: Log MongoException previously swallowed
 Key: OAK-10730
 URL: https://issues.apache.org/jira/browse/OAK-10730
 Project: Jackrabbit Oak
  Issue Type: Task
  Components: documentmk
Reporter: Stefan Egli


In 
[MongoDocumentStore.create|https://github.com/apache/jackrabbit-oak/blob/2e996d78f0a565b17287af5691f2c1be7d2e925d/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentStore.java#L1754-L1756]
 a MongoException is silently swallowed.

This code is quite ancient - it was created in svn revision 
[1451586|https://svn.apache.org/viewvc?view=revision=1451586] - we 
might thus want to be careful not to cause noise in a case where this 
swallowing was legitimate.

I would thus suggest to start logging this at debug or info.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (OAK-10719) oak-lucene uses Lucene version that can throw a StackOverflowException

2024-03-28 Thread Julian Reschke (Jira) 


[ 
https://issues.apache.org/jira/browse/OAK-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17830914#comment-17830914
 ] 

Julian Reschke edited comment on OAK-10719 at 3/28/24 11:06 AM:


Question: if we stick with the "copy the source and fix it approach" - maybe we 
can get away with copying the source of just the affected class? (to be tested)


was (Author: reschke):
Question: if we stick with the "copy the source and fix it approach" - maybe we 
cab get away with copying the source of just the affected class? (to be tested)

> oak-lucene uses Lucene version that can throw a StackOverflowException
> --
>
> Key: OAK-10719
> URL: https://issues.apache.org/jira/browse/OAK-10719
> Project: Jackrabbit Oak
>  Issue Type: Bug
>  Components: lucene
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Major
>
> See .
> Analysis so far:
> - oak-lucene uses lucene-core (4.7.2) (see OAK-10716); that version has 
> reached EOL a long time ago
> - the lucene version can in some cases throw a StackOverflowException, see 
> OAK-10713
> - oak-lucene *embeds* and *exports* lucene-core
> - update to version >= 4.8 non-trivial due to backwards compat breakage
> Work in :
> - inlined lucene-core as of git tag "releases/lucene-solr/4.7.2" into 
> oak-lucene
> - fixed two JDK11 compile issues (potentially uninitialized vars in finally 
> block) 
> - backported fix from https://github.com/apache/lucene/issues/11537
> - enable test added in OAK-10713
> - ran Oak integration tests
> Open questions:
> - Lucene 4.7.2 builds with ant/ivy - does it make sense to try to replicate 
> that
> - should we ask Lucene team for a public release (might be hard sell)
> - alternatively, as tried here, inline source code into oak-lucene (maybe add 
> explainers to all source files)
> - do we need to adopt the lucene test suite as well?
> - lucene-core dependencies in other Oak modules to be checked (seems mostly 
> for tests, or for run modules)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10713) oak-lucene: add test coverage for stack overflow based on very long and complex regexp

2024-03-28 Thread Thomas Mueller (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Mueller updated OAK-10713:
-
Summary: oak-lucene: add test coverage for stack overflow based on very 
long and complex regexp  (was: oak-lucene: add test coverage for stack overflow 
based on complex regexp)

> oak-lucene: add test coverage for stack overflow based on very long and 
> complex regexp
> --
>
> Key: OAK-10713
> URL: https://issues.apache.org/jira/browse/OAK-10713
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: lucene
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Major
>  Labels: candidate_oak_1_22
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10713) oak-lucene: add test coverage for stack overflow based on complex regexp

2024-03-28 Thread Thomas Mueller (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Mueller updated OAK-10713:
-
Summary: oak-lucene: add test coverage for stack overflow based on complex 
regexp  (was: oak-lucene: add test coverage for potential DoS attack based on 
complex regexp)

> oak-lucene: add test coverage for stack overflow based on complex regexp
> 
>
> Key: OAK-10713
> URL: https://issues.apache.org/jira/browse/OAK-10713
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: lucene
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Major
>  Labels: candidate_oak_1_22
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10719) oak-lucene uses Lucene version that can throw a StackOverflowException

2024-03-28 Thread Thomas Mueller (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Mueller updated OAK-10719:
-
Description: 
See .

Analysis so far:

- oak-lucene uses lucene-core (4.7.2) (see OAK-10716); that version has reached 
EOL a long time ago
- the lucene version can in some cases throw a StackOverflowException, see 
OAK-10713
- oak-lucene *embeds* and *exports* lucene-core
- update to version >= 4.8 non-trivial due to backwards compat breakage

Work in :

- inlined lucene-core as of git tag "releases/lucene-solr/4.7.2" into oak-lucene
- fixed two JDK11 compile issues (potentially uninitialized vars in finally 
block) 
- backported fix from https://github.com/apache/lucene/issues/11537
- enable test added in OAK-10713
- ran Oak integration tests

Open questions:

- Lucene 4.7.2 builds with ant/ivy - does it make sense to try to replicate that
- should we ask Lucene team for a public release (might be hard sell)
- alternatively, as tried here, inline source code into oak-lucene (maybe add 
explainers to all source files)
- do we need to adopt the lucene test suite as well?
- lucene-core dependencies in other Oak modules to be checked (seems mostly for 
tests, or for run modules)





  was:
See .

Analysis so far:

- oak-lucene uses lucene-core (4.7.2) (see OAK-10716); that version has reached 
EOL a long time ago
- the version is vulnerable to an DoS attack (regexp stack overflow), see 
OAK-10713
- oak-lucene *embeds* and *exports* lucene-core
- update to version >= 4.8 non-trivial due to backwards compat breakage

Work in :

- inlined lucene-core as of git tag "releases/lucene-solr/4.7.2" into oak-lucene
- fixed two JDK11 compile issues (potentially uninitialized vars in finally 
block) 
- backported fix from https://github.com/apache/lucene/issues/11537
- enable test added in OAK-10713
- ran Oak integration tests

Open questions:

- Lucene 4.7.2 builds with ant/ivy - does it make sense to try to replicate that
- should we ask Lucene team for a public release (might be hard sell)
- alternatively, as tried here, inline source code into oak-lucene (maybe add 
explainers to all source files)
- do we need to adopt the lucene test suite as well?
- lucene-core dependencies in other Oak modules to be checked (seems mostly for 
tests, or for run modules)






> oak-lucene uses Lucene version that can throw a StackOverflowException
> --
>
> Key: OAK-10719
> URL: https://issues.apache.org/jira/browse/OAK-10719
> Project: Jackrabbit Oak
>  Issue Type: Bug
>  Components: lucene
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Major
>
> See .
> Analysis so far:
> - oak-lucene uses lucene-core (4.7.2) (see OAK-10716); that version has 
> reached EOL a long time ago
> - the lucene version can in some cases throw a StackOverflowException, see 
> OAK-10713
> - oak-lucene *embeds* and *exports* lucene-core
> - update to version >= 4.8 non-trivial due to backwards compat breakage
> Work in :
> - inlined lucene-core as of git tag "releases/lucene-solr/4.7.2" into 
> oak-lucene
> - fixed two JDK11 compile issues (potentially uninitialized vars in finally 
> block) 
> - backported fix from https://github.com/apache/lucene/issues/11537
> - enable test added in OAK-10713
> - ran Oak integration tests
> Open questions:
> - Lucene 4.7.2 builds with ant/ivy - does it make sense to try to replicate 
> that
> - should we ask Lucene team for a public release (might be hard sell)
> - alternatively, as tried here, inline source code into oak-lucene (maybe add 
> explainers to all source files)
> - do we need to adopt the lucene test suite as well?
> - lucene-core dependencies in other Oak modules to be checked (seems mostly 
> for tests, or for run modules)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10719) oak-lucene uses lucene version that can throw a StackOverflowException

2024-03-28 Thread Thomas Mueller (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Mueller updated OAK-10719:
-
Summary: oak-lucene uses lucene version that can throw a 
StackOverflowException  (was: oak-lucene uses lucene version vulnerable to DoS 
attack)

> oak-lucene uses lucene version that can throw a StackOverflowException
> --
>
> Key: OAK-10719
> URL: https://issues.apache.org/jira/browse/OAK-10719
> Project: Jackrabbit Oak
>  Issue Type: Bug
>  Components: lucene
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Major
>
> See .
> Analysis so far:
> - oak-lucene uses lucene-core (4.7.2) (see OAK-10716); that version has 
> reached EOL a long time ago
> - the version is vulnerable to an DoS attack (regexp stack overflow), see 
> OAK-10713
> - oak-lucene *embeds* and *exports* lucene-core
> - update to version >= 4.8 non-trivial due to backwards compat breakage
> Work in :
> - inlined lucene-core as of git tag "releases/lucene-solr/4.7.2" into 
> oak-lucene
> - fixed two JDK11 compile issues (potentially uninitialized vars in finally 
> block) 
> - backported fix from https://github.com/apache/lucene/issues/11537
> - enable test added in OAK-10713
> - ran Oak integration tests
> Open questions:
> - Lucene 4.7.2 builds with ant/ivy - does it make sense to try to replicate 
> that
> - should we ask Lucene team for a public release (might be hard sell)
> - alternatively, as tried here, inline source code into oak-lucene (maybe add 
> explainers to all source files)
> - do we need to adopt the lucene test suite as well?
> - lucene-core dependencies in other Oak modules to be checked (seems mostly 
> for tests, or for run modules)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10719) oak-lucene uses Lucene version that can throw a StackOverflowException

2024-03-28 Thread Thomas Mueller (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Mueller updated OAK-10719:
-
Summary: oak-lucene uses Lucene version that can throw a 
StackOverflowException  (was: oak-lucene uses lucene version that can throw a 
StackOverflowException)

> oak-lucene uses Lucene version that can throw a StackOverflowException
> --
>
> Key: OAK-10719
> URL: https://issues.apache.org/jira/browse/OAK-10719
> Project: Jackrabbit Oak
>  Issue Type: Bug
>  Components: lucene
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Major
>
> See .
> Analysis so far:
> - oak-lucene uses lucene-core (4.7.2) (see OAK-10716); that version has 
> reached EOL a long time ago
> - the version is vulnerable to an DoS attack (regexp stack overflow), see 
> OAK-10713
> - oak-lucene *embeds* and *exports* lucene-core
> - update to version >= 4.8 non-trivial due to backwards compat breakage
> Work in :
> - inlined lucene-core as of git tag "releases/lucene-solr/4.7.2" into 
> oak-lucene
> - fixed two JDK11 compile issues (potentially uninitialized vars in finally 
> block) 
> - backported fix from https://github.com/apache/lucene/issues/11537
> - enable test added in OAK-10713
> - ran Oak integration tests
> Open questions:
> - Lucene 4.7.2 builds with ant/ivy - does it make sense to try to replicate 
> that
> - should we ask Lucene team for a public release (might be hard sell)
> - alternatively, as tried here, inline source code into oak-lucene (maybe add 
> explainers to all source files)
> - do we need to adopt the lucene test suite as well?
> - lucene-core dependencies in other Oak modules to be checked (seems mostly 
> for tests, or for run modules)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OAK-10729) update groovy dependency to 3.0.21

2024-03-28 Thread Julian Reschke (Jira) 


[ 
https://issues.apache.org/jira/browse/OAK-10729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17831706#comment-17831706
 ] 

Julian Reschke commented on OAK-10729:
--

trunk: 
[97c59b9e29|https://github.com/apache/jackrabbit-oak/commit/97c59b9e29d5758bc8621a1cf3f3038bee5eb841]

> update groovy dependency to 3.0.21
> --
>
> Key: OAK-10729
> URL: https://issues.apache.org/jira/browse/OAK-10729
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: pojosr, run
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Minor
>  Labels: candidate_oak_1_22
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (OAK-10729) update groovy dependency to 3.0.21

2024-03-28 Thread Julian Reschke (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Reschke resolved OAK-10729.
--
Resolution: Fixed

> update groovy dependency to 3.0.21
> --
>
> Key: OAK-10729
> URL: https://issues.apache.org/jira/browse/OAK-10729
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: pojosr, run
>Reporter: Julian Reschke
>Assignee: Julian Reschke
>Priority: Minor
>  Labels: candidate_oak_1_22
> Fix For: 1.62.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (OAK-10727) log revisionDetailedGcType

2024-03-28 Thread Stefan Egli (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Egli resolved OAK-10727.
---
Resolution: Done

PR merged, marking done

> log revisionDetailedGcType
> --
>
> Key: OAK-10727
> URL: https://issues.apache.org/jira/browse/OAK-10727
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: documentmk
>Reporter: Stefan Egli
>Assignee: Stefan Egli
>Priority: Major
>  Labels: DetailedGC
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (OAK-10728) embedded verification fails if id is from long path

2024-03-28 Thread Stefan Egli (Jira) 


 [ 
https://issues.apache.org/jira/browse/OAK-10728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Egli resolved OAK-10728.
---
Resolution: Done

PR merged, thx for reviews, marking done

> embedded verification fails if id is from long path
> ---
>
> Key: OAK-10728
> URL: https://issues.apache.org/jira/browse/OAK-10728
> Project: Jackrabbit Oak
>  Issue Type: Task
>  Components: documentmk
>Reporter: Stefan Egli
>Assignee: Stefan Egli
>Priority: Major
>  Labels: DetailedGC
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)