Is it documented somewhere how to set up a Jenkins config to run Lucene/Solr tests? We have no Jenkinsfile.
~ David Smiley Apache Lucene/Solr Search Developer http://www.linkedin.com/in/davidwsmiley On Tue, Mar 26, 2019 at 6:13 AM Ishan Chattopadhyaya < ichattopadhy...@gmail.com> wrote: > I've setup a Jenkins for branch 6.6, > http://threadripper.dnsabr.com:8080/job/Solr_6_6/ > > On Tue 26 Mar, 2019, 10:14 AM Tomás Fernández Löbbe, < > tomasflo...@gmail.com> wrote: > >> Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch >> too. >> >> On Mon, Mar 25, 2019 at 12:13 AM Ishan Chattopadhyaya < >> ichattopadhy...@gmail.com> wrote: >> >>> Hi, >>> I have backported the following: >>> SOLR-10506 (Memory leak) >>> SOLR-12770 ("shards" security fix) >>> SOLR-12514 (Authorization plugin skipped on nodes where collection not >>> present) >>> >>> I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335 >>> (upgrade to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm >>> not attempting to upgrade it further (to 1.19 or later, for example). >>> >>> After backporting SOLR-12770 I am running the tests, and I've not >>> encountered any reproducible failures yet. However, there are some flakey >>> tests and I'm not very sure if my backporting introduced that flakiness or >>> not (the logs don't seem to indicate that), since some of those tests >>> failed even before my backporting. I'm planning to run the tests a bit >>> more to see if any reproducible failures are encountered. If all well, then >>> I'm planning to start the release process tomorrow. If there are more fixes >>> that should be backported, please let me know. Also, if someone can review >>> the branch for the backported fixes, would be very welcome. >>> >>> Thanks, >>> Ishan >>> >>> On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya < >>> ichattopadhy...@gmail.com> wrote: >>> >>>> > But I think that means we need to backport ALL known CVE issues that >>>> affects 6.x, is that your plan? >>>> That's a good point. Wasn't originally my plan, but I can port as many >>>> CVEs that I reasonably can. :-) >>>> >>>> I'm also now wondering if upgrading Tika and others in a bugfix release >>>> is a good idea. My thought is that if a user is stuck with 6x, these CVE >>>> fixes will help a lot. Hence, it makes sense to me to try to upgrade these >>>> components. >>>> >>>> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <jan....@cominvent.com> >>>> wrote: >>>> >>>>> Ok for me. But I think that means we need to backport ALL known CVE >>>>> issues that affects 6.x, is that your plan? >>>>> I'm not sure if we are also expected (by ASF) to upgrade dependencies >>>>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know? >>>>> >>>>> -- >>>>> Jan Høydahl, search solution architect >>>>> Cominvent AS - www.cominvent.com >>>>> >>>>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya < >>>>> ichattopadhy...@gmail.com>: >>>>> >>>>> Hi, >>>>> There is a severe memory leak bug, >>>>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it >>>>> to the 6x branch at the time of its resolution. >>>>> >>>>> I propose a 6.6.6 release with that fix (and any others that might be >>>>> low hanging, high severity issues). I am volunteering to be the RM for >>>>> this. >>>>> Please let me know if there are any thoughts or objections. >>>>> Regards, >>>>> Ishan >>>>> >>>>> Disclaimer: I am primarily interested in this release upon the request >>>>> of one of my clients who are impacted by this bug, and I'm proposing to do >>>>> this release on their request. >>>>> >>>>> >>>>>