Re: Solr libs duplication

Thu, 28 Apr 2016 04:53:18 -0700 

Thanks Shingai!
And while at it, if it's possible, it would be good, for security reason, to upgrade (or remember to upgrade) Hadoop libs, used in Solr component, to the 2.7.2 version. 

This is due to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1776 
which is quite recent.


I don't know (did not try) if it's possible to simply upgrade the libs or to wait for a new Solr version covering the issue. I checked the last 
available Solr version (6.0.0) does not.


For details see 
https://svn.apache.org/viewvc/ofbiz/trunk/tools/security/dependency-check/dependency-check-report.html?view=co&revision=HEAD

Thanks

Jacques


Le 28/04/2016 à 06:06, Shi Jinghai a écrit :

Thanks Christian!

I created an issue on the jars duplicated:
https://issues.apache.org/jira/browse/OFBIZ-7026

I'll remove the dupliations step by step.

Kind Regards,

Shi Jinghai

-----邮件原件-----
发件人: Christian Geisert [mailto:[email protected]]
发送时间: 2016年4月27日 18:02
收件人: [email protected]
主题: Re: Solr libs duplication

There are also duplicates with regards to framework (noticed that while
integrating Apache Camel, but didn't have time to work on it yet)

./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
./framework/base/lib/clhm-release-1.0-lru.jar

I think version 1.2 should be moved to framework.

Christian

Am 27.04.2016 11:34, schrieb Shi Jinghai:

Hi Jacques,

Obviously it's my fault :-(

The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are 
already common jars at container level. I'll remove the duplicated jars ASAP.

Kind Regards,

Shi Jinghai

-----邮件原件-----
发件人: Jacques Le Roux [mailto:[email protected]]
发送时间: 2016年4月26日 17:58
收件人: [email protected]; shi.jinghai
主题: Solr libs duplication

Hi Jinghai,

Do you think it's possible to somehow avoid these duplications in Solr 
component?

C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar


I think it must be hard (if even possible) because it's runtime dependencies, 
right?

Thanks

Jacques































					Reply via email to