[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17921742#comment-17921742
]
AlexVazquez commented on RANGER-4038:
-------------------------------------
My recurring challenge is that I don’t know how to properly test the services,
so I typically review the logs and look for anything unusual. For Usersync, I
tested deleting a user, and after restarting the service, it successfully
recreated the user. However, for KMS and Tagsync, I’ve only reviewed their logs.
I've just pushed a commit that removes some of the {{NoClassDefFoundError}}
warnings and have rechecked Usersync, KMS, and Tagsync.
In Tagsync and Usersync, I see this warning:
{code:java}
Jan 28, 2025 1:49:29 PM
org.glassfish.jersey.client.innate.inject.NonInjectionManager <init>
WARNING: Jersey-HK2 module is missing. Falling back to injection-less client.
Injection may not be supported on the client.
{code}
I believe it doesn’t matter because the Jersey client doesn’t use dependency
injection. Is that correct? [~bpatel]
Regarding plugin tests, I haven’t been able to do any. I’m trying to set up an
environment to run tests with HadoopSQL, but you know, there aren’t enough
hours in the day to get everything done...
Could you tell me which dependencies are duplicated? I need to remove them from
{{{}distro/kms.xml{}}}.
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
