[
https://issues.apache.org/jira/browse/BEAM-11227?focusedWorklogId=577862&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-577862
]
ASF GitHub Bot logged work on BEAM-11227:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 06/Apr/21 20:09
Start Date: 06/Apr/21 20:09
Worklog Time Spent: 10m
Work Description: lostluck commented on pull request #14411:
URL: https://github.com/apache/beam/pull/14411#issuecomment-814407089
Not that I'm aware of. I don't track cut times since the SDK is still
experimental.
The target was added about the time of the cut and new targets do usually
have issues. But the issue is with the target bot the underlying sdk or
container code, because that doesn't change very often (more or less why the
sdk remains experimental...)
Looking at the previous run of the phrase, it looks like the network shorted
out while go was getting the dependencies.
Task :release:go-licenses:java:dockerRun
07:20:01 # cd .; git clone -- https://go.googlesource.com/protobuf
/go/src/google.golang.org/protobuf
07:20:01 Cloning into '/go/src/google.golang.org/protobuf'...
07:20:01 error: RPC failed; curl 56 GnuTLS recv error (-54): Error in the
pull function.
07:20:01 fatal: the remote end hung up unexpectedly
07:20:01 fatal: early EOF
07:20:01 fatal: index-pack failed
07:20:01 package google.golang.org/protobuf/reflect/protoreflect: exit
status 128
07:20:01 cannot find package "google.golang.org/protobuf/runtime/protoimpl"
in any of:
But the cut could have been before the dependency copying issue was fixed.
Either way, I would ignore the failure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 577862)
Time Spent: 97h 40m (was: 97.5h)
> Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216
> ---------------------------------------------------------
>
> Key: BEAM-11227
> URL: https://issues.apache.org/jira/browse/BEAM-11227
> Project: Beam
> Issue Type: Bug
> Components: build-system
> Affects Versions: 2.21.0, 2.22.0, 2.23.0, 2.24.0, 2.25.0
> Reporter: Boury Mbodj
> Assignee: Kenneth Knowles
> Priority: P1
> Labels: apache-beam, beam
> Fix For: 2.29.0
>
> Time Spent: 97h 40m
> Remaining Estimate: 0h
>
> *+Description+**:* [Apache Beam :: Vendored Dependencies :: GRPC ::
> 1.26.0|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_26_0]
> »
> [0.3|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_26_0/0.3]
> uses the dependency Eclipse Jetty (9.2.10.v20150310), which is prone to a
> privilege escalation vulnerability. This issue (CVE-2020-27216) was published
> on 23/10/2020.
> *+Affected Versions:+*
> Eclipse Jetty versions 9.4.32.v20200930 and prior, 10.0.0.beta2 and prior
> and 11.0.0.beta2 and prior.
> *+Recommendation/+* *+Update Suggestion:+*
> Update the Eclipse Jetty dependency to version 9.4.33.v20201020,
> 10.0.0.beta3, 11.0.0.beta3 or later.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
