[
https://issues.apache.org/jira/browse/OAK-12002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ackelcn updated OAK-12002:
--------------------------
Description:
I notice that Jackrabit OAK still uses lucene 4.7.2. This version is rather old
and suffers from various bugs, which could affect Jackrabit OAK. Several
examples are as follows:
# org.apache.lucene.store.FSDirectory.ensureCanWrite(String)
https://issues.apache.org/jira/browse/LUCENE-5906 is fixed in 5.0. This API is
called by FSDirectory.createOutput
# org.apache.lucene.util.StringHelper.equals(String,String)
https://issues.apache.org/jira/browse/LUCENE-6946 is fixed in 5.4.1. This API
is called by SortField.equals
# org.apache.lucene.util.ByteBlockPool.nextBuffer()
[https://github.com/apache/lucene/pull/12392] fixes a bug. This API is called
by
<--TermsHashPerField.add
<--TermsHashPerField.add
<--BytesRefHash.add
<--ByteBlockPool.newSlice
<--ByteBlockPool.allocSlice
<--ByteBlockPool.append
#
org.apache.lucene.codecs.CodecUtil.checkHeaderNoMagic(DataInput,String,int,int)
https://issues.apache.org/jira/browse/LUCENE-5965 is fixed in 5.0. This API is
called by
<--CodecUtil.checkHeader
<--SegmentInfos.read
<--CompoundFileDirectory.readEntries
# org.apache.lucene.util.LongBitSet.bits2words(long)
https://issues.apache.org/jira/browse/LUCENE-6409 is fixed in 5.2. This API is
called by
<--LongBitSet.ensureCapacity
<--LongBitSet.LongBitSet
<--LongBitSet.LongBitSet
# org.apache.lucene.util.LongBitSet.cardinality()
https://issues.apache.org/jira/browse/LUCENE-6427 is fixed in 5.2. This API is
called by
<--CheckIndex.checkSortedSetDocValues
<--CheckIndex.checkSortedSetDocValues
# org.apache.lucene.search.spans.NearSpansOrdered.advanceAfterOrdered()
https://issues.apache.org/jira/browse/LUCENE-6308 is fixed in 5.2. This API is
called by
<--NearSpansOrdered.next
<--NearSpansOrdered.skipTo
# org.apache.lucene.search.spans.NearSpansOrdered.stretchToOrder()
https://issues.apache.org/jira/browse/LUCENE-3229 is fixed in 4.10. This API is
called by NearSpansOrdered.advanceAfterOrdered
The above bug reports contain the details to reproduce the bugs. Hackers could
take them as a reference to trigger the bugs on OAK.
I retrieve the lucene version from oak-parent, which defines lucene version as
4.7.2. As a result, my tool checks the source files agaist this version.
However, I notice that some projects define different versions. For example,
oak-search-elastic defines it as 9.12.2. Please let me know, if you need to
check the source files against newer versions.
was:
I notice that Jackrabit OAK still uses lucene 4.7.2. This version is rather old
and suffers from various bugs, which could affect Jackrabit OAK. Several
examples are as follows:
# org.apache.lucene.store.FSDirectory.ensureCanWrite(String)
https://issues.apache.org/jira/browse/LUCENE-5906 is fixed in 5.0. This API is
called by FSDirectory.createOutput
# org.apache.lucene.util.StringHelper.equals(String,String)
https://issues.apache.org/jira/browse/LUCENE-6946 is fixed in 5.4.1. This API
is called by SortField.equals
# org.apache.lucene.util.ByteBlockPool.nextBuffer()
[https://github.com/apache/lucene/pull/12392] fixes a bug. This API is called
by
<--TermsHashPerField.add
<--TermsHashPerField.add
<--BytesRefHash.add
<--ByteBlockPool.newSlice
<--ByteBlockPool.allocSlice
<--ByteBlockPool.append
#
org.apache.lucene.codecs.CodecUtil.checkHeaderNoMagic(DataInput,String,int,int)
https://issues.apache.org/jira/browse/LUCENE-5965 is fixed in 5.0. This API is
called by
<--CodecUtil.checkHeader
<--SegmentInfos.read
<--CompoundFileDirectory.readEntries
# org.apache.lucene.util.LongBitSet.bits2words(long)
https://issues.apache.org/jira/browse/LUCENE-6409 is fixed in 5.2. This API is
called by
<--LongBitSet.ensureCapacity
<--LongBitSet.LongBitSet
<--LongBitSet.LongBitSet
# org.apache.lucene.util.LongBitSet.cardinality()
https://issues.apache.org/jira/browse/LUCENE-6427 is fixed in 5.2. This API is
called by
<--CheckIndex.checkSortedSetDocValues
<--CheckIndex.checkSortedSetDocValues
# org.apache.lucene.search.spans.NearSpansOrdered.advanceAfterOrdered()
https://issues.apache.org/jira/browse/LUCENE-6308 is fixed in 5.2. This API is
called by
<--NearSpansOrdered.next
<--NearSpansOrdered.skipTo
# org.apache.lucene.search.spans.NearSpansOrdered.stretchToOrder()
https://issues.apache.org/jira/browse/LUCENE-3229 is fixed in 4.10. This API is
called by
> Please update lucene to newer versions.
> ---------------------------------------
>
> Key: OAK-12002
> URL: https://issues.apache.org/jira/browse/OAK-12002
> Project: Jackrabbit Oak
> Issue Type: Bug
> Reporter: ackelcn
> Priority: Major
>
> I notice that Jackrabit OAK still uses lucene 4.7.2. This version is rather
> old and suffers from various bugs, which could affect Jackrabit OAK. Several
> examples are as follows:
> # org.apache.lucene.store.FSDirectory.ensureCanWrite(String)
> https://issues.apache.org/jira/browse/LUCENE-5906 is fixed in 5.0. This API
> is called by FSDirectory.createOutput
> # org.apache.lucene.util.StringHelper.equals(String,String)
> https://issues.apache.org/jira/browse/LUCENE-6946 is fixed in 5.4.1. This API
> is called by SortField.equals
> # org.apache.lucene.util.ByteBlockPool.nextBuffer()
> [https://github.com/apache/lucene/pull/12392] fixes a bug. This API is called
> by
> <--TermsHashPerField.add
> <--TermsHashPerField.add
> <--BytesRefHash.add
> <--ByteBlockPool.newSlice
> <--ByteBlockPool.allocSlice
> <--ByteBlockPool.append
> #
> org.apache.lucene.codecs.CodecUtil.checkHeaderNoMagic(DataInput,String,int,int)
> https://issues.apache.org/jira/browse/LUCENE-5965 is fixed in 5.0. This API
> is called by
> <--CodecUtil.checkHeader
> <--SegmentInfos.read
> <--CompoundFileDirectory.readEntries
> # org.apache.lucene.util.LongBitSet.bits2words(long)
> https://issues.apache.org/jira/browse/LUCENE-6409 is fixed in 5.2. This API
> is called by
> <--LongBitSet.ensureCapacity
> <--LongBitSet.LongBitSet
> <--LongBitSet.LongBitSet
> # org.apache.lucene.util.LongBitSet.cardinality()
> https://issues.apache.org/jira/browse/LUCENE-6427 is fixed in 5.2. This API
> is called by
> <--CheckIndex.checkSortedSetDocValues
> <--CheckIndex.checkSortedSetDocValues
> # org.apache.lucene.search.spans.NearSpansOrdered.advanceAfterOrdered()
> https://issues.apache.org/jira/browse/LUCENE-6308 is fixed in 5.2. This API
> is called by
> <--NearSpansOrdered.next
> <--NearSpansOrdered.skipTo
> # org.apache.lucene.search.spans.NearSpansOrdered.stretchToOrder()
> https://issues.apache.org/jira/browse/LUCENE-3229 is fixed in 4.10. This API
> is called by NearSpansOrdered.advanceAfterOrdered
> The above bug reports contain the details to reproduce the bugs. Hackers
> could take them as a reference to trigger the bugs on OAK.
> I retrieve the lucene version from oak-parent, which defines lucene version
> as 4.7.2. As a result, my tool checks the source files agaist this version.
> However, I notice that some projects define different versions. For example,
> oak-search-elastic defines it as 9.12.2. Please let me know, if you need to
> check the source files against newer versions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
