[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17172425#comment-17172425 ] Brandon Williams commented on CASSANDRA-15873: -- Well, that's kind of moot in a couple of ways. If we're going to break tests on trunk by merging 3.11, we're going to revert that. Also it was decided in CASSANDRA-15868 not to include this in 3.11. That said, if it can help troubleshoot, I saw your 3.11 PR there and made a branch to run CI on, which I did here: https://ci-cassandra.apache.org/job/Cassandra-devbranch/231/ There's a teardown failure at https://ci-cassandra.apache.org/job/Cassandra-devbranch/231/testReport/junit/dtest.cqlsh_tests.test_cqlsh_copy/TestCqlshCopy/test_reading_max_insert_errors/ and the SSL failure also persists. > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html, unittest_netty.log > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17171781#comment-17171781 ] Matt Davis commented on CASSANDRA-15873: Thanks Brandon - if that's the case it may not be possible to integrate this without additional changes, and I wonder how much interest there is in making further changes for this. One last check - I see the comparison is from trunk on 4.0, would the 3.11.x branch yield the same results? > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html, unittest_netty.log > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[
https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17171661#comment-17171661
]
Brandon Williams commented on CASSANDRA-15873:
--
I ran them again here:
[https://ci-cassandra.apache.org/job/Cassandra-devbranch/230/]
A lot of those can probably be ignore, but I'm talking about the ones like
this:
[https://ci-cassandra.apache.org/job/Cassandra-devbranch/230/testReport/junit/dtest.materialized_views_test/TestMaterializedViews/test_view_metadata_cleanup/]
{code:java}
Unexpected error found in node logs (see stdout for full details). Errors:
[WARN [epollEventLoopGroup-2-8] 2020-08-05 17:37:18,666
AbstractChannelHandlerContext.java:311 - An exception
'java.lang.NullPointerException' [enable DEBUG level for full stacktrace] was
thrown by a user handler's exceptionCaught() method while handling the
following exception:
java.nio.channels.ClosedChannelException: null
{code}
This one:
https://ci-cassandra.apache.org/job/Cassandra-devbranch/230/testReport/junit/dtest.native_transport_ssl_test/TestNativeTransportSSL/test_connect_to_ssl/
also looks a bit fishy.
Here's a random run from trunk to compare (also not completely successful,
that's still rare): https://ci-cassandra.apache.org/job/Cassandra-trunk/258/
> Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
> ---
>
> Key: CASSANDRA-15873
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15873
> Project: Cassandra
> Issue Type: Task
> Components: Dependencies
>Reporter: Matt Davis
>Priority: Normal
> Fix For: 3.11.x
>
> Attachments: dependency-check-report.html, unittest_netty.log
>
>
> See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue
> on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44,
> which identifies 3 of the same vulnerabilities as above.
>
> Additionally, 4.1.50 contains aarch64 native libraries which can improve
> performance on ARM processors.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17171510#comment-17171510 ] Matt Davis commented on CASSANDRA-15873: [~brandon.williams] - I may not understand the nature of the failures you saw in CI, it appears to me they are random and happen on a small number of test iterations, rather than specific tests failing. Is that correct? If so, makes it very difficult to track down why the change would cause failures. Could you point me to a successful run for comparison? > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html, unittest_netty.log > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17171109#comment-17171109 ] Matt Davis commented on CASSANDRA-15873: Bumping this, would be great to fix this security hole and pickup some free performance for everyone. I was able to get up to 27% more throughput with the more recent version. Thanks! > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html, unittest_netty.log > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1714#comment-1714 ] Matt Davis commented on CASSANDRA-15873: Thanks [~brandon.williams] for running this. I don't have bandwidth right now to investigate the failures, so I'll leave this open for others to look into. > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Assignee: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html, unittest_netty.log > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155476#comment-17155476 ] Brandon Williams commented on CASSANDRA-15873: -- I ran CI here: [https://ci-cassandra.apache.org/job/Cassandra-devbranch/206/] and here: [https://app.circleci.com/pipelines/github/driftx/cassandra/51/workflows/4680a5da-8e32-474e-b01c-059728a30b6f] I believe the teardown failures like [https://app.circleci.com/pipelines/github/driftx/cassandra/51/workflows/4680a5da-8e32-474e-b01c-059728a30b6f/jobs/595] are new. > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Assignee: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html, unittest_netty.log > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[
https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17154719#comment-17154719
]
Matt Davis commented on CASSANDRA-15873:
Added the unit test results. I couldn't see any difference between
cassandra-3.11 with or without the updated dependency.
This failed in both cases:
{code}
[junit-timeout] Testcase:
testIndexMemtableSwitching(org.apache.cassandra.index.sasi.SASIIndexTest):
FAILED
[junit-timeout] expected:<0> but was:<1>
[junit-timeout] junit.framework.AssertionFailedError: expected:<0> but was:<1>
[junit-timeout] at
org.apache.cassandra.index.sasi.SASIIndexTest.testIndexMemtableSwitching(SASIIndexTest.java:2379)
{code}
but I understand this test is known to be flaky, per Slack conversations.
> Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
> ---
>
> Key: CASSANDRA-15873
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15873
> Project: Cassandra
> Issue Type: Task
> Components: Dependencies
>Reporter: Matt Davis
>Assignee: Matt Davis
>Priority: Normal
> Fix For: 3.11.x
>
> Attachments: dependency-check-report.html, unittest_netty.log
>
>
> See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue
> on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44,
> which identifies 3 of the same vulnerabilities as above.
>
> Additionally, 4.1.50 contains aarch64 native libraries which can improve
> performance on ARM processors.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17141982#comment-17141982 ] Aleksey Yeschenko commented on CASSANDRA-15873: --- [~mattsplat] running tests, dtests, and perhaps java driver test suite against this would make me comfortable enough, personally. > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Assignee: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17139461#comment-17139461 ] Matt Davis commented on CASSANDRA-15873: [https://github.com/apache/cassandra/pull/634] > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Assignee: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17139458#comment-17139458 ] Matt Davis commented on CASSANDRA-15873: I understand the hesitancy. What's the path forward here then? If we can determine what the bar would be to accept this change, I'd be glad to do what is necessary to meet it. My suggestion was to run unit tests and dtests and add the results here. (Running cassandra-stress I've so far seen no issues, we just need to add proof.) > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Priority: Normal > Fix For: 3.11.x > > Attachments: dependency-check-report.html > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > > (If the preference is to handle PRs for both versions/branches in a single > issue, feel free to close this as a duplicate.) > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-15873) Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
[ https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17134472#comment-17134472 ] Matt Davis commented on CASSANDRA-15873: Works for me, thanks! > Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) > --- > > Key: CASSANDRA-15873 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15873 > Project: Cassandra > Issue Type: Task > Components: Dependencies >Reporter: Matt Davis >Priority: Normal > Attachments: dependency-check-report.html > > > See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue > on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, > which identifies 3 of the same vulnerabilities as above. > > Additionally, 4.1.50 contains aarch64 native libraries which can improve > performance on ARM processors. > > (If the preference is to handle PRs for both versions/branches in a single > issue, feel free to close this as a duplicate.) > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
