[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-559294846 @nicknezis for this particular issue I believe the earliest without the bug was zookeeper 3.4.14(which was the version used by confluent in their 5.3.0 release), but i agree I don’t see any reason why the Dockerfiles should still be pointing to 3.4.10 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-537280561 Awesome. Thanks again for the help! This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-534118948 thanks again for the help, would you mind updating this ticket when further testing has been done? I'm looking for something to point to in order to make the case that we should update our environment to use this version other than "works for my stuff" This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-532699665 Also thank you very much for being responsive to this ticket and making the update so quickly!! This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-532699376 @joshfischer1108 the helm chart as it sits in the repo forces the use of the same image for heron tools as it does for zookeeper: https://github.com/apache/incubator-heron/blob/dd6da67da7972791639746dd9190fd919ba6986c/deploy/kubernetes/helm/templates/zookeeper.yaml#L83 I can work around that, but I did want to bring that to your attention as another potential issue. What is the latest version of zookeeper that has been tested with heron? I’m concerned about using an untested zookeeper heron combo in my environment. Am I being overly cautious? What tests have you guys run(if any) to verify this version of zookeeper doesn’t break anything? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-532306131 Confluent zookeeper([https://github.com/confluentinc/cp-helm-charts/tree/master/charts/cp-zookeeper](https://github.com/confluentinc/cp-helm-charts/tree/master/charts/cp-zookeeper)) is using zookeeper-3.4.14 in their 5.3.0 release, which i believe is the earliest version without the issue. Has any version of heron been tested with at least this version of zookeeper? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-heron] the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability
the-scott-hand commented on issue #3338: Critical Zookeeper Vulnerability URL: https://github.com/apache/incubator-heron/issues/3338#issuecomment-532297011 any word on this? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services