[jira] [Commented] (ATLAS-4163) Upgrade elasticsearch version to 6.8.14
[
https://issues.apache.org/jira/browse/ATLAS-4163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17288413#comment-17288413
]
Kevin Risden commented on ATLAS-4163:
-
[~sarath] thanks for triggering the precommit. It looks like it failed, but
with no error - just like it stopped.
The end of the log message is:
{code:java}
...
[INFO] <<< jetty-maven-plugin:9.3.14.v20161028:deploy-war (start-jetty) <
validate @ hbase-bridge <<<
[INFO]
[INFO]
[INFO] --- jetty-maven-plugin:9.3.14.v20161028:deploy-war (start-jetty) @
hbase-bridge ---
[INFO] Logging initialized @5359609ms
[INFO] Configuring Jetty for project: Apache Atlas Hbase Bridge
[INFO] Context path = /
[INFO] Tmp directory =
/home/jenkins/jenkins-agent/workspace/Atlas/PreCommit-ATLAS-Build-Test/addons/hbase-bridge/target/tmp
[INFO] Web defaults = org/eclipse/jetty/webapp/webdefault.xml
[INFO] Web overrides = none
[INFO] jetty-9.3.14.v20161028
log4j:WARN No appenders could be found for logger
(org.apache.curator.framework.state.ConnectionStateManager).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more
info.
{code}
I know ASF Jenkins had some issues a few days ago so maybe thats related? I
didn't look too much closer. I didn't see a way to retrigger the build either.
> Upgrade elasticsearch version to 6.8.14
> ---
>
> Key: ATLAS-4163
> URL: https://issues.apache.org/jira/browse/ATLAS-4163
> Project: Atlas
> Issue Type: Task
>Affects Versions: 2.1.0
>Reporter: Kevin Risden
>Priority: Minor
> Attachments: ATLAS-4163.patch
>
>
> ATLAS-4052 upgraded to Elasticsearch 6.8.3 which isn't the latest. There are
> some CVEs associated with Elasticsearch 6.8.3 and so should upgrade to 6.8.14
> which is the latest as of Feb 2021.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ATLAS-4163) Upgrade elasticsearch version to 6.8.14
[ https://issues.apache.org/jira/browse/ATLAS-4163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17286124#comment-17286124 ] Kevin Risden commented on ATLAS-4163: - [^ATLAS-4163.patch] uploaded and review request is here: https://reviews.apache.org/r/73190/ > Upgrade elasticsearch version to 6.8.14 > --- > > Key: ATLAS-4163 > URL: https://issues.apache.org/jira/browse/ATLAS-4163 > Project: Atlas > Issue Type: Task >Reporter: Kevin Risden >Priority: Minor > Attachments: ATLAS-4163.patch > > > ATLAS-4052 upgraded to Elasticsearch 6.8.3 which isn't the latest. There are > some CVEs associated with Elasticsearch 6.8.3 and so should upgrade to 6.8.14 > which is the latest as of Feb 2021. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (ATLAS-4163) Upgrade elasticsearch version to 6.8.14
[ https://issues.apache.org/jira/browse/ATLAS-4163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kevin Risden updated ATLAS-4163: Attachment: ATLAS-4163.patch > Upgrade elasticsearch version to 6.8.14 > --- > > Key: ATLAS-4163 > URL: https://issues.apache.org/jira/browse/ATLAS-4163 > Project: Atlas > Issue Type: Task >Reporter: Kevin Risden >Priority: Minor > Attachments: ATLAS-4163.patch > > > ATLAS-4052 upgraded to Elasticsearch 6.8.3 which isn't the latest. There are > some CVEs associated with Elasticsearch 6.8.3 and so should upgrade to 6.8.14 > which is the latest as of Feb 2021. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (ATLAS-4163) Upgrade elasticsearch version to 6.8.14
Kevin Risden created ATLAS-4163: --- Summary: Upgrade elasticsearch version to 6.8.14 Key: ATLAS-4163 URL: https://issues.apache.org/jira/browse/ATLAS-4163 Project: Atlas Issue Type: Task Reporter: Kevin Risden ATLAS-4052 upgraded to Elasticsearch 6.8.3 which isn't the latest. There are some CVEs associated with Elasticsearch 6.8.3 and so should upgrade to 6.8.14 which is the latest as of Feb 2021. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ATLAS-4046) Use Jetty BOM to simplify dependency management
[ https://issues.apache.org/jira/browse/ATLAS-4046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17238188#comment-17238188 ] Kevin Risden commented on ATLAS-4046: - Thanks [~sarath] - Build passed w/ this change. > Use Jetty BOM to simplify dependency management > --- > > Key: ATLAS-4046 > URL: https://issues.apache.org/jira/browse/ATLAS-4046 > Project: Atlas > Issue Type: Task >Reporter: Kevin Risden >Priority: Minor > Attachments: ATLAS-4046.patch > > > There are a bunch of defined jetty artifacts in dependencyManagement in the > root pom.xml. Jetty has a BOM maven artifact that simplifies this to ensure > that all the dependencies are the correct version: > https://github.com/apache/atlas/blob/master/pom.xml#L1207 > https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-bom -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ATLAS-4046) Use Jetty BOM to simplify dependency management
[ https://issues.apache.org/jira/browse/ATLAS-4046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17237575#comment-17237575 ] Kevin Risden commented on ATLAS-4046: - Reviewboard change: https://reviews.apache.org/r/73034/ > Use Jetty BOM to simplify dependency management > --- > > Key: ATLAS-4046 > URL: https://issues.apache.org/jira/browse/ATLAS-4046 > Project: Atlas > Issue Type: Task >Reporter: Kevin Risden >Priority: Minor > Attachments: ATLAS-4046.patch > > > There are a bunch of defined jetty artifacts in dependencyManagement in the > root pom.xml. Jetty has a BOM maven artifact that simplifies this to ensure > that all the dependencies are the correct version: > https://github.com/apache/atlas/blob/master/pom.xml#L1207 > https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-bom -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (ATLAS-4046) Use Jetty BOM to simplify dependency management
[ https://issues.apache.org/jira/browse/ATLAS-4046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kevin Risden updated ATLAS-4046: Attachment: ATLAS-4046.patch > Use Jetty BOM to simplify dependency management > --- > > Key: ATLAS-4046 > URL: https://issues.apache.org/jira/browse/ATLAS-4046 > Project: Atlas > Issue Type: Task >Reporter: Kevin Risden >Priority: Minor > Attachments: ATLAS-4046.patch > > > There are a bunch of defined jetty artifacts in dependencyManagement in the > root pom.xml. Jetty has a BOM maven artifact that simplifies this to ensure > that all the dependencies are the correct version: > https://github.com/apache/atlas/blob/master/pom.xml#L1207 > https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-bom -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ATLAS-3930) Atlas server distribution contains 180+ CVEs
[ https://issues.apache.org/jira/browse/ATLAS-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17237570#comment-17237570 ] Kevin Risden commented on ATLAS-3930: - A lot of this should have been addressed with ATLAS-4000 and there might be a few stragglers fixed by ATLAS-4046 for jetty specifically. > Atlas server distribution contains 180+ CVEs > > > Key: ATLAS-3930 > URL: https://issues.apache.org/jira/browse/ATLAS-3930 > Project: Atlas > Issue Type: Bug > Components: atlas-core, atlas-intg, atlas-webui >Affects Versions: 2.1.0 >Reporter: Gaurav Saini >Priority: Blocker > Attachments: dependency-check-report.csv, dependency-check-report.html > > > we are working on apache atlas code and started deploying over > *[https://github.com/apache/atlas/tree/release-2.1.0-rc3]* > Upon scanning using twistlock, we found *180+* vulnerability. > > Out of these, Jackson-databind and netty_netty-all are the most occurring > ones. > So, we tried upgrading the versions, but integration tests in atlas-webapp > started failing saying *"org.eclise.jetty, utils: Multi exception".* > The same thing is happening while upgrading versions of any other > dependencies in the atlas module. The application breaks for any other > dependency which we are trying to upgrade. for example, Hadoop_hdfs uses > Jackson-databind as a transitive dependency, hence I am unable to update > version. > _PFA of dependency check for the project._ > *I do not see any open issue on the Github channel too.* > *Have you experienced any such scenario while upgrading earlier?* > *Is there a way for me to move ahead to remove vulnerabilities in the > current version?* > > *The atlas server distribution should be using the latest version of the > dependencies having no or fewer CVEs.* -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (ATLAS-4046) Use Jetty BOM to simplify dependency management
Kevin Risden created ATLAS-4046: --- Summary: Use Jetty BOM to simplify dependency management Key: ATLAS-4046 URL: https://issues.apache.org/jira/browse/ATLAS-4046 Project: Atlas Issue Type: Task Reporter: Kevin Risden There are a bunch of defined jetty artifacts in dependencyManagement in the root pom.xml. Jetty has a BOM maven artifact that simplifies this to ensure that all the dependencies are the correct version: https://github.com/apache/atlas/blob/master/pom.xml#L1207 https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-bom -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ATLAS-4046) Use Jetty BOM to simplify dependency management
[ https://issues.apache.org/jira/browse/ATLAS-4046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17237554#comment-17237554 ] Kevin Risden commented on ATLAS-4046: - I can submit a patch for this > Use Jetty BOM to simplify dependency management > --- > > Key: ATLAS-4046 > URL: https://issues.apache.org/jira/browse/ATLAS-4046 > Project: Atlas > Issue Type: Task >Reporter: Kevin Risden >Priority: Minor > > There are a bunch of defined jetty artifacts in dependencyManagement in the > root pom.xml. Jetty has a BOM maven artifact that simplifies this to ensure > that all the dependencies are the correct version: > https://github.com/apache/atlas/blob/master/pom.xml#L1207 > https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-bom -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ATLAS-3506) ALTAS import fails when AtlasClient is used but succeeds when curl is using in Knox trusted proxy setup
[ https://issues.apache.org/jira/browse/ATLAS-3506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967697#comment-16967697 ] Kevin Risden commented on ATLAS-3506: - [~mukund-thakur] thanks for digging into this. > ALTAS import fails when AtlasClient is used but succeeds when curl is using > in Knox trusted proxy setup > --- > > Key: ATLAS-3506 > URL: https://issues.apache.org/jira/browse/ATLAS-3506 > Project: Atlas > Issue Type: Bug > Components: atlas-core >Affects Versions: 3.0.0 >Reporter: Mukund Thakur >Assignee: Ashutosh Mestry >Priority: Critical > Labels: knox > Attachments: atlas_trusted_proxy.patch > > > Atlas client to call import for hive databases. We have a knox based trusted > proxy setup when this call fails with 500 Internal Sever Error. But the same > exact call succeeds when curl is used in place of atlas java client. > I debugged this and found that Atlas client doesn't set "Expect", > "100-continue" header and curl automatically sets this. I have a patch where > i added this header in the atlas client java code and post that it works > fine. > Let me know if anybody has any specific questions. -- This message was sent by Atlassian Jira (v8.3.4#803005)
