[jira] [Commented] (FLUME-3131) Upgrade spring framework library dependencies
[ https://issues.apache.org/jira/browse/FLUME-3131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093618#comment-16093618 ] Ferenc Szabo commented on FLUME-3131: - [~sati] In this case I would recommend to change the activemq dependency to have a test scope because it is only used in one test, than the vulnerability is not going to be present in production. For the `javax.jms.*` packages use the following dependency: {code} org.apache.geronimo.specs geronimo-jms_1.1_spec 1.1.1 {code} > Upgrade spring framework library dependencies > - > > Key: FLUME-3131 > URL: https://issues.apache.org/jira/browse/FLUME-3131 > Project: Flume > Issue Type: Bug >Affects Versions: 1.7.0 >Reporter: Attila Simon >Priority: Critical > Labels: dependency > Fix For: 1.8.0 > > > ||Group||Artifact||Version used||Upgrade target|| > |org.springframework|spring-aop|3.0.7.RELEASE|4.3.9.RELEASE,| > |org.springframework|spring-context|3.0.7.RELEASE|4.3.9.RELEASE,| > |org.springframework|spring-core|3.0.7.RELEASE|4.3.9.RELEASE,| > Security vulnerability: > https://www.cvedetails.com/vulnerability-list/vendor_id-9664/product_id-17274/Springsource-Spring-Framework.html > Maven repositories: > - https://mvnrepository.com/artifact/org.springframework/spring-aop > - https://mvnrepository.com/artifact/org.springframework/spring-context > - https://mvnrepository.com/artifact/org.springframework/spring-core > Please do: > - CVE might be a false alarm or mistake. Please double check. > - double check the newest version. > - consider to remove a dependency if better alternative is available. > - check whether the lib change would introduce a backward incompatibility (in > which case please add this label `breaking_change` and fix version should be > the next major) > Excerpt from mvn dependency:tree > {noformat} > org.apache.flume.flume-ng-sources:flume-jms-source:jar:1.8.0-SNAPSHOT > \- org.apache.activemq:activemq-core:jar:5.7.0:provided >+- org.springframework:spring-context:jar:3.0.7.RELEASE:provided >| +- org.springframework:spring-aop:jar:3.0.7.RELEASE:provided >| +- org.springframework:spring-beans:jar:3.0.7.RELEASE:provided >| +- org.springframework:spring-core:jar:3.0.7.RELEASE:provided >| +- org.springframework:spring-expression:jar:3.0.7.RELEASE:provided >| \- org.springframework:spring-asm:jar:3.0.7.RELEASE:provided > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3132) Upgrade tomcat jasper library dependencies
Attila Simon created FLUME-3132: --- Summary: Upgrade tomcat jasper library dependencies Key: FLUME-3132 URL: https://issues.apache.org/jira/browse/FLUME-3132 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |tomcat|jasper-compiler|5.5.23|8.5.x| |tomcat|jasper-runtime|5.5.23|8.5.x| Security vulnerability: - https://www.cvedetails.com/cve/CVE-2011-1318/ - http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html Maven repositories: - https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-jasper Note: These artifacts were moved to: * New Group org.apache.tomcat * New Artifact Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume:flume-ng-auth:jar:1.8.0-SNAPSHOT +- org.apache.hadoop:hadoop-common:jar:2.4.0:compile | +- tomcat:jasper-compiler:jar:5.5.23:runtime | +- tomcat:jasper-runtime:jar:5.5.23:runtime {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3131) Upgrade spring framework library dependencies
Attila Simon created FLUME-3131: --- Summary: Upgrade spring framework library dependencies Key: FLUME-3131 URL: https://issues.apache.org/jira/browse/FLUME-3131 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.springframework|spring-aop|3.0.7.RELEASE|4.3.9.RELEASE,| |org.springframework|spring-context|3.0.7.RELEASE|4.3.9.RELEASE,| |org.springframework|spring-core|3.0.7.RELEASE|4.3.9.RELEASE,| Security vulnerability: https://www.cvedetails.com/vulnerability-list/vendor_id-9664/product_id-17274/Springsource-Spring-Framework.html Maven repositories: - https://mvnrepository.com/artifact/org.springframework/spring-aop - https://mvnrepository.com/artifact/org.springframework/spring-context - https://mvnrepository.com/artifact/org.springframework/spring-core Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume.flume-ng-sources:flume-jms-source:jar:1.8.0-SNAPSHOT \- org.apache.activemq:activemq-core:jar:5.7.0:provided +- org.springframework:spring-context:jar:3.0.7.RELEASE:provided | +- org.springframework:spring-aop:jar:3.0.7.RELEASE:provided | +- org.springframework:spring-beans:jar:3.0.7.RELEASE:provided | +- org.springframework:spring-core:jar:3.0.7.RELEASE:provided | +- org.springframework:spring-expression:jar:3.0.7.RELEASE:provided | \- org.springframework:spring-asm:jar:3.0.7.RELEASE:provided {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3130) Upgrade restlet library dependency
Attila Simon created FLUME-3130: --- Summary: Upgrade restlet library dependency Key: FLUME-3130 URL: https://issues.apache.org/jira/browse/FLUME-3130 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.restlet.jee|org.restlet|2.1.1|2.3.10| Security vulnerability: http://www.cvedetails.com/vulnerability-list/vendor_id-12911/product_id-26316/Restlet-Restlet.html Maven: https://mvnrepository.com/artifact/org.restlet.jee/org.restlet Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT +- org.apache.solr:solr-test-framework:jar:4.3.0:test | +- org.apache.solr:solr-core:jar:4.3.0:compile | | +- org.restlet.jee:org.restlet:jar:2.1.1:compile | | +- org.restlet.jee:org.restlet.ext.servlet:jar:2.1.1:compile {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (FLUME-2698) Upgrade Jetty Version
[ https://issues.apache.org/jira/browse/FLUME-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Attila Simon updated FLUME-2698: Labels: dependency (was: ) > Upgrade Jetty Version > - > > Key: FLUME-2698 > URL: https://issues.apache.org/jira/browse/FLUME-2698 > Project: Flume > Issue Type: Bug > Components: Web >Affects Versions: 1.6.0, 1.5.1, 1.7.0 >Reporter: Joakim Erdfelt >Assignee: Tristan Stevens > Labels: dependency > > Flume depends on Jetty 6 > {code:xml} > > org.mortbay.jetty > jetty-util > 6.1.26 > > {code} > Which was EOL (End of Life) back in 2010 and is no longer fit for production > use (without heavy customizations and modifications like Google does for GAE, > just to keep it safe and vulnerability free) > Jetty was moved to Eclipse.org back during the Jetty 7 days. > http://eclipse.org/jetty/ > Note that [Jetty 7 and Jetty 8 are now also > EOL|https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00069.html] (as > of 2014) > Jetty 9 is the only stable and supported version of Jetty now. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3129) Upgrade bouncycastle library dependencies
Attila Simon created FLUME-3129: --- Summary: Upgrade bouncycastle library dependencies Key: FLUME-3129 URL: https://issues.apache.org/jira/browse/FLUME-3129 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.bouncycastle|bcprov-jdk15|1.45|1.57| |org.bouncycastle|bcmail-jdk15|1.45|1.57| Security vulnerability: https://www.cvedetails.com/vulnerability-list/vendor_id-7637/Bouncycastle.html Maven repository: https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15 Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT +- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile | +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile | | +- org.apache.tika:tika-xmp:jar:1.5:compile | | | +- org.apache.tika:tika-parsers:jar:1.5:compile | | | | +- org.bouncycastle:bcmail-jdk15:jar:1.45:compile | | | | +- org.bouncycastle:bcprov-jdk15:jar:1.45:compile {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.
[ https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093232#comment-16093232 ] Miklos Csanady commented on FLUME-3128: --- I won't work. NameNodeAdapter class is not present in the hadoop used by flume in trunk. > Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in > hadoop-hdfs lib. > --- > > Key: FLUME-3128 > URL: https://issues.apache.org/jira/browse/FLUME-3128 > Project: Flume > Issue Type: Bug >Reporter: Miklos Csanady >Assignee: Miklos Csanady > > Our test in > flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java > Uses the getLeaseByPath(String src) method of Lease class which is to be > replaced by getLeaseForPath(Namenode n, String src) method. > This change is to make Flume compatible after the hadoop change is made > effective. > See https://issues.apache.org/jira/browse/HDFS-6757 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.
[ https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Miklos Csanady resolved FLUME-3128. --- Resolution: Won't Fix > Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in > hadoop-hdfs lib. > --- > > Key: FLUME-3128 > URL: https://issues.apache.org/jira/browse/FLUME-3128 > Project: Flume > Issue Type: Bug >Reporter: Miklos Csanady >Assignee: Miklos Csanady > > Our test in > flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java > Uses the getLeaseByPath(String src) method of Lease class which is to be > replaced by getLeaseForPath(Namenode n, String src) method. > This change is to make Flume compatible after the hadoop change is made > effective. > See https://issues.apache.org/jira/browse/HDFS-6757 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.
[ https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093207#comment-16093207 ] Miklos Csanady commented on FLUME-3128: --- [~denes] can you take a look at my pull request: https://github.com/apache/flume/pull/146 ? > Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in > hadoop-hdfs lib. > --- > > Key: FLUME-3128 > URL: https://issues.apache.org/jira/browse/FLUME-3128 > Project: Flume > Issue Type: Bug >Reporter: Miklos Csanady >Assignee: Miklos Csanady > > Our test in > flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java > Uses the getLeaseByPath(String src) method of Lease class which is to be > replaced by getLeaseForPath(Namenode n, String src) method. > This change is to make Flume compatible after the hadoop change is made > effective. > See https://issues.apache.org/jira/browse/HDFS-6757 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.
[ https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093201#comment-16093201 ] ASF GitHub Bot commented on FLUME-3128: --- GitHub user mcsanady opened a pull request: https://github.com/apache/flume/pull/146 FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatib… …le changes in hadoop-hdfs lib. Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. See https://issues.apache.org/jira/browse/HDFS-6757 You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcsanady/flume FLUME-3128 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/flume/pull/146.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #146 commit 20ec70a896f2e869a78ade8db2023c4c3bb96c32 Author: Denes ArvayDate: 2017-05-02T13:05:23Z FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib. Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. See https://issues.apache.org/jira/browse/HDFS-6757 > Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in > hadoop-hdfs lib. > --- > > Key: FLUME-3128 > URL: https://issues.apache.org/jira/browse/FLUME-3128 > Project: Flume > Issue Type: Bug >Reporter: Miklos Csanady >Assignee: Miklos Csanady > > Our test in > flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java > Uses the getLeaseByPath(String src) method of Lease class which is to be > replaced by getLeaseForPath(Namenode n, String src) method. > This change is to make Flume compatible after the hadoop change is made > effective. > See https://issues.apache.org/jira/browse/HDFS-6757 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[GitHub] flume pull request #146: FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java...
GitHub user mcsanady opened a pull request: https://github.com/apache/flume/pull/146 FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatib⦠â¦le changes in hadoop-hdfs lib. Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. See https://issues.apache.org/jira/browse/HDFS-6757 You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcsanady/flume FLUME-3128 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/flume/pull/146.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #146 commit 20ec70a896f2e869a78ade8db2023c4c3bb96c32 Author: Denes ArvayDate: 2017-05-02T13:05:23Z FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib. Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. See https://issues.apache.org/jira/browse/HDFS-6757 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Updated] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.
[ https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Miklos Csanady updated FLUME-3128: -- Description: Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. See https://issues.apache.org/jira/browse/HDFS-6757 was: Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. > Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in > hadoop-hdfs lib. > --- > > Key: FLUME-3128 > URL: https://issues.apache.org/jira/browse/FLUME-3128 > Project: Flume > Issue Type: Bug >Reporter: Miklos Csanady >Assignee: Miklos Csanady > > Our test in > flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java > Uses the getLeaseByPath(String src) method of Lease class which is to be > replaced by getLeaseForPath(Namenode n, String src) method. > This change is to make Flume compatible after the hadoop change is made > effective. > See https://issues.apache.org/jira/browse/HDFS-6757 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.
Miklos Csanady created FLUME-3128: - Summary: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib. Key: FLUME-3128 URL: https://issues.apache.org/jira/browse/FLUME-3128 Project: Flume Issue Type: Bug Reporter: Miklos Csanady Assignee: Miklos Csanady Our test in flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java Uses the getLeaseByPath(String src) method of Lease class which is to be replaced by getLeaseForPath(Namenode n, String src) method. This change is to make Flume compatible after the hadoop change is made effective. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3127) Upgrade libfb303 library dependency
Attila Simon created FLUME-3127: --- Summary: Upgrade libfb303 library dependency Key: FLUME-3127 URL: https://issues.apache.org/jira/browse/FLUME-3127 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.apache.thrift|libthrift|0.9.0|0.9.3,0.10.0| |org.apache.thrift|libfb303|0.9.0|0.9.3| Security vulnerability: http://www.cvedetails.com/cve/CVE-2015-3254/ Maven repository: - https://mvnrepository.com/artifact/org.apache.thrift/libthrift - https://mvnrepository.com/artifact/org.apache.thrift/libfb303 Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume:flume-ng-sdk:jar:1.8.0-SNAPSHOT \- org.apache.thrift:libthrift:jar:0.9.0:compile org.apache.flume.flume-ng-sinks:flume-hive-sink:jar:1.8.0-SNAPSHOT +- org.apache.hive.hcatalog:hive-hcatalog-streaming:jar:1.0.0:provided | +- org.apache.hive:hive-metastore:jar:1.0.0:provided | | \- org.apache.thrift:libfb303:jar:0.9.0:provided {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3126) Upgrade apache poi library dependencies
Attila Simon created FLUME-3126: --- Summary: Upgrade apache poi library dependencies Key: FLUME-3126 URL: https://issues.apache.org/jira/browse/FLUME-3126 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.apache.poi|poi|3.10-beta2|3.15-beta2| |org.apache.poi|poi-ooxml|3.10-beta2|3.15-beta2| |org.apache.poi|poi-scratchpad|3.10-beta2|3.15-beta2| Security vulnerability: https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-22766/Apache-POI.html Maven repositories: - https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml - https://mvnrepository.com/artifact/org.apache.poi/poi - https://mvnrepository.com/artifact/org.apache.poi/poi Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT +- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile | +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile | | +- org.apache.tika:tika-xmp:jar:1.5:compile | | | +- org.apache.tika:tika-parsers:jar:1.5:compile | | | | +- org.apache.poi:poi:jar:3.10-beta2:compile | | | | +- org.apache.poi:poi-scratchpad:jar:3.10-beta2:compile | | | | +- org.apache.poi:poi-ooxml:jar:3.10-beta2:compile {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3125) Upgrade fontbox library dependency
Attila Simon created FLUME-3125: --- Summary: Upgrade fontbox library dependency Key: FLUME-3125 URL: https://issues.apache.org/jira/browse/FLUME-3125 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.apache.pdfbox|fontbox|1.8.4|2.0.6| Security vulnerability: http://www.cvedetails.com/cve/CVE-2016-2175/ Maven repository: https://mvnrepository.com/artifact/org.apache.pdfbox/fontbox Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT +- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile | +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile | | +- org.apache.tika:tika-xmp:jar:1.5:compile | | | +- org.apache.tika:tika-parsers:jar:1.5:compile | | | | +- org.apache.pdfbox:pdfbox:jar:1.8.4:compile | | | | | +- org.apache.pdfbox:fontbox:jar:1.8.4:compile {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3124) Upgrade apache-mime4j-core library dependency
Attila Simon created FLUME-3124: --- Summary: Upgrade apache-mime4j-core library dependency Key: FLUME-3124 URL: https://issues.apache.org/jira/browse/FLUME-3124 Project: Flume Issue Type: Bug Affects Versions: 1.7.0 Reporter: Attila Simon Priority: Critical Fix For: 1.8.0 ||Group||Artifact||Version used||Upgrade target|| |org.apache.james|apache-mime4j-core|0.7.2|0.8.1| Security vulnerability: https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-4526/Apache-James.html Maven repository: https://mvnrepository.com/artifact/org.apache.james/apache-mime4j Please do: - CVE might be a false alarm or mistake. Please double check. - double check the newest version. - consider to remove a dependency if better alternative is available. - check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major) Excerpt from mvn dependency:tree {noformat} org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT +- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile | +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile | | +- org.apache.tika:tika-xmp:jar:1.5:compile | | | +- org.apache.tika:tika-parsers:jar:1.5:compile | | | | +- org.apache.james:apache-mime4j-core:jar:0.7.2:compile | | | | +- org.apache.james:apache-mime4j-dom:jar:0.7.2:compile {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (FLUME-3114) Upgrade commons-httpclient library dependency
[ https://issues.apache.org/jira/browse/FLUME-3114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093050#comment-16093050 ] Attila Simon commented on FLUME-3114: - Linking related tickets. Please note that both commons-httpclient:commons-httpclient and org.apache.httpcomponents:httpclient (new maven group/artifact name) are loaded into flume classpath. Ideal state would be to depend only this one: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient Excerpt from dependecy:tree (it appears multiple places in the dep:tree I copied only a single location) {noformat} org.apache.flume.flume-ng-sinks:flume-ng-elasticsearch-sink:jar:1.8.0-SNAPSHOT +- org.apache.httpcomponents:httpclient:jar:4.2.1:compile {noformat} > Upgrade commons-httpclient library dependency > - > > Key: FLUME-3114 > URL: https://issues.apache.org/jira/browse/FLUME-3114 > Project: Flume > Issue Type: Bug >Affects Versions: 1.7.0 >Reporter: Attila Simon >Priority: Critical > Labels: dependency > Fix For: 1.8.0 > > > ||Group||Artifact||Version used||Upgrade target|| > |commons-httpclient|commons-httpclient|3.1,3.0.1|4.5.2| > Note: This artifact was moved to: > * New Group org.apache.httpcomponents > * New Artifacthttpclient > Security vulnerability: https://www.cvedetails.com/cve/CVE-2012-5783/ > Please do: > - double check the newest version. > - consider to remove a dependency if better alternative is available. > - check whether the lib change would introduce a backward incompatibility (in > which case please add this label `breaking_change` and fix version should be > the next major) -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (FLUME-3123) is BLOBHandler just support binary
wangqiaoshi created FLUME-3123: -- Summary: is BLOBHandler just support binary Key: FLUME-3123 URL: https://issues.apache.org/jira/browse/FLUME-3123 Project: Flume Issue Type: Question Components: Sinks+Sources Affects Versions: notrack Reporter: wangqiaoshi is BLOBHandler just support binary? HTTPSource has a HTTPSourceHandler, is build-in BLOBHandler support support form-data format? -- This message was sent by Atlassian JIRA (v6.4.14#64029)