[jira] [Commented] (FLUME-3131) Upgrade spring framework library dependencies

[Ferenc Szabo (JIRA)]

[ 
https://issues.apache.org/jira/browse/FLUME-3131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093618#comment-16093618
 ] 

Ferenc Szabo commented on FLUME-3131:
-

[~sati]
In this case I would recommend to change the activemq dependency to have a test 
scope because it is only used in one test, than the vulnerability is not going 
to be present in production.
For the `javax.jms.*` packages use the following dependency:
{code}

  org.apache.geronimo.specs
  geronimo-jms_1.1_spec
  1.1.1

{code}


> Upgrade spring framework library dependencies
> -
>
> Key: FLUME-3131
> URL: https://issues.apache.org/jira/browse/FLUME-3131
> Project: Flume
>  Issue Type: Bug
>Affects Versions: 1.7.0
>Reporter: Attila Simon
>Priority: Critical
>  Labels: dependency
> Fix For: 1.8.0
>
>
> ||Group||Artifact||Version used||Upgrade target||
> |org.springframework|spring-aop|3.0.7.RELEASE|4.3.9.RELEASE,|
> |org.springframework|spring-context|3.0.7.RELEASE|4.3.9.RELEASE,|
> |org.springframework|spring-core|3.0.7.RELEASE|4.3.9.RELEASE,|
> Security vulnerability: 
> https://www.cvedetails.com/vulnerability-list/vendor_id-9664/product_id-17274/Springsource-Spring-Framework.html
> Maven repositories: 
> - https://mvnrepository.com/artifact/org.springframework/spring-aop
> - https://mvnrepository.com/artifact/org.springframework/spring-context
> - https://mvnrepository.com/artifact/org.springframework/spring-core
> Please do:
> - CVE might be a false alarm or mistake. Please double check.
> - double check the newest version. 
> - consider to remove a dependency if better alternative is available.
> - check whether the lib change would introduce a backward incompatibility (in 
> which case please add this label `breaking_change` and fix version should be 
> the next major)
> Excerpt from mvn dependency:tree
> {noformat}
> org.apache.flume.flume-ng-sources:flume-jms-source:jar:1.8.0-SNAPSHOT
> \- org.apache.activemq:activemq-core:jar:5.7.0:provided
>+- org.springframework:spring-context:jar:3.0.7.RELEASE:provided
>|  +- org.springframework:spring-aop:jar:3.0.7.RELEASE:provided
>|  +- org.springframework:spring-beans:jar:3.0.7.RELEASE:provided
>|  +- org.springframework:spring-core:jar:3.0.7.RELEASE:provided
>|  +- org.springframework:spring-expression:jar:3.0.7.RELEASE:provided
>|  \- org.springframework:spring-asm:jar:3.0.7.RELEASE:provided
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3132) Upgrade tomcat jasper library dependencies

[Attila Simon (JIRA)]

Attila Simon created FLUME-3132:
---

 Summary: Upgrade tomcat jasper library dependencies
 Key: FLUME-3132
 URL: https://issues.apache.org/jira/browse/FLUME-3132
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|tomcat|jasper-compiler|5.5.23|8.5.x|
|tomcat|jasper-runtime|5.5.23|8.5.x|

Security vulnerability: 
- https://www.cvedetails.com/cve/CVE-2011-1318/
- 
http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html
Maven repositories: 
- https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-jasper

Note: These artifacts were moved to:
* New Group org.apache.tomcat
* New Artifact  

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume:flume-ng-auth:jar:1.8.0-SNAPSHOT
+- org.apache.hadoop:hadoop-common:jar:2.4.0:compile
|  +- tomcat:jasper-compiler:jar:5.5.23:runtime
|  +- tomcat:jasper-runtime:jar:5.5.23:runtime
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3131) Upgrade spring framework library dependencies

[Attila Simon (JIRA)]

Attila Simon created FLUME-3131:
---

 Summary: Upgrade spring framework library dependencies
 Key: FLUME-3131
 URL: https://issues.apache.org/jira/browse/FLUME-3131
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.springframework|spring-aop|3.0.7.RELEASE|4.3.9.RELEASE,|
|org.springframework|spring-context|3.0.7.RELEASE|4.3.9.RELEASE,|
|org.springframework|spring-core|3.0.7.RELEASE|4.3.9.RELEASE,|

Security vulnerability: 
https://www.cvedetails.com/vulnerability-list/vendor_id-9664/product_id-17274/Springsource-Spring-Framework.html
Maven repositories: 
- https://mvnrepository.com/artifact/org.springframework/spring-aop
- https://mvnrepository.com/artifact/org.springframework/spring-context
- https://mvnrepository.com/artifact/org.springframework/spring-core

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume.flume-ng-sources:flume-jms-source:jar:1.8.0-SNAPSHOT
\- org.apache.activemq:activemq-core:jar:5.7.0:provided
   +- org.springframework:spring-context:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-aop:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-beans:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-core:jar:3.0.7.RELEASE:provided
   |  +- org.springframework:spring-expression:jar:3.0.7.RELEASE:provided
   |  \- org.springframework:spring-asm:jar:3.0.7.RELEASE:provided
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3130) Upgrade restlet library dependency

[Attila Simon (JIRA)]

Attila Simon created FLUME-3130:
---

 Summary: Upgrade restlet library dependency
 Key: FLUME-3130
 URL: https://issues.apache.org/jira/browse/FLUME-3130
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.restlet.jee|org.restlet|2.1.1|2.3.10|

Security vulnerability: 
http://www.cvedetails.com/vulnerability-list/vendor_id-12911/product_id-26316/Restlet-Restlet.html
Maven: https://mvnrepository.com/artifact/org.restlet.jee/org.restlet

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
+- org.apache.solr:solr-test-framework:jar:4.3.0:test
|  +- org.apache.solr:solr-core:jar:4.3.0:compile
|  |  +- org.restlet.jee:org.restlet:jar:2.1.1:compile
|  |  +- org.restlet.jee:org.restlet.ext.servlet:jar:2.1.1:compile
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (FLUME-2698) Upgrade Jetty Version

[Attila Simon (JIRA)]

 [ 
https://issues.apache.org/jira/browse/FLUME-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Attila Simon updated FLUME-2698:

Labels: dependency  (was: )

> Upgrade Jetty Version
> -
>
> Key: FLUME-2698
> URL: https://issues.apache.org/jira/browse/FLUME-2698
> Project: Flume
>  Issue Type: Bug
>  Components: Web
>Affects Versions: 1.6.0, 1.5.1, 1.7.0
>Reporter: Joakim Erdfelt
>Assignee: Tristan Stevens
>  Labels: dependency
>
> Flume depends on Jetty 6
> {code:xml}
>   
> org.mortbay.jetty
> jetty-util
> 6.1.26
>   
> {code}
> Which was EOL (End of Life) back in 2010 and is no longer fit for production 
> use (without heavy customizations and modifications like Google does for GAE, 
> just to keep it safe and vulnerability free)
> Jetty was moved to Eclipse.org back during the Jetty 7 days.
> http://eclipse.org/jetty/
> Note that [Jetty 7 and Jetty 8 are now also 
> EOL|https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00069.html] (as 
> of 2014)
> Jetty 9 is the only stable and supported version of Jetty now.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3129) Upgrade bouncycastle library dependencies

[Attila Simon (JIRA)]

Attila Simon created FLUME-3129:
---

 Summary: Upgrade bouncycastle library dependencies
 Key: FLUME-3129
 URL: https://issues.apache.org/jira/browse/FLUME-3129
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.bouncycastle|bcprov-jdk15|1.45|1.57|
|org.bouncycastle|bcmail-jdk15|1.45|1.57|

Security vulnerability: 
https://www.cvedetails.com/vulnerability-list/vendor_id-7637/Bouncycastle.html
Maven repository: 
https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
+- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
|  +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile
|  |  +- org.apache.tika:tika-xmp:jar:1.5:compile
|  |  |  +- org.apache.tika:tika-parsers:jar:1.5:compile
|  |  |  |  +- org.bouncycastle:bcmail-jdk15:jar:1.45:compile
|  |  |  |  +- org.bouncycastle:bcprov-jdk15:jar:1.45:compile
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.

[Miklos Csanady (JIRA)]

[ 
https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093232#comment-16093232
 ] 

Miklos Csanady commented on FLUME-3128:
---

I won't work. NameNodeAdapter class is not present in the hadoop used by flume 
in trunk.

> Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in 
> hadoop-hdfs lib.
> ---
>
> Key: FLUME-3128
> URL: https://issues.apache.org/jira/browse/FLUME-3128
> Project: Flume
>  Issue Type: Bug
>Reporter: Miklos Csanady
>Assignee: Miklos Csanady
>
> Our test in 
> flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
> Uses the getLeaseByPath(String src) method of Lease class which is to be 
> replaced by getLeaseForPath(Namenode n, String src) method.
> This change is to make Flume compatible after the hadoop change is made 
> effective.
> See https://issues.apache.org/jira/browse/HDFS-6757



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.

[Miklos Csanady (JIRA)]

 [ 
https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Miklos Csanady resolved FLUME-3128.
---
Resolution: Won't Fix

> Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in 
> hadoop-hdfs lib.
> ---
>
> Key: FLUME-3128
> URL: https://issues.apache.org/jira/browse/FLUME-3128
> Project: Flume
>  Issue Type: Bug
>Reporter: Miklos Csanady
>Assignee: Miklos Csanady
>
> Our test in 
> flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
> Uses the getLeaseByPath(String src) method of Lease class which is to be 
> replaced by getLeaseForPath(Namenode n, String src) method.
> This change is to make Flume compatible after the hadoop change is made 
> effective.
> See https://issues.apache.org/jira/browse/HDFS-6757



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.

[Miklos Csanady (JIRA)]

[ 
https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093207#comment-16093207
 ] 

Miklos Csanady commented on FLUME-3128:
---

[~denes] can you take a look at my pull request: 
https://github.com/apache/flume/pull/146 ?

> Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in 
> hadoop-hdfs lib.
> ---
>
> Key: FLUME-3128
> URL: https://issues.apache.org/jira/browse/FLUME-3128
> Project: Flume
>  Issue Type: Bug
>Reporter: Miklos Csanady
>Assignee: Miklos Csanady
>
> Our test in 
> flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
> Uses the getLeaseByPath(String src) method of Lease class which is to be 
> replaced by getLeaseForPath(Namenode n, String src) method.
> This change is to make Flume compatible after the hadoop change is made 
> effective.
> See https://issues.apache.org/jira/browse/HDFS-6757



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093201#comment-16093201
 ] 

ASF GitHub Bot commented on FLUME-3128:
---

GitHub user mcsanady opened a pull request:

https://github.com/apache/flume/pull/146

FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatib…

…le changes in hadoop-hdfs lib.

Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.

See https://issues.apache.org/jira/browse/HDFS-6757

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mcsanady/flume FLUME-3128

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/flume/pull/146.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #146


commit 20ec70a896f2e869a78ade8db2023c4c3bb96c32
Author: Denes Arvay 
Date:   2017-05-02T13:05:23Z

FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible 
changes in hadoop-hdfs lib.

Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.

See https://issues.apache.org/jira/browse/HDFS-6757




> Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in 
> hadoop-hdfs lib.
> ---
>
> Key: FLUME-3128
> URL: https://issues.apache.org/jira/browse/FLUME-3128
> Project: Flume
>  Issue Type: Bug
>Reporter: Miklos Csanady
>Assignee: Miklos Csanady
>
> Our test in 
> flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
> Uses the getLeaseByPath(String src) method of Lease class which is to be 
> replaced by getLeaseForPath(Namenode n, String src) method.
> This change is to make Flume compatible after the hadoop change is made 
> effective.
> See https://issues.apache.org/jira/browse/HDFS-6757



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[GitHub] flume pull request #146: FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java...

[mcsanady]

GitHub user mcsanady opened a pull request:

https://github.com/apache/flume/pull/146

FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatib…

…le changes in hadoop-hdfs lib.

Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.

See https://issues.apache.org/jira/browse/HDFS-6757

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mcsanady/flume FLUME-3128

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/flume/pull/146.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #146


commit 20ec70a896f2e869a78ade8db2023c4c3bb96c32
Author: Denes Arvay 
Date:   2017-05-02T13:05:23Z

FLUME-3128: Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible 
changes in hadoop-hdfs lib.

Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.

See https://issues.apache.org/jira/browse/HDFS-6757




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Updated] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.

[Miklos Csanady (JIRA)]

 [ 
https://issues.apache.org/jira/browse/FLUME-3128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Miklos Csanady updated FLUME-3128:
--
Description: 
Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.

See https://issues.apache.org/jira/browse/HDFS-6757

  was:
Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.


> Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in 
> hadoop-hdfs lib.
> ---
>
> Key: FLUME-3128
> URL: https://issues.apache.org/jira/browse/FLUME-3128
> Project: Flume
>  Issue Type: Bug
>Reporter: Miklos Csanady
>Assignee: Miklos Csanady
>
> Our test in 
> flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
> Uses the getLeaseByPath(String src) method of Lease class which is to be 
> replaced by getLeaseForPath(Namenode n, String src) method.
> This change is to make Flume compatible after the hadoop change is made 
> effective.
> See https://issues.apache.org/jira/browse/HDFS-6757



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3128) Fix TestHDFSEventSinkOnMiniCluster.java due to incompatible changes in hadoop-hdfs lib.

[Miklos Csanady (JIRA)]

Miklos Csanady created FLUME-3128:
-

 Summary: Fix TestHDFSEventSinkOnMiniCluster.java due to 
incompatible changes in hadoop-hdfs lib.
 Key: FLUME-3128
 URL: https://issues.apache.org/jira/browse/FLUME-3128
 Project: Flume
  Issue Type: Bug
Reporter: Miklos Csanady
Assignee: Miklos Csanady


Our test in 
flume-ng-sinks/flume-hdfs-sink/src/test/java/org/apache/flume/sink/hdfs/TestHDFSEventSinkOnMiniCluster.java
Uses the getLeaseByPath(String src) method of Lease class which is to be 
replaced by getLeaseForPath(Namenode n, String src) method.

This change is to make Flume compatible after the hadoop change is made 
effective.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3127) Upgrade libfb303 library dependency

[Attila Simon (JIRA)]

Attila Simon created FLUME-3127:
---

 Summary: Upgrade libfb303 library dependency
 Key: FLUME-3127
 URL: https://issues.apache.org/jira/browse/FLUME-3127
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.apache.thrift|libthrift|0.9.0|0.9.3,0.10.0|
|org.apache.thrift|libfb303|0.9.0|0.9.3|

Security vulnerability: http://www.cvedetails.com/cve/CVE-2015-3254/
Maven repository: 
- https://mvnrepository.com/artifact/org.apache.thrift/libthrift
- https://mvnrepository.com/artifact/org.apache.thrift/libfb303

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume:flume-ng-sdk:jar:1.8.0-SNAPSHOT
\- org.apache.thrift:libthrift:jar:0.9.0:compile

org.apache.flume.flume-ng-sinks:flume-hive-sink:jar:1.8.0-SNAPSHOT
+- org.apache.hive.hcatalog:hive-hcatalog-streaming:jar:1.0.0:provided
|  +- org.apache.hive:hive-metastore:jar:1.0.0:provided
|  |  \- org.apache.thrift:libfb303:jar:0.9.0:provided
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3126) Upgrade apache poi library dependencies

[Attila Simon (JIRA)]

Attila Simon created FLUME-3126:
---

 Summary: Upgrade apache poi library dependencies
 Key: FLUME-3126
 URL: https://issues.apache.org/jira/browse/FLUME-3126
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.apache.poi|poi|3.10-beta2|3.15-beta2|
|org.apache.poi|poi-ooxml|3.10-beta2|3.15-beta2|
|org.apache.poi|poi-scratchpad|3.10-beta2|3.15-beta2|

Security vulnerability: 
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-22766/Apache-POI.html
Maven repositories: 
- https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml
- https://mvnrepository.com/artifact/org.apache.poi/poi
- https://mvnrepository.com/artifact/org.apache.poi/poi

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
+- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
|  +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile
|  |  +- org.apache.tika:tika-xmp:jar:1.5:compile
|  |  |  +- org.apache.tika:tika-parsers:jar:1.5:compile
|  |  |  |  +- org.apache.poi:poi:jar:3.10-beta2:compile
|  |  |  |  +- org.apache.poi:poi-scratchpad:jar:3.10-beta2:compile
|  |  |  |  +- org.apache.poi:poi-ooxml:jar:3.10-beta2:compile
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3125) Upgrade fontbox library dependency

[Attila Simon (JIRA)]

Attila Simon created FLUME-3125:
---

 Summary: Upgrade fontbox library dependency
 Key: FLUME-3125
 URL: https://issues.apache.org/jira/browse/FLUME-3125
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.apache.pdfbox|fontbox|1.8.4|2.0.6|

Security vulnerability: http://www.cvedetails.com/cve/CVE-2016-2175/
Maven repository: https://mvnrepository.com/artifact/org.apache.pdfbox/fontbox

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
+- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
|  +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile
|  |  +- org.apache.tika:tika-xmp:jar:1.5:compile
|  |  |  +- org.apache.tika:tika-parsers:jar:1.5:compile
|  |  |  |  +- org.apache.pdfbox:pdfbox:jar:1.8.4:compile
|  |  |  |  |  +- org.apache.pdfbox:fontbox:jar:1.8.4:compile
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3124) Upgrade apache-mime4j-core library dependency

[Attila Simon (JIRA)]

Attila Simon created FLUME-3124:
---

 Summary: Upgrade apache-mime4j-core library dependency
 Key: FLUME-3124
 URL: https://issues.apache.org/jira/browse/FLUME-3124
 Project: Flume
  Issue Type: Bug
Affects Versions: 1.7.0
Reporter: Attila Simon
Priority: Critical
 Fix For: 1.8.0


||Group||Artifact||Version used||Upgrade target||
|org.apache.james|apache-mime4j-core|0.7.2|0.8.1|

Security vulnerability: 
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-4526/Apache-James.html
 
Maven repository: 
https://mvnrepository.com/artifact/org.apache.james/apache-mime4j

Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version. 
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in 
which case please add this label `breaking_change` and fix version should be 
the next major)

Excerpt from mvn dependency:tree
{noformat}
org.apache.flume.flume-ng-sinks:flume-ng-morphline-solr-sink:jar:1.8.0-SNAPSHOT
+- org.kitesdk:kite-morphlines-all:pom:1.0.0:compile
|  +- org.kitesdk:kite-morphlines-solr-cell:jar:1.0.0:compile
|  |  +- org.apache.tika:tika-xmp:jar:1.5:compile
|  |  |  +- org.apache.tika:tika-parsers:jar:1.5:compile
|  |  |  |  +- org.apache.james:apache-mime4j-core:jar:0.7.2:compile
|  |  |  |  +- org.apache.james:apache-mime4j-dom:jar:0.7.2:compile
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (FLUME-3114) Upgrade commons-httpclient library dependency

[Attila Simon (JIRA)]

[ 
https://issues.apache.org/jira/browse/FLUME-3114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093050#comment-16093050
 ] 

Attila Simon commented on FLUME-3114:
-

Linking related tickets. Please note that both 
commons-httpclient:commons-httpclient and org.apache.httpcomponents:httpclient 
(new maven group/artifact name) are loaded into flume classpath. Ideal state 
would be to depend only this one:
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient

Excerpt from dependecy:tree (it appears multiple places in the dep:tree I 
copied only a single location)
{noformat}
org.apache.flume.flume-ng-sinks:flume-ng-elasticsearch-sink:jar:1.8.0-SNAPSHOT
+- org.apache.httpcomponents:httpclient:jar:4.2.1:compile
{noformat}


> Upgrade commons-httpclient library dependency
> -
>
> Key: FLUME-3114
> URL: https://issues.apache.org/jira/browse/FLUME-3114
> Project: Flume
>  Issue Type: Bug
>Affects Versions: 1.7.0
>Reporter: Attila Simon
>Priority: Critical
>  Labels: dependency
> Fix For: 1.8.0
>
>
> ||Group||Artifact||Version used||Upgrade target||
> |commons-httpclient|commons-httpclient|3.1,3.0.1|4.5.2|
> Note: This artifact was moved to:
> * New Group   org.apache.httpcomponents
> * New Artifacthttpclient
> Security vulnerability: https://www.cvedetails.com/cve/CVE-2012-5783/
> Please do:
> - double check the newest version. 
> - consider to remove a dependency if better alternative is available.
> - check whether the lib change would introduce a backward incompatibility (in 
> which case please add this label `breaking_change` and fix version should be 
> the next major)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FLUME-3123) is BLOBHandler just support binary

[wangqiaoshi (JIRA)]

wangqiaoshi created FLUME-3123:
--

 Summary: is BLOBHandler just support binary
 Key: FLUME-3123
 URL: https://issues.apache.org/jira/browse/FLUME-3123
 Project: Flume
  Issue Type: Question
  Components: Sinks+Sources
Affects Versions: notrack
Reporter: wangqiaoshi


is BLOBHandler just support binary?

HTTPSource has a HTTPSourceHandler, is build-in BLOBHandler   support support 
form-data format？




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)