[jira] [Updated] (KNOX-1133) Update ZooKeeper URLManager implementations to use registry client service
[ https://issues.apache.org/jira/browse/KNOX-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1133: --- Description: There are multiple ZooKeeper-based URLManager implementations: * BaseZookeeperURLManager extensions ** KafkaZooKeeperURLManager ** HBaseZooKeeperURLManager ** SOLRZooKeeperURLManager * HS2ZooKeeperURLManager These should all be updated to support using clients from the remote configuration registry client service. Either a single well-known client name can be relied upon by all of these implementations, or there could be a configuration property for each implementation, binding it to a ZooKeeper client. Careful consideration should be given to the backward-compatibility requirements around continued support for the current configuration model. was: There are multiple ZooKeeper-based URLManager implementations: * BaseZookeeperURLManager extensions ** KafkaZooKeeperURLManager ** HBaseZooKeeperURLManager ** SOLRZooKeeperURLManager * HS2ZooKeeperURLManager These should all be updated to employ clients from the remote configuration registry client service. Either a single well-known client name can be relied upon by all of these implementations, or there could be a configuration property for each implementation, binding it to a ZooKeeper client. Careful consideration should be given to the backward-compatibility requirements around continued support for the current configuration model. > Update ZooKeeper URLManager implementations to use registry client service > --- > > Key: KNOX-1133 > URL: https://issues.apache.org/jira/browse/KNOX-1133 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino > Fix For: 0.15.0 > > > There are multiple ZooKeeper-based URLManager implementations: > * BaseZookeeperURLManager extensions > ** KafkaZooKeeperURLManager > ** HBaseZooKeeperURLManager > ** SOLRZooKeeperURLManager > * HS2ZooKeeperURLManager > These should all be updated to support using clients from the remote > configuration registry client service. > Either a single well-known client name can be relied upon by all of these > implementations, or there could be a configuration property for each > implementation, binding it to a ZooKeeper client. > Careful consideration should be given to the backward-compatibility > requirements around continued support for the current configuration model. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KNOX-1141) Coverity Issues Reported For AmbariConfigurationMonitor
[ https://issues.apache.org/jira/browse/KNOX-1141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295374#comment-16295374 ] Phil Zampino commented on KNOX-1141: This patch, while not essential, could be included in 1.0.0 with little risk for any adverse affect on 0.14.0 behavior. > Coverity Issues Reported For AmbariConfigurationMonitor > --- > > Key: KNOX-1141 > URL: https://issues.apache.org/jira/browse/KNOX-1141 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1141.patch > > > *** CID 1383538: Null pointer dereferences (NULL_RETURNS) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 436 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.getUpdatedConfigVersions(java.lang.String, > java.lang.String)() > *** CID 1383537: Resource leaks (RESOURCE_LEAK) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 211 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.persist(java.util.Properties, > java.io.File)() > *** CID 1383536: Null pointer dereferences (NULL_RETURNS) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 148 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.loadClusterVersionData()() > *** CID 1383535: Resource leaks (RESOURCE_LEAK) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 119 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.loadDiscoveryConfiguration()() > *** CID 1383534: Resource leaks (RESOURCE_LEAK) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 152 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.loadClusterVersionData()() -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1141) Coverity Issues Reported For AmbariConfigurationMonitor
[ https://issues.apache.org/jira/browse/KNOX-1141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1141: --- Fix Version/s: (was: 0.15.0) 1.0.0 > Coverity Issues Reported For AmbariConfigurationMonitor > --- > > Key: KNOX-1141 > URL: https://issues.apache.org/jira/browse/KNOX-1141 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1141.patch > > > *** CID 1383538: Null pointer dereferences (NULL_RETURNS) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 436 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.getUpdatedConfigVersions(java.lang.String, > java.lang.String)() > *** CID 1383537: Resource leaks (RESOURCE_LEAK) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 211 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.persist(java.util.Properties, > java.io.File)() > *** CID 1383536: Null pointer dereferences (NULL_RETURNS) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 148 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.loadClusterVersionData()() > *** CID 1383535: Resource leaks (RESOURCE_LEAK) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 119 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.loadDiscoveryConfiguration()() > *** CID 1383534: Resource leaks (RESOURCE_LEAK) > /gateway-discovery-ambari/src/main/java/org/apache/hadoop/gateway/topology/discovery/ambari/AmbariConfigurationMonitor.java: > 152 in > org.apache.hadoop.gateway.topology.discovery.ambari.AmbariConfigurationMonitor.loadClusterVersionData()() -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (KNOX-1144) Provider Configuration Reference Relationships Aren't Established For Existing Descriptors at Gateway Startup
[ https://issues.apache.org/jira/browse/KNOX-1144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295279#comment-16295279 ] Phil Zampino edited comment on KNOX-1144 at 12/18/17 6:07 PM: -- This is a significant fix affecting the consistent and correct handling of provider configurations and simple descriptors, and should be included in 1.0.0; There should be no risk of adverse impact on 0.14.0 behavior. was (Author: pzampino): This is a significant fix affecting the consistent and correct handling of provider configurations and simple descriptors, and should be included in 1.0.0 > Provider Configuration Reference Relationships Aren't Established For > Existing Descriptors at Gateway Startup > - > > Key: KNOX-1144 > URL: https://issues.apache.org/jira/browse/KNOX-1144 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1144.patch, sandbox-providers.xml, > simple-sandbox.json > > > Changes to existing provider configurations don't result in updates to the > existing descriptors which reference them. > This is a consequence of changing the startup behavior wrt simple > descriptors. Now that existing simple descriptors no longer trigger topology > regeneration at startup (unless they've changed since shutdown), the > relationships between simple descriptors and the provider configurations they > reference are not being established. > These relationships need to be established when the TopologyService is > initialized. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (KNOX-1137) KnoxCLI For Listing Provider Configurations and Descriptors in a Remote Configuration Registry
[ https://issues.apache.org/jira/browse/KNOX-1137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295283#comment-16295283 ] Phil Zampino edited comment on KNOX-1137 at 12/18/17 6:06 PM: -- This helps to alleviate some of the confusion about the source of provider configurations and simple descriptors when they show up in the gateway conf dirs. It's a lot more convenient than trying to use the ZooKeeper CLI, and it should be included in 1.0.0; There should be no impact on 0.14.0 behavior, as this is purely additional functionality. was (Author: pzampino): This helps to alleviate some of the confusion about the source of provider configurations and simple descriptors when they show up in the gateway conf dirs. It's a lot more convenient than trying to use the ZooKeeper CLI, and it should be included in 1.0.0 > KnoxCLI For Listing Provider Configurations and Descriptors in a Remote > Configuration Registry > -- > > Key: KNOX-1137 > URL: https://issues.apache.org/jira/browse/KNOX-1137 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1137.patch > > > KNOX-1125 introduced Knox CLI commands for adding and removing provider > configurations and simple descriptors to a remote configuration registry > (e.g., ZooKeeper). It would be helpful to also have the ability to list the > provider configurations and descriptors that are in the registry. > list-provider-configs --registry-client name > list-descriptors --registry-client name -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1138) Knox CLI Commands for Remote Configuration Registry Should Provide More Feedback
[ https://issues.apache.org/jira/browse/KNOX-1138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1138: --- Summary: Knox CLI Commands for Remote Configuration Registry Should Provide More Feedback (was: Knox CLI Commands for Remote Configuration Registry Should Provider More Feedback) > Knox CLI Commands for Remote Configuration Registry Should Provide More > Feedback > > > Key: KNOX-1138 > URL: https://issues.apache.org/jira/browse/KNOX-1138 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.14.0 >Reporter: Phil Zampino > Fix For: 0.15.0 > > > The Knox CLI commands for adding and removing provider configurations and > descriptors does not provide any feedback regarding the success or failure of > the command (beyond whether the necessary options/arguments are present and > valid). > These commands should yield some feedback to indicate their success or > failure. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KNOX-1137) KnoxCLI For Listing Provider Configurations and Descriptors in a Remote Configuration Registry
[ https://issues.apache.org/jira/browse/KNOX-1137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295283#comment-16295283 ] Phil Zampino commented on KNOX-1137: This helps to alleviate some of the confusion about the source of provider configurations and simple descriptors when they show up in the gateway conf dirs. It's a lot more convenient than trying to use the ZooKeeper CLI, and it should be included in 1.0.0 > KnoxCLI For Listing Provider Configurations and Descriptors in a Remote > Configuration Registry > -- > > Key: KNOX-1137 > URL: https://issues.apache.org/jira/browse/KNOX-1137 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1137.patch > > > KNOX-1125 introduced Knox CLI commands for adding and removing provider > configurations and simple descriptors to a remote configuration registry > (e.g., ZooKeeper). It would be helpful to also have the ability to list the > provider configurations and descriptors that are in the registry. > list-provider-configs --registry-client name > list-descriptors --registry-client name -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KNOX-1144) Provider Configuration Reference Relationships Aren't Established For Existing Descriptors at Gateway Startup
[ https://issues.apache.org/jira/browse/KNOX-1144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295279#comment-16295279 ] Phil Zampino commented on KNOX-1144: This is a significant fix affecting the consistent and correct handling of provider configurations and simple descriptors, and should be included in 1.0.0 > Provider Configuration Reference Relationships Aren't Established For > Existing Descriptors at Gateway Startup > - > > Key: KNOX-1144 > URL: https://issues.apache.org/jira/browse/KNOX-1144 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1144.patch, sandbox-providers.xml, > simple-sandbox.json > > > Changes to existing provider configurations don't result in updates to the > existing descriptors which reference them. > This is a consequence of changing the startup behavior wrt simple > descriptors. Now that existing simple descriptors no longer trigger topology > regeneration at startup (unless they've changed since shutdown), the > relationships between simple descriptors and the provider configurations they > reference are not being established. > These relationships need to be established when the TopologyService is > initialized. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1137) KnoxCLI For Listing Provider Configurations and Descriptors in a Remote Configuration Registry
[ https://issues.apache.org/jira/browse/KNOX-1137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1137: --- Fix Version/s: (was: 0.15.0) 1.0.0 > KnoxCLI For Listing Provider Configurations and Descriptors in a Remote > Configuration Registry > -- > > Key: KNOX-1137 > URL: https://issues.apache.org/jira/browse/KNOX-1137 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1137.patch > > > KNOX-1125 introduced Knox CLI commands for adding and removing provider > configurations and simple descriptors to a remote configuration registry > (e.g., ZooKeeper). It would be helpful to also have the ability to list the > provider configurations and descriptors that are in the registry. > list-provider-configs --registry-client name > list-descriptors --registry-client name -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1144) Provider Configuration Reference Relationships Aren't Established For Existing Descriptors at Gateway Startup
[ https://issues.apache.org/jira/browse/KNOX-1144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1144: --- Fix Version/s: (was: 0.15.0) 1.0.0 > Provider Configuration Reference Relationships Aren't Established For > Existing Descriptors at Gateway Startup > - > > Key: KNOX-1144 > URL: https://issues.apache.org/jira/browse/KNOX-1144 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 1.0.0 > > Attachments: KNOX-1144.patch, sandbox-providers.xml, > simple-sandbox.json > > > Changes to existing provider configurations don't result in updates to the > existing descriptors which reference them. > This is a consequence of changing the startup behavior wrt simple > descriptors. Now that existing simple descriptors no longer trigger topology > regeneration at startup (unless they've changed since shutdown), the > relationships between simple descriptors and the provider configurations they > reference are not being established. > These relationships need to be established when the TopologyService is > initialized. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [DISCUSS] 1.0.0 Release Plan
Great - please consider going through the JIRAs marked for 0.15.0 and set the fix version to 1.0.0 with some commentary as to why it should be included and preferably with some assessment of perceived risk to destabilizing what is essentially the 0.14.0 release. We can then circle back on those and continue discussion on the JIRAs themselves - if need be. On Mon, Dec 18, 2017 at 9:38 AM, Colm O hEigeartaigh wrote: > +1. > > Colm. > > On Mon, Dec 18, 2017 at 2:34 PM, Philip Zampino > wrote: > > > Sounds good. I've already implemented a few patches I would like to see > in > > 1.0.0, and I agree that we should go through the others +1 > > > > On Mon, Dec 18, 2017 at 9:12 AM, larry mccay wrote: > > > > > All - > > > > > > As we discussed back in November [1], we should follow up the recent > > 0.14.0 > > > release with a 1.0.0 with the renaming of the class packages. > > > > > > In addition to the package renames, we could also accommodate any fixes > > or > > > upgrades that would be work well toward the backward compatibility > > > commitments that a 1.0.0 release implies and/or any security related > > fixes. > > > > > > I don't anticipate more than a handful of JIRAs to be attached to this > > > release. > > > > > > My proposal would be that we go through the rather large set of 0.15.0 > > fix > > > version JIRAs and determine those few that absolutely need to go into > > 1.0.0 > > > and defer the rest to 1.1.0. > > > > > > Given the holidays on the horizon, we may want to target a release date > > of > > > Friday 1/12 or earlier. If we keep the scope extremely tight, we can > > > probably get it out earlier. > > > > > > thoughts? > > > > > > --larry > > > > > > 1. > > > http://mail-archives.apache.org/mod_mbox/knox-dev/201711. > > > mbox/%3CCACRbFyjvzAzQ%3DA-JfxYVhAD4DhABeNRBbhLPs4dPTPTtC > > > 1BMNg%40mail.gmail.com%3E > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
[jira] [Commented] (KNOX-1002) Knox Token Service Client data with comma separated list of values for a key should be handled
[
https://issues.apache.org/jira/browse/KNOX-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295237#comment-16295237
]
Larry McCay commented on KNOX-1002:
---
Hi [~csomaati] - to be honest, I don't know that this is really needed.
Can you articulate a usecase where we need multiple values for the same key?
I've never quite understood why anyone would file a JIRA for not being able to
separate values with the delimiter used to separate the pairs.
I also agree that it isn't clear whether the problem is not being able to have
commas in the value or whether it is desired to have multiple values for the
same key.
Again, we need an actual usecase for what this param is intended for - that
being, the ability to provide token session clients with hints that they can
use when interacting with services through a JWTProvider protected topology.
> Knox Token Service Client data with comma separated list of values for a key
> should be handled
> --
>
> Key: KNOX-1002
> URL: https://issues.apache.org/jira/browse/KNOX-1002
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
>Reporter: J.Andreina
> Fix For: 0.15.0
>
>
> If in case in client data , a key has got list of comma separated values,
> then only the first value in the list is considered in the response.
> Should be able to differentiate between commas within values and comma used
> as delimiter for key value pair. When used escape character for comma within
> values list is also not working.
>
> For example
> Configured a comma separated list of value for a key as below
> {code}
> knox.token.client.data
> key1=value1,value2,value3,key2=value4
> {code}
> *Response is as follows:*
> {"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjo1MTUwMzU1MTA1Mn0.bpGoIsVTp2sgF74kyQYRRNAW9wW-nhg5_A3N40Zfb1FuK5apED-PDNfZBroMQ9wLy80egPWMqPbTVFa9vrdZ2RJgNdOfnlaE-Ey-qr7khRZQAaeb42aGUjGxnUAipZvoRbp48lWH-w3wOTq5qV6EBu0cczxqw0rxD2zZTmsk2oQ",{color:red}"key1":"value1","key2":"value4"{color},"target_url":"https://$KNOX_HOST:$KNOX_PORT/gateway/tokenbased","token_type":"Bearer
> ","expires_in":51503551052130}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295084#comment-16295084 ] ASF subversion and git services commented on KNOX-1145: --- Commit c65eee251600ac487fb2d5f7f749a0180ccf788b in knox's branch refs/heads/master from [~coheigea] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=c65eee2 ] KNOX-1145 - Upgrade Jackson due to CVE-2017-7525 > Upgrade Jackson due to CVE-2017-7525 > > > Key: KNOX-1145 > URL: https://issues.apache.org/jira/browse/KNOX-1145 > Project: Apache Knox > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: KNOX-1145.patch > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. However, > there is a security advisory CVE-2017-7525 released for this component: > https://github.com/FasterXML/jackson-databind/issues/1599 > We should upgrade Jackson to pick this fix up. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated KNOX-1145: -- Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade Jackson due to CVE-2017-7525 > > > Key: KNOX-1145 > URL: https://issues.apache.org/jira/browse/KNOX-1145 > Project: Apache Knox > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: KNOX-1145.patch > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. However, > there is a security advisory CVE-2017-7525 released for this component: > https://github.com/FasterXML/jackson-databind/issues/1599 > We should upgrade Jackson to pick this fix up. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [DISCUSS] 1.0.0 Release Plan
+1. Colm. On Mon, Dec 18, 2017 at 2:34 PM, Philip Zampino wrote: > Sounds good. I've already implemented a few patches I would like to see in > 1.0.0, and I agree that we should go through the others +1 > > On Mon, Dec 18, 2017 at 9:12 AM, larry mccay wrote: > > > All - > > > > As we discussed back in November [1], we should follow up the recent > 0.14.0 > > release with a 1.0.0 with the renaming of the class packages. > > > > In addition to the package renames, we could also accommodate any fixes > or > > upgrades that would be work well toward the backward compatibility > > commitments that a 1.0.0 release implies and/or any security related > fixes. > > > > I don't anticipate more than a handful of JIRAs to be attached to this > > release. > > > > My proposal would be that we go through the rather large set of 0.15.0 > fix > > version JIRAs and determine those few that absolutely need to go into > 1.0.0 > > and defer the rest to 1.1.0. > > > > Given the holidays on the horizon, we may want to target a release date > of > > Friday 1/12 or earlier. If we keep the scope extremely tight, we can > > probably get it out earlier. > > > > thoughts? > > > > --larry > > > > 1. > > http://mail-archives.apache.org/mod_mbox/knox-dev/201711. > > mbox/%3CCACRbFyjvzAzQ%3DA-JfxYVhAD4DhABeNRBbhLPs4dPTPTtC > > 1BMNg%40mail.gmail.com%3E > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: [DISCUSS] 1.0.0 Release Plan
Sounds good. I've already implemented a few patches I would like to see in 1.0.0, and I agree that we should go through the others +1 On Mon, Dec 18, 2017 at 9:12 AM, larry mccay wrote: > All - > > As we discussed back in November [1], we should follow up the recent 0.14.0 > release with a 1.0.0 with the renaming of the class packages. > > In addition to the package renames, we could also accommodate any fixes or > upgrades that would be work well toward the backward compatibility > commitments that a 1.0.0 release implies and/or any security related fixes. > > I don't anticipate more than a handful of JIRAs to be attached to this > release. > > My proposal would be that we go through the rather large set of 0.15.0 fix > version JIRAs and determine those few that absolutely need to go into 1.0.0 > and defer the rest to 1.1.0. > > Given the holidays on the horizon, we may want to target a release date of > Friday 1/12 or earlier. If we keep the scope extremely tight, we can > probably get it out earlier. > > thoughts? > > --larry > > 1. > http://mail-archives.apache.org/mod_mbox/knox-dev/201711. > mbox/%3CCACRbFyjvzAzQ%3DA-JfxYVhAD4DhABeNRBbhLPs4dPTPTtC > 1BMNg%40mail.gmail.com%3E >
[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295041#comment-16295041 ] Larry McCay commented on KNOX-1145: --- Agreed, +1 to push at will. :) > Upgrade Jackson due to CVE-2017-7525 > > > Key: KNOX-1145 > URL: https://issues.apache.org/jira/browse/KNOX-1145 > Project: Apache Knox > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: KNOX-1145.patch > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. However, > there is a security advisory CVE-2017-7525 released for this component: > https://github.com/FasterXML/jackson-databind/issues/1599 > We should upgrade Jackson to pick this fix up. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[DISCUSS] 1.0.0 Release Plan
All - As we discussed back in November [1], we should follow up the recent 0.14.0 release with a 1.0.0 with the renaming of the class packages. In addition to the package renames, we could also accommodate any fixes or upgrades that would be work well toward the backward compatibility commitments that a 1.0.0 release implies and/or any security related fixes. I don't anticipate more than a handful of JIRAs to be attached to this release. My proposal would be that we go through the rather large set of 0.15.0 fix version JIRAs and determine those few that absolutely need to go into 1.0.0 and defer the rest to 1.1.0. Given the holidays on the horizon, we may want to target a release date of Friday 1/12 or earlier. If we keep the scope extremely tight, we can probably get it out earlier. thoughts? --larry 1. http://mail-archives.apache.org/mod_mbox/knox-dev/201711.mbox/%3CCACRbFyjvzAzQ%3DA-JfxYVhAD4DhABeNRBbhLPs4dPTPTtC1BMNg%40mail.gmail.com%3E
[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295031#comment-16295031 ] Philip Zampino commented on KNOX-1145: -- After thinking about it more, since 0.14.0 has been branched, and this patch has no code changes, there doesn't seem to be a good reason to hold off this commit, IMO. On Mon, Dec 18, 2017 at 6:01 AM, Colm O hEigeartaigh (JIRA) Upgrade Jackson due to CVE-2017-7525 > > > Key: KNOX-1145 > URL: https://issues.apache.org/jira/browse/KNOX-1145 > Project: Apache Knox > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: KNOX-1145.patch > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. However, > there is a security advisory CVE-2017-7525 released for this component: > https://github.com/FasterXML/jackson-databind/issues/1599 > We should upgrade Jackson to pick this fix up. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294809#comment-16294809 ] Colm O hEigeartaigh commented on KNOX-1145: --- OK I will hold off until the branch is merged to master (although it's hardly much work to do "git merge master" on the branch). What is the timeline for the merge? > Upgrade Jackson due to CVE-2017-7525 > > > Key: KNOX-1145 > URL: https://issues.apache.org/jira/browse/KNOX-1145 > Project: Apache Knox > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: KNOX-1145.patch > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. However, > there is a security advisory CVE-2017-7525 released for this component: > https://github.com/FasterXML/jackson-databind/issues/1599 > We should upgrade Jackson to pick this fix up. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
