date:20220406



[ 
https://issues.apache.org/jira/browse/RANGER-3569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518618#comment-17518618
 ] 

Mateen N Mansoori commented on RANGER-3569:
---

ranger-2.3 : 
[https://github.com/apache/ranger/commit/1803188a72788870f5d8b3dbf2766a60e9d5dd5b]

 

> Support Ranger KMS integration with Google cloud HSM
> 
>
> Key: RANGER-3569
> URL: https://issues.apache.org/jira/browse/RANGER-3569
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms
>Reporter: Mateen N Mansoori
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Task for tracking Ranger KMS integration with google cloud HSM



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3619) REST API should return 403 when authenticated client is not allowed to access API.

2022-04-06 Thread Bhavik Patel (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518608#comment-17518608
 ] 

Bhavik Patel commented on RANGER-3619:
--

[~kirbyzhou] have you verified the HA mode?

> REST API should return 403 when authenticated client is not allowed to access 
> API.
> --
>
> Key: RANGER-3619
> URL: https://issues.apache.org/jira/browse/RANGER-3619
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0, 2.2.0
>Reporter: kirby zhou
>Priority: Major
>
> REST API should return 403-Forbidden when authenticated client is not allowed 
> to access API to avoid crash Ranger Clients.
>  
> Now, some API returns 401-Unauthorized instead of 403-Forbidden when client 
> is already passed authentication but now allowed to do something.
> In general, this will not cause any serious problems. However, there is a 
> flaw in the SPNEGO protocol implementation of Java HTTPUrlConnection. It 
> causes the Client to throw an unexpected exception. This will trouble the 
> operators and developers.
>  
> Let me show you how it happens:
>  
> For example:
>  
> The RangerAdminClient inside KMS  want to access API 
> "/service/secure/policies/download", but the principal is not in the 
> allowlist.
>  
>  # RangerAdminClient is based on Jersey-Client
>  # JerseyClient sends a HTTP-request to Ranger Service without authentication 
> information
>  # Tomcat/Spring inside Ranger returns 401 with HTTP header 
> “WWW-Authentication: Neogotiate”
>  # JerseyClient sends request again with Kerberos/SPNEGO authentication 
> tokens.
>  # Tomcat/Spring inside Ranger accept the authentication, then call 
> ServiceRest::getSecureServicePoliciesIfUpdated to reply the API calling.
>  # ServiceRest::getSecureServicePoliciesIfUpdated checks allowlist of “kms 
> service”, and refuse client with 401.
>  # Tomcat/Spring inside Ranger returns 401 with HTTP header 
> “WWW-Authentication: Neogotiate….” for notifying RangerAdminClient the 
> authentication is passed.
>  
> Now, there is a malformed state. HTTP-status code told client authenticate is 
> failed, but HTTP header told client authentication is passed.
>  
> In the RangerAdminClient side, 
>  
>  # sun.net.www.protocol.http.HttpURLConnection.getInputStream0() see the 
> second 401.
>  # 'inNegotiate' = true, so it is in the progress of _Negotiate._
>  # It checks that: if "WWW-Authenticate: Negotiate" exist then disable 
> negotiate for following code to avoid try {_}Negotiate once again{_}.
>  # But "WWW-Authenticate: Negotiate xczsd324…" does not the rule above.
>  # So HttpURLConnection calls AuthenticationInfo.sendHeaders to generate a 
> new request header.
>  # Wow, Null exception happens.
>  # Logs "ERROR RangerAdminRESTClient - Error getting policies; Received NULL 
> response!!. secureMode=true, user=… (auth:KERBEROS), serviceName=kmsdev"
>  # Log of KMS: "ERROR RangerAdminRESTClient - Failed to get response, Error 
> is : java.lang.RuntimeException: java.lang.NullPointerException"
>  
> This log makes admin confused.
>  
>  
> {code:java}
> //ServiceRest::getServicePoliciesIfUpdated
> if (isAllowed) {
> //...
> } else {
>httpCode = HttpServletResponse.SC_UNAUTHORIZED;
> }
>  {code}
> {code:java}
> // sun.net.www.protocol.http.HttpURLConnection.getInputStream0()
> // Read comments labeled "Failed Negotiate" for details.
> boolean dontUseNegotiate = false;
> Iterator iter = responses.multiValueIterator("WWW-Authenticate");
> while (iter.hasNext()) {
> String value = iter.next().trim();
> if (value.equalsIgnoreCase("Negotiate") ||
> value.equalsIgnoreCase("Kerberos")) {
> if (!inNegotiate) {
> inNegotiate = true;
> } else {
> dontUseNegotiate = true;
> doingNTLM2ndStage = false;
> serverAuthentication = null;
> }
> break;
> }
> }
> /**
>  * Failed Negotiate
>  *
>  * In some cases, the Negotiate auth is supported for the
>  * remote host but the negotiate process still fails (For
>  * example, if the web page is located on a backend server
>  * and delegation is needed but fails). The authentication
>  * process will start again, and we need to detect this
>  * kind of failure and do proper fallback (say, to NTLM).
>  *
>  * In order to achieve this, the inNegotiate flag is set
>  * when the first negotiate challenge is met (and reset
>  * if authentication is finished). If a fresh new negotiate
>  * challenge (no parameter) is found while inNegotiate is
>  * set, we know there's a failed auth attempt recently.
>  * Here we'll ignore the header line so that fallback
>  * can be practiced.
>  *
>  * inNegotiateProxy is for proxy authentication.
>  */
>   {code}
>  
>

Re: Review Request 73881: RANGER-3619: REST API returns 403 when authed user has no permission.

2022-04-06 Thread bhavik patel


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73881/#review224262
---


Ship it!




Ship It!

- bhavik patel


On April 7, 2022, 6:21 a.m., Kirby Zhou wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73881/
> ---
> 
> (Updated April 7, 2022, 6:21 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-3619
> https://issues.apache.org/jira/browse/RANGER-3619
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> REST API should return 403-Forbidden when authenticated client is not allowed 
> to access API to avoid crash Ranger Clients.
> 
>  
> Now, some API returns 401-Unauthorized instead of 403-Forbidden when client 
> is already passed authentication but not allowed to do something.
> In general, this will not cause any serious problems, but there is a flaw in 
> the SPNEGO protocol implementation of Java HTTPUrlConnection. It causes the 
> Client to throw an unexpected exception. This will trouble the operators and 
> developers.
>  
> Let me show you how it happens:
>  
> For example:
>  
> The RangerAdminClient inside KMS  want to access API 
> "/service/secure/policies/download", but the principal is not in the 
> allowlist.
>  
> RangerAdminClient is based on Jersey-Client
> JerseyClient sends a HTTP-request to Ranger Service without authentication 
> information
> Tomcat/Spring inside Ranger returns 401 with HTTP header “WWW-Authentication: 
> Neogotiate”
> JerseyClient sends request again with Kerberos/SPNEGO authentication tokens.
> Tomcat/Spring inside Ranger accept the authentication, then call 
> ServiceRest::getSecureServicePoliciesIfUpdated to reply the API calling.
> ServiceRest::getSecureServicePoliciesIfUpdated checks allowlist of “kms 
> service”, and refuse client with 401.
> Tomcat/Spring inside Ranger returns 401 with HTTP header “WWW-Authentication: 
> Neogotiate….” for notifying RangerAdminClient the authentication is passed.
>  
> Now, there is a malformed state. HTTP-status code told client authenticate is 
> failed, but HTTP header told client authentication is passed.
>  
> In the RangerAdminClient side, 
>  
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0() see the second 
> 401.
> 'inNegotiate' = true, so it is in the progress of Negotiate.
> It checks that: if "WWW-Authenticate: Negotiate" exist then disable negotiate 
> for following code to avoid try Negotiate once again.
> But "WWW-Authenticate: Negotiate xczsd324…" does not the rule above.
> So HttpURLConnection calls AuthenticationInfo.sendHeaders to generate a new 
> request header.
> Wow, Null exception happens.
> 
> Logs "ERROR RangerAdminRESTClient - Error getting policies; Received NULL 
> response!!. secureMode=true, user=… (auth:KERBEROS), serviceName=kmsdev"
> 
> Log of KMS: "ERROR RangerAdminRESTClient - Failed to get response, Error is : 
> java.lang.RuntimeException: java.lang.NullPointerException"
>  
> 
> This log makes admin confused, and no not know how to fix it.
> 
> My patch fixes the return code of http, thus avoiding these problems.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 1ec1df0a3d09577c52e503532d5aea87ad6cd72d 
>   security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java 
> 935435044624a38ce7b0b9c7401e3f3dbacc0f65 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 
> 8109968e4d55de9e7875fb56590e50522fba32cb 
>   security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 
> e3cdef1c2ba6411cf4d4a26cd49e56e9017f3e93 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 098188e3b9f1f837727c7d279a4fab1f0aa84e34 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 
> 10f91e037180a50287b8d0b0fa0ea3eec0d7f415 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 
> 451805321d050dda06a0f2b66a9b945411632e2f 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
>  5d7cbdc679c010a7b88c85324e6f9912cba29fe6 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
>  223a991c76bae7d25f5ce89604d0a8a90d426fe5 
> 
> 
> Diff: https://reviews.apache.org/r/73881/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

Re: Review Request 73881: RANGER-3619: REST API returns 403 when authed user has no permission.

2022-04-06 Thread Kirby Zhou

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73881/
---

(Updated 四月 7, 2022, 6:21 a.m.)

Review request for ranger.

Bugs: RANGER-3619
https://issues.apache.org/jira/browse/RANGER-3619

Repository: ranger

Description (updated)
---

REST API should return 403-Forbidden when authenticated client is not allowed
to access API to avoid crash Ranger Clients.

Now, some API returns 401-Unauthorized instead of 403-Forbidden when client is
already passed authentication but not allowed to do something.
In general, this will not cause any serious problems, but there is a flaw in
the SPNEGO protocol implementation of Java HTTPUrlConnection. It causes the
Client to throw an unexpected exception. This will trouble the operators and
developers.

Let me show you how it happens:

For example:

The RangerAdminClient inside KMS want to access API
"/service/secure/policies/download", but the principal is not in the allowlist.

RangerAdminClient is based on Jersey-Client
JerseyClient sends a HTTP-request to Ranger Service without authentication
information
Tomcat/Spring inside Ranger returns 401 with HTTP header “WWW-Authentication:
Neogotiate”
JerseyClient sends request again with Kerberos/SPNEGO authentication tokens.
Tomcat/Spring inside Ranger accept the authentication, then call
ServiceRest::getSecureServicePoliciesIfUpdated to reply the API calling.
ServiceRest::getSecureServicePoliciesIfUpdated checks allowlist of “kms
service”, and refuse client with 401.
Tomcat/Spring inside Ranger returns 401 with HTTP header “WWW-Authentication:
Neogotiate….” for notifying RangerAdminClient the authentication is passed.

Now, there is a malformed state. HTTP-status code told client authenticate is
failed, but HTTP header told client authentication is passed.

In the RangerAdminClient side,

sun.net.www.protocol.http.HttpURLConnection.getInputStream0() see the second
401.
'inNegotiate' = true, so it is in the progress of Negotiate.
It checks that: if "WWW-Authenticate: Negotiate" exist then disable negotiate
for following code to avoid try Negotiate once again.
But "WWW-Authenticate: Negotiate xczsd324…" does not the rule above.
So HttpURLConnection calls AuthenticationInfo.sendHeaders to generate a new
request header.
Wow, Null exception happens.

Logs "ERROR RangerAdminRESTClient - Error getting policies; Received NULL
response!!. secureMode=true, user=… (auth:KERBEROS), serviceName=kmsdev"

Log of KMS: "ERROR RangerAdminRESTClient - Failed to get response, Error is :
java.lang.RuntimeException: java.lang.NullPointerException"

This log makes admin confused, and no not know how to fix it.

My patch fixes the return code of http, thus avoiding these problems.

Diffs
-

security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
1ec1df0a3d09577c52e503532d5aea87ad6cd72d
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java
935435044624a38ce7b0b9c7401e3f3dbacc0f65
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
8109968e4d55de9e7875fb56590e50522fba32cb
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
e3cdef1c2ba6411cf4d4a26cd49e56e9017f3e93
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
098188e3b9f1f837727c7d279a4fab1f0aa84e34
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
10f91e037180a50287b8d0b0fa0ea3eec0d7f415
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
451805321d050dda06a0f2b66a9b945411632e2f

security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
5d7cbdc679c010a7b88c85324e6f9912cba29fe6

security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
223a991c76bae7d25f5ce89604d0a8a90d426fe5

Diff: https://reviews.apache.org/r/73881/diff/1/

Testing
---

Thanks,

Kirby Zhou

[jira] [Created] (RANGER-3701) Establish plug-in system for KMS MasterKeyProvider

2022-04-06 Thread kirby zhou (Jira)

kirby zhou created RANGER-3701:
--

 Summary: Establish plug-in system for KMS MasterKeyProvider
 Key: RANGER-3701
 URL: https://issues.apache.org/jira/browse/RANGER-3701
 Project: Ranger
  Issue Type: Improvement
  Components: kms
Affects Versions: 3.0.0, 2.3.0
Reporter: kirby zhou


At present, RangerKMS has six different MasterKey Provider. Among them, three 
types can access MK, and KMS can complete the encryption and decryption of 
ZoneKey by itself, and three types can only entrust the encryption and 
decryption of ZoneKey to MasterKey Provider. 

Except the built-in JDBC-based RangerMasterKey class, other provider have more 
or less introduced a large number of dependencies. This makes the dependence of 
KMS quite complicated and confusing. In the future, these dependencies may 
conflict. Therefore, it is necessary to refine MasterKey Provider into a 
plug-in mechanism, similar to plugin shim of Ranger Admin.

 

A preliminary idea,  we can define a MKProviderFactory interface which can 
create instance of RangerKMSMKI from a URL. Then we use 
ServiceLoader to create MK Provider at runtime.  The 
dependencies of actual MK Provider is hidden by plugin class loader.

 

URL schema can like "mkp-azure://conffile/keyprefix", 
"mkp-jdbc://connectionstring", ...

 

At last we can unify the way of key import / export / migration CLI utilities.

 

Task Blocked on: https://issues.apache.org/jira/browse/RANGER-3682

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3569) Support Ranger KMS integration with Google cloud HSM

2022-04-06 Thread Bhavik Patel (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518585#comment-17518585
 ] 

Bhavik Patel commented on RANGER-3569:
--

[~dhavalshah9131]  [~mmansoori]  it seems link commit link of master and 
ranger-2.3 branch are same, can you please update the commit link?

> Support Ranger KMS integration with Google cloud HSM
> 
>
> Key: RANGER-3569
> URL: https://issues.apache.org/jira/browse/RANGER-3569
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms
>Reporter: Mateen N Mansoori
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Task for tracking Ranger KMS integration with google cloud HSM



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3700) prestosql 350 information_schema.column is empty after enabling Ranger Plugin

2022-04-06 Thread Sergio Monteiro (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-3700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sergio Monteiro updated RANGER-3700:

Attachment: ranger-presto.png

> prestosql 350 information_schema.column is empty after enabling Ranger Plugin 
> --
>
> Key: RANGER-3700
> URL: https://issues.apache.org/jira/browse/RANGER-3700
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 3.0.0
>Reporter: Sergio Monteiro
>Priority: Major
> Attachments: ranger-presto.png
>
>
> I have downloaded ranger 3.0.0 and buiilt from git source. We also have the 
> prestoSQL 350, just before the renaming, so we can have it working. But, 
> after enabling ranger plugin for presto, the information_schema.columns are 
> not populated, and ODBC driver is not unable to retrieve data from it.
> Even from prestocli, the view does not return any data. As soon as I disable 
> the ranger plugin, the data is returned finely. I have tried all teh 
> combination of rules in the Ranger Admin UI, to no avail.
> !image-2022-04-07-02-21-45-580.png!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (RANGER-3700) prestosql 350 information_schema.column is empty after enabling Ranger Plugin

2022-04-06 Thread Sergio Monteiro (Jira)

Sergio Monteiro created RANGER-3700:
---

 Summary: prestosql 350 information_schema.column is empty after 
enabling Ranger Plugin 
 Key: RANGER-3700
 URL: https://issues.apache.org/jira/browse/RANGER-3700
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 3.0.0
Reporter: Sergio Monteiro


I have downloaded ranger 3.0.0 and buiilt from git source. We also have the 
prestoSQL 350, just before the renaming, so we can have it working. But, after 
enabling ranger plugin for presto, the information_schema.columns are not 
populated, and ODBC driver is not unable to retrieve data from it.

Even from prestocli, the view does not return any data. As soon as I disable 
the ranger plugin, the data is returned finely. I have tried all teh 
combination of rules in the Ranger Admin UI, to no avail.

!image-2022-04-07-02-21-45-580.png!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3611) Uncatched NullPointerException when missing lastKnownVersion in ServiceREST::getServicePoliciesIfUpdated



[ 
https://issues.apache.org/jira/browse/RANGER-3611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518573#comment-17518573
 ] 

Pradeep Agrawal commented on RANGER-3611:
-

[~kirbyzhou]  : Please close the RR. https://reviews.apache.org/r/73835/

> Uncatched NullPointerException when missing lastKnownVersion in 
> ServiceREST::getServicePoliciesIfUpdated
> 
>
> Key: RANGER-3611
> URL: https://issues.apache.org/jira/browse/RANGER-3611
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.2.0, 2.3.0
>Reporter: kirby zhou
>Priority: Minor
> Fix For: 3.0.0, 2.3.0
>
>
> A simple Rest API call by CURL will cause uncatched NullPointerException in 
> logs.
> Actual:
>  
> {code:java}
> ]% curl -v http://localhost:6080/service/plugins/policies/download/hdfsdev
> ... 
> < HTTP/1.1 404 Not Found
> ...
>  No Message here 
> * Closing connection 0 {code}
>  
> And logs in catalina.out
> {code:java}
> EVERE: Servlet.service() for servlet [REST Service] in context with path [] 
> threw exception
> java.lang.NullPointerException
>   at 
> org.apache.ranger.rest.ServiceREST.getServicePoliciesIfUpdated(ServiceREST.java:3054)
>   at 
> org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke()
>   at 
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
>   at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
>   at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
>   at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
>   at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692)
>   at 
> org.apache.ranger.rest.ServiceREST$$EnhancerBySpringCGLIB$$43bccb60.getServicePoliciesIfUpdated()
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:498)
>   at 
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>   at 
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
>   at 
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>   at 
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
>   at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>   at 
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>   at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>   at 
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>   at 
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>   at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
>   at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
>   at 
> org.apa

[jira] [Resolved] (RANGER-3611) Uncatched NullPointerException when missing lastKnownVersion in ServiceREST::getServicePoliciesIfUpdated



 [ 
https://issues.apache.org/jira/browse/RANGER-3611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-3611.
-
Fix Version/s: 3.0.0
   2.3.0
   Resolution: Fixed

Master branch commit link : 
https://github.com/apache/ranger/commit/49ac30ab5bdc8465156a89783b30c960b7499682

2.3 branch commit link : 
https://github.com/apache/ranger/commit/88a375f3cb5ef4cc110494cd2582cb2f760e3a9d

> Uncatched NullPointerException when missing lastKnownVersion in 
> ServiceREST::getServicePoliciesIfUpdated
> 
>
> Key: RANGER-3611
> URL: https://issues.apache.org/jira/browse/RANGER-3611
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.2.0, 2.3.0
>Reporter: kirby zhou
>Priority: Minor
> Fix For: 3.0.0, 2.3.0
>
>
> A simple Rest API call by CURL will cause uncatched NullPointerException in 
> logs.
> Actual:
>  
> {code:java}
> ]% curl -v http://localhost:6080/service/plugins/policies/download/hdfsdev
> ... 
> < HTTP/1.1 404 Not Found
> ...
>  No Message here 
> * Closing connection 0 {code}
>  
> And logs in catalina.out
> {code:java}
> EVERE: Servlet.service() for servlet [REST Service] in context with path [] 
> threw exception
> java.lang.NullPointerException
>   at 
> org.apache.ranger.rest.ServiceREST.getServicePoliciesIfUpdated(ServiceREST.java:3054)
>   at 
> org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke()
>   at 
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
>   at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
>   at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
>   at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
>   at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692)
>   at 
> org.apache.ranger.rest.ServiceREST$$EnhancerBySpringCGLIB$$43bccb60.getServicePoliciesIfUpdated()
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:498)
>   at 
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
>   at 
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
>   at 
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
>   at 
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
>   at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>   at 
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
>   at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
>   at 
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>   at 
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>   at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
>   at 
> com.sun.jersey.sp

[jira] [Commented] (RANGER-3692) Ranger cannot connect to the DB when the DB is outaged for a long time



[ 
https://issues.apache.org/jira/browse/RANGER-3692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518570#comment-17518570
 ] 

Pradeep Agrawal commented on RANGER-3692:
-

[~zilong zhu] : please close RR https://reviews.apache.org/r/73927/

> Ranger cannot connect to the DB when the DB is outaged for a long time
> --
>
> Key: RANGER-3692
> URL: https://issues.apache.org/jira/browse/RANGER-3692
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.1.0
>Reporter: Zilong Zhu
>Assignee: Zilong Zhu
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
> Attachments: 
> 0001-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch, 
> 0002-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch
>
>
> We had a database problem where the database was offline for more than a 
> week. However ranger connot connect to the DB.
> {code:java}
> Internal Exception: java.sql.SQLException: Connections could not be acquired 
> from the underlying database!
> [C3P0PooledConnectionPoolManager[identityToken->1hgf80qaljdycrokead8h|73c6299]-HelperThread-#0]
>  WARN  com.mchange.v2.log.slf4j.Slf4jMLog$Slf4jMLogger$WarnLogger 
> (Slf4jMLog.java:223) - 
> com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask@7179549 -- 
> Acquisition Attempt Failed!!! Clearing pending acquires. While trying to 
> acquire a needed new resource, we failed to succeed more than the maximum 
> number of allowed acquisition attempts (30). Last acquisition attempt 
> exception:
> com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link 
> failure
> [C3P0PooledConnectionPoolManager[identityToken->1hgf80qaljdycrokead8h|73c6299]-HelperThread-#0]
>  WARN  com.mchange.v2.log.slf4j.Slf4jMLog$Slf4jMLogger$WarnLogger 
> (Slf4jMLog.java:220) - Having failed to acquire a resource, 
> com.mchange.v2.resourcepool.BasicResourcePool@5efb2b9 is interrupting all 
> Threads waiting on a resource to check out. Will try again in response to new 
> client requests. {code}
> {code:java}
> Internal Exception: java.sql.SQLException: An SQLException was provoked by 
> the following failure: com.mchange.v2.resourcepool.ResourcePoolException: A 
> ResourcePool cannot acquire a new resource -- the factory or source appears 
> to be down.
> {code}
> I found out that this is a bug in c3p0 0.9.5.3. This bug was resolved in 
> 0.9.5.4. So I suggest to upgrade the version of c3p0 to 0.9.5.4. 
> [Force kill acquires by rscadrde · Pull Request #91 · swaldman/c3p0 · 
> GitHub|https://github.com/swaldman/c3p0/pull/91]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (RANGER-3692) Ranger cannot connect to the DB when the DB is outaged for a long time



 [ 
https://issues.apache.org/jira/browse/RANGER-3692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-3692.
-
Fix Version/s: 3.0.0
   2.3.0
   Resolution: Fixed

commit link master branch : 
[https://github.com/apache/ranger/commit/a93571daedaa45ffc98869410148cf1c55a90eaf]

2.3 branch : 
https://github.com/apache/ranger/commit/d9d080dea207319147190f2a8875effca95d4d73

> Ranger cannot connect to the DB when the DB is outaged for a long time
> --
>
> Key: RANGER-3692
> URL: https://issues.apache.org/jira/browse/RANGER-3692
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.1.0
>Reporter: Zilong Zhu
>Assignee: Zilong Zhu
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
> Attachments: 
> 0001-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch, 
> 0002-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch
>
>
> We had a database problem where the database was offline for more than a 
> week. However ranger connot connect to the DB.
> {code:java}
> Internal Exception: java.sql.SQLException: Connections could not be acquired 
> from the underlying database!
> [C3P0PooledConnectionPoolManager[identityToken->1hgf80qaljdycrokead8h|73c6299]-HelperThread-#0]
>  WARN  com.mchange.v2.log.slf4j.Slf4jMLog$Slf4jMLogger$WarnLogger 
> (Slf4jMLog.java:223) - 
> com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask@7179549 -- 
> Acquisition Attempt Failed!!! Clearing pending acquires. While trying to 
> acquire a needed new resource, we failed to succeed more than the maximum 
> number of allowed acquisition attempts (30). Last acquisition attempt 
> exception:
> com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link 
> failure
> [C3P0PooledConnectionPoolManager[identityToken->1hgf80qaljdycrokead8h|73c6299]-HelperThread-#0]
>  WARN  com.mchange.v2.log.slf4j.Slf4jMLog$Slf4jMLogger$WarnLogger 
> (Slf4jMLog.java:220) - Having failed to acquire a resource, 
> com.mchange.v2.resourcepool.BasicResourcePool@5efb2b9 is interrupting all 
> Threads waiting on a resource to check out. Will try again in response to new 
> client requests. {code}
> {code:java}
> Internal Exception: java.sql.SQLException: An SQLException was provoked by 
> the following failure: com.mchange.v2.resourcepool.ResourcePoolException: A 
> ResourcePool cannot acquire a new resource -- the factory or source appears 
> to be down.
> {code}
> I found out that this is a bug in c3p0 0.9.5.3. This bug was resolved in 
> 0.9.5.4. So I suggest to upgrade the version of c3p0 to 0.9.5.4. 
> [Force kill acquires by rscadrde · Pull Request #91 · swaldman/c3p0 · 
> GitHub|https://github.com/swaldman/c3p0/pull/91]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73927: RANGER-3692: Ranger cannot connect to the DB when the DB is outaged for a long time

2022-04-06 Thread Pradeep Agrawal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73927/#review224261
---


Ship it!




Ship It!

- Pradeep Agrawal


On April 6, 2022, 3:34 p.m., Zilong Zhu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73927/
> ---
> 
> (Updated April 6, 2022, 3:34 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3692
> https://issues.apache.org/jira/browse/RANGER-3692
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We had a database problem where the database was offline for more than a 
> week. However ranger connot connect to the DB. I found out that this is a bug 
> in c3p0 0.9.5.3. This bug was resolved in 0.9.5.4. So I suggest to upgrade 
> the version of c3p0 to 0.9.5.4.
> 
> 
> Diffs
> -
> 
>   pom.xml 252463227 
> 
> 
> Diff: https://reviews.apache.org/r/73927/diff/2/
> 
> 
> Testing
> ---
> 
> Build successful - mvn clean compile test verify install
> 
> 
> Thanks,
> 
> Zilong Zhu
> 
>

[jira] [Updated] (RANGER-3231) Ranger should use kafka Authorizer from KIP-504

2022-04-06 Thread Andras Katona (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-3231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Katona updated RANGER-3231:
--
Fix Version/s: 3.0.0

> Ranger should use kafka Authorizer from KIP-504
> ---
>
> Key: RANGER-3231
> URL: https://issues.apache.org/jira/browse/RANGER-3231
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Ismael Juma
>Assignee: Andras Katona
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: ranger_kafka.zip
>
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> As described in the KIP, `org.apache.kafka.server.authorizer.Authorizer` is 
> an improvement over `kafka.security.auth.Authorizer` and it's a pure Java 
> interface (instead of Scala).
> `kafka.security.auth.Authorizer` has been deprecated since December 2019 and 
> it will be removed in Apache Kafka 3.0 (roughly planned for July/August).
> See the KIP for more details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3691) Upgrade spring to 5.3.18 CVE-2022-22965

2022-04-06 Thread kirby zhou (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518551#comment-17518551
 ] 

kirby zhou commented on RANGER-3691:


If 2.2.1, log4j-logback patches should also be picked.

> Upgrade spring to 5.3.18 CVE-2022-22965
> ---
>
> Key: RANGER-3691
> URL: https://issues.apache.org/jira/browse/RANGER-3691
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, kms
>Reporter: kirby zhou
>Assignee: kirby zhou
>Priority: Blocker
> Fix For: 3.0.0
>
>
> [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [https://github.com/spring-projects/spring-framework/releases]
>  
> Spring has a new 0day Remote-Code-Execution problem, related to spring-beans 
> and JDK9+
> Fixed at spring 5.3.18 / 5.2.20
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-2895) Replace c3p0 connection pool with HikariCP, upgrading MySQL connector

2022-04-06 Thread kirby zhou (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518549#comment-17518549
 ] 

kirby zhou commented on RANGER-2895:


It seems a good change.

> Replace c3p0 connection pool with HikariCP, upgrading MySQL connector
> -
>
> Key: RANGER-2895
> URL: https://issues.apache.org/jira/browse/RANGER-2895
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, Ranger
>Reporter: RickyMa
>Priority: Major
> Attachments: 
> 0001-RANGER-2895-Replace-c3p0-connection-pool-with-Hikari.patch
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>
> We should replace c3p0 with 
> [HikariCP|[https://github.com/brettwooldridge/HikariCP]]. HikariCP is much 
> faster and less error prone. HikariCP is more popular with 13.2k+ stars on 
> its github. There were no more new commits since Nov 18, 2019 in 
> [c3p0|[https://github.com/swaldman/c3p0/commits/master]].
> [MySQL connector|[https://github.com/mysql/mysql-connector-j]] should be 
> upgraded to the latest stable versions as well to include many essential 
> bugfixes.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[GitHub] [ranger] dependabot[bot] opened a new pull request, #143: Bump hadoop-common from 3.1.1 to 3.1.4 in /hbase-agent



dependabot[bot] opened a new pull request, #143:
URL: https://github.com/apache/ranger/pull/143

   Bumps hadoop-common from 3.1.1 to 3.1.4.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.hadoop:hadoop-common&package-manager=maven&previous-version=3.1.1&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
   - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
   - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
   - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
   
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/ranger/network/alerts).
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ranger] dependabot[bot] opened a new pull request, #142: Bump ajv from 6.6.2 to 6.12.6 in /security-admin/src/test/javascript



dependabot[bot] opened a new pull request, #142:
URL: https://github.com/apache/ranger/pull/142

   Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.6.2 to 6.12.6.
   
   Release notes
   Sourced from https://github.com/ajv-validator/ajv/releases";>ajv's 
releases.
   
   v6.12.6
   Fix performance issue of "url" format.
   v6.12.5
   Fix uri scheme validation (https://github.com/ChALkeR";>@ChALkeR).
   Fix boolean schemas with strictKeywords option (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1270";>#1270)
   v6.12.4
   Fix: coercion of one-item arrays to scalar that should fail validation 
(https://runkit.com/esp/5f3672ba2f6642001ae27411";>failing 
example).
   v6.12.3
   Pass schema object to processCode function
   Option for strictNumbers (https://github.com/issacgerges";>@issacgerges, https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1128";>#1128)
   Fixed vulnerability related to untrusted schemas (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2020-15366";>CVE-2020-15366)
   v6.12.2
   Removed post-install script
   v6.12.1
   Docs and dependency updates
   v6.12.0
   Improved hostname validation (https://github.com/sambauers";>@sambauers, https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1143";>#1143)
   Option keywords to add custom keywords (https://github.com/franciscomorais";>@franciscomorais, 
https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1137";>#1137)
   Types fixes (https://github.com/boenrobot";>@boenrobot, https://github.com/MattiAstedrone";>@MattiAstedrone)
   Docs:
   
   https://github.com/epoberezkin/ajv#error-logging";>error 
logging example (https://github.com/RadiationSickness";>@RadiationSickness)
   TypeScript usage notes (https://github.com/thetric";>@thetric)
   
   v6.11.0
   Time formats support two digit and colon-less variants of timezone offset 
(https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1061";>#1061
 , https://github.com/cjpillsbury";>@cjpillsbury)
   Docs: RegExp related security considerations
   Tests: Disabled failing typescript test
   v6.10.2
   Fix: the unknown keywords were ignored with the option 
strictKeywords: true (instead of failing compilation) in some 
sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.
   v6.10.1
   Fix types
   Fix addSchema (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1001";>#1001)
   Update dependencies
   v6.10.0
   Option strictDefaults to report ignored defaults (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/957";>#957,
 https://github.com/not-an-aardvark";>@not-an-aardvark)
   Option strictKeywords to report unknown keywords (https://github-redirect.dependabot.com/ajv-validator/ajv/issues/781";>#781)
   v6.9.0
   OpenAPI keyword nullable can be any boolean (and not only 
true).
   Custom keyword definition changes:
   
   dependencies option in  to require the presence of keywords 
in the same schema.
   
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/ajv-validator/ajv/commit/fe591439f34e24030f69df9eb8d91e6d037a3af7";>fe59143
 6.12.6
   https://github.com/ajv-validator/ajv/commit/d580d3e8ac6a467670d68d86e3a39fd661ac8c23";>d580d3e
 Merge pull request https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1298";>#1298
 from ajv-validator/fix-url
   https://github.com/ajv-validator/ajv/commit/fd363896a8d6c5697b5da41f4d9a400a84efaf8e";>fd36389
 fix: regular expression for "url" format
   https://github.com/ajv-validator/ajv/commit/490e34c4846064db5c962a77087e17078954c2f6";>490e34c
 docs: link to v7-beta branch
   https://github.com/ajv-validator/ajv/commit/9cd93a1bdbdefd5a7ba3db5e123d20c84d1d1d0e";>9cd93a1
 docs: note about v7 in readme
   https://github.com/ajv-validator/ajv/commit/877d286e7f145b1b2127da66c6800b071533f28f";>877d286
 Merge pull request https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1262";>#1262
 from b4h0-c4t/refactor-opt-object-type
   https://github.com/ajv-validator/ajv/commit/f1c8e45b9cdff918be28becf03bf0b339321c398";>f1c8e45
 6.12.5
   https://github.com/ajv-validator/ajv/commit/764035e201d7733b8d700d4a04dd079fef9f4d30";>764035e
 Merge branch 'ChALkeR-chalker/fix-comma'
   https://github.com/ajv-validator/ajv/commit/37981602ce6d43313ae106644b372b021626a8af";>3798160
 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into 
ChALkeR...
   https://github.com/ajv-validator/ajv/commit/a3c7ebab222e4cce07b5e30ebcbb809da7f934e8";>a3c7eba
 Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into 
refac...
   Additional commits viewable in https://github.com/ajv-validator/ajv/compare/v6.6.2...v6.12.6";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ajv&package-manager=npm_and_yarn&previous-version=6.6.2&new-version=6.12.6)](https://docs.github.com/en/github/managing-s

[GitHub] [ranger] dependabot[bot] opened a new pull request, #141: Bump pathval from 1.1.0 to 1.1.1 in /security-admin/src/test/javascript



dependabot[bot] opened a new pull request, #141:
URL: https://github.com/apache/ranger/pull/141

   Bumps [pathval](https://github.com/chaijs/pathval) from 1.1.0 to 1.1.1.
   
   Release notes
   Sourced from https://github.com/chaijs/pathval/releases";>pathval's 
releases.
   
   v1.1.1
   Fixes a security issue around prototype pollution.
   
   
   
   Commits
   
   https://github.com/chaijs/pathval/commit/db6c3e39c39859564704b7f37149082689f1b172";>db6c3e3
 chore: v1.1.1
   https://github.com/chaijs/pathval/commit/7859e0e1ce4c2c67de897edce097ed31f80661d0";>7859e0e
 Merge pull request https://github-redirect.dependabot.com/chaijs/pathval/issues/60";>#60 
from deleonio/fix/vulnerability-prototype-pollution
   https://github.com/chaijs/pathval/commit/49ce1f41a6f65662ac4b18a91c3d9c3baad71af1";>49ce1f4
 style: correct rule in package.json
   https://github.com/chaijs/pathval/commit/c77b9d29e4fadbbaf691c83eedc7d2224a2beb0f";>c77b9d2
 fix: prototype pollution vulnerability + working tests
   https://github.com/chaijs/pathval/commit/49031e451c381297ea3cf90917915377998b8678";>49031e4
 chore: remove very old nodejs
   https://github.com/chaijs/pathval/commit/57730a9baf5a4b814043e59c42f802ddd05a430d";>57730a9
 chore: update deps and tool configuration
   https://github.com/chaijs/pathval/commit/a1230184a33a18f4eb3a92817e9b7492e8082903";>a123018
 Merge pull request https://github-redirect.dependabot.com/chaijs/pathval/issues/55";>#55 
from chaijs/remove-lgtm
   https://github.com/chaijs/pathval/commit/07eb4a810fbba54c084266e26689014f64befc11";>07eb4a8
 Delete MAINTAINERS
   https://github.com/chaijs/pathval/commit/a0147cdb1df2e9e3c6e5a7865641099312ed95a8";>a0147cd
 Merge pull request https://github-redirect.dependabot.com/chaijs/pathval/issues/54";>#54 
from astorije/patch-1
   https://github.com/chaijs/pathval/commit/aebb27810c0bcb7a0f0c6a06047242940deb9c82";>aebb278
 Center repo name on README
   Additional commits viewable in https://github.com/chaijs/pathval/compare/v1.1.0...v1.1.1";>compare 
view
   
   
   
   Maintainer changes
   This version was pushed to npm by https://www.npmjs.com/~chai";>chai, a new releaser for pathval since 
your current version.
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pathval&package-manager=npm_and_yarn&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
   - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
   - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
   - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
   
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/ranger/network/alerts).
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact I

[GitHub] [ranger] dependabot[bot] opened a new pull request, #140: Bump karma from 3.1.4 to 6.3.16 in /security-admin/src/test/javascript



dependabot[bot] opened a new pull request, #140:
URL: https://github.com/apache/ranger/pull/140

   Bumps [karma](https://github.com/karma-runner/karma) from 3.1.4 to 6.3.16.
   
   Release notes
   Sourced from https://github.com/karma-runner/karma/releases";>karma's 
releases.
   
   v6.3.16
   https://github.com/karma-runner/karma/compare/v6.3.15...v6.3.16";>6.3.16
 (2022-02-10)
   Bug Fixes
   
   security: mitigate the "Open Redirect 
Vulnerability" (https://github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d";>ff7edbb)
   
   v6.3.15
   https://github.com/karma-runner/karma/compare/v6.3.14...v6.3.15";>6.3.15
 (2022-02-05)
   Bug Fixes
   
   helper: make mkdirIfNotExists helper resilient to 
concurrent calls (https://github.com/karma-runner/karma/commit/d9dade2f004a340e49c9a633177576200c286404";>d9dade2),
 closes https://github-redirect.dependabot.com//github-redirect.dependabot.com/karma-runner/karma-coverage/issues/434/issues/issuecomment-1017939333";>karma-runner/karma-coverage#434
   
   v6.3.14
   https://github.com/karma-runner/karma/compare/v6.3.13...v6.3.14";>6.3.14
 (2022-02-05)
   Bug Fixes
   
   remove string template from client code (https://github.com/karma-runner/karma/commit/91d5acda6325caf91685da465d688527bd412b47";>91d5acd)
   warn when singleRun and autoWatch are 
false (https://github.com/karma-runner/karma/commit/69cfc763c8f83e8e7e64d34e17829d0d3dcc0449";>69cfc76)
   security: remove XSS vulnerability in 
returnUrl query param (https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a";>839578c)
   
   v6.3.13
   https://github.com/karma-runner/karma/compare/v6.3.12...v6.3.13";>6.3.13
 (2022-01-31)
   Bug Fixes
   
   deps: bump log4js to resolve security issue (https://github.com/karma-runner/karma/commit/5bf2df304453c8f71ebc725653fd174ddb1dd28b";>5bf2df3),
 closes https://github-redirect.dependabot.com/karma-runner/karma/issues/3751";>#3751
   
   v6.3.12
   https://github.com/karma-runner/karma/compare/v6.3.11...v6.3.12";>6.3.12
 (2022-01-24)
   Bug Fixes
   
   remove depreciation warning from log4js (https://github.com/karma-runner/karma/commit/41bed33bf4b88c7e0787ca3a5ec15f2913b936fd";>41bed33)
   
   v6.3.11
   https://github.com/karma-runner/karma/compare/v6.3.10...v6.3.11";>6.3.11
 (2022-01-13)
   Bug Fixes
   
   deps: pin colors package to 1.4.0 due to security 
vulnerability (https://github.com/karma-runner/karma/commit/a5219c52e2515248eefae4fe1863ac8ad3fdd43b";>a5219c5)
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/karma-runner/karma/blob/master/CHANGELOG.md";>karma's 
changelog.
   
   https://github.com/karma-runner/karma/compare/v6.3.15...v6.3.16";>6.3.16
 (2022-02-10)
   Bug Fixes
   
   security: mitigate the "Open Redirect 
Vulnerability" (https://github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d";>ff7edbb)
   
   https://github.com/karma-runner/karma/compare/v6.3.14...v6.3.15";>6.3.15
 (2022-02-05)
   Bug Fixes
   
   helper: make mkdirIfNotExists helper resilient to 
concurrent calls (https://github.com/karma-runner/karma/commit/d9dade2f004a340e49c9a633177576200c286404";>d9dade2),
 closes https://github-redirect.dependabot.com//github-redirect.dependabot.com/karma-runner/karma-coverage/issues/434/issues/issuecomment-1017939333";>karma-runner/karma-coverage#434
   
   https://github.com/karma-runner/karma/compare/v6.3.13...v6.3.14";>6.3.14
 (2022-02-05)
   Bug Fixes
   
   remove string template from client code (https://github.com/karma-runner/karma/commit/91d5acda6325caf91685da465d688527bd412b47";>91d5acd)
   warn when singleRun and autoWatch are 
false (https://github.com/karma-runner/karma/commit/69cfc763c8f83e8e7e64d34e17829d0d3dcc0449";>69cfc76)
   security: remove XSS vulnerability in 
returnUrl query param (https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a";>839578c)
   
   https://github.com/karma-runner/karma/compare/v6.3.12...v6.3.13";>6.3.13
 (2022-01-31)
   Bug Fixes
   
   deps: bump log4js to resolve security issue (https://github.com/karma-runner/karma/commit/5bf2df304453c8f71ebc725653fd174ddb1dd28b";>5bf2df3),
 closes https://github-redirect.dependabot.com/karma-runner/karma/issues/3751";>#3751
   
   https://github.com/karma-runner/karma/compare/v6.3.11...v6.3.12";>6.3.12
 (2022-01-24)
   Bug Fixes
   
   remove depreciation warning from log4js (https://github.com/karma-runner/karma/commit/41bed33bf4b88c7e0787ca3a5ec15f2913b936fd";>41bed33)
   
   https://github.com/karma-runner/karma/compare/v6.3.10...v6.3.11";>6.3.11
 (2022-01-13)
   Bug Fixes
   
   deps: pin colors package to 1.4.0 due to security 
vulnerability (https://github.com/karma-runner/karma/commit/a5219c52e2515248eefae4fe1863ac8ad3fdd43b";>a5219c5)
   
   https://github.com/karma-runner/karma/compare/v6.3.9...v6.3.10";>6.3.10
 (2022-01-08)
   Bug Fixes
   
   logger: create parent folders if they are missing (https://gi

[GitHub] [ranger] dependabot[bot] opened a new pull request, #139: Bump lodash from 4.17.11 to 4.17.21 in /security-admin/src/test/javascript



dependabot[bot] opened a new pull request, #139:
URL: https://github.com/apache/ranger/pull/139

   Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21.
   
   Commits
   
   https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538";>f299b52
 Bump to v4.17.21
   https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a";>c4847eb
 Improve performance of toNumber, trim and 
trimEnd on large input strings
   https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c";>3469357
 Prevent command injection through _.template's 
variable option
   https://github.com/lodash/lodash/commit/ded9bc66583ed0b4e3b7dc906206d40757b4a90a";>ded9bc6
 Bump to v4.17.20.
   https://github.com/lodash/lodash/commit/63150ef7645ac07961b63a86490f419f356429aa";>63150ef
 Documentation fixes.
   https://github.com/lodash/lodash/commit/00f0f62a979d2f5fa0287c06eae70cf9a62d8794";>00f0f62
 test.js: Remove trailing comma.
   https://github.com/lodash/lodash/commit/846e434c7a5b5692c55ebf5715ed677b70a32389";>846e434
 Temporarily use a custom fork of lodash-cli.
   https://github.com/lodash/lodash/commit/5d046f39cbd27f573914768e3b36eeefcc4f1229";>5d046f3
 Re-enable Travis tests on 4.17 branch.
   https://github.com/lodash/lodash/commit/aa816b36d402a1ad9385142ce7188f17dae514fd";>aa816b3
 Remove /npm-package.
   https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056";>d7fbc52
 Bump to v4.17.19
   Additional commits viewable in https://github.com/lodash/lodash/compare/4.17.11...4.17.21";>compare 
view
   
   
   
   Maintainer changes
   This version was pushed to npm by https://www.npmjs.com/~bnjmnt4n";>bnjmnt4n, a new releaser for lodash 
since your current version.
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.11&new-version=4.17.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
   - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
   - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
   - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
   
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/ranger/network/alerts).
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ranger] dependabot[bot] opened a new pull request, #138: Bump chownr from 1.0.1 to 1.1.4 in /security-admin/src/test/javascript



dependabot[bot] opened a new pull request, #138:
URL: https://github.com/apache/ranger/pull/138

   Bumps [chownr](https://github.com/isaacs/chownr) from 1.0.1 to 1.1.4.
   
   Commits
   
   https://github.com/isaacs/chownr/commit/814f6422241dcc1bbb324fa29cd6d9f6dc2141ae";>814f642
 1.1.4
   https://github.com/isaacs/chownr/commit/a0d7ae045f7b22ee18d6b4dcb715159e1ac47e2b";>a0d7ae0
 push to github before npm
   https://github.com/isaacs/chownr/commit/1a3667a46bd39258abf3a2ecad8ccc87e0e725fd";>1a3667a
 ignore stuff
   https://github.com/isaacs/chownr/commit/147eac4e83001962190f723ca21a70f852c4466c";>147eac4
 Full tests, handle errors properly in many cases
   https://github.com/isaacs/chownr/commit/578fb9fcd8d3050a99670fca57f67cd6546fcadb";>578fb9f
 update tap, fix rimraf version
   https://github.com/isaacs/chownr/commit/5bbda8cba1c955dbb0ff4da573254e207f8775ca";>5bbda8c
 feat: ignore ENOENT errors during chown
   https://github.com/isaacs/chownr/commit/deaa058afe2a04c6528965a218ece1226a9ee2ae";>deaa058
 1.1.3
   https://github.com/isaacs/chownr/commit/190e311f56ebac9479e4d11eab4c9ff82154927a";>190e311
 Don't early-capture the fs.lchownSync method
   https://github.com/isaacs/chownr/commit/df2826aea557202e98ce6646a7ba509b9caa64ec";>df2826a
 push to git with 1 command, not 2
   https://github.com/isaacs/chownr/commit/cf3b27b5723045b01f7bbe68a874423d978683f7";>cf3b27b
 1.1.2
   Additional commits viewable in https://github.com/isaacs/chownr/compare/v1.0.1...v1.1.4";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chownr&package-manager=npm_and_yarn&previous-version=1.0.1&new-version=1.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
   - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
   - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
   - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
   
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/ranger/network/alerts).
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ranger] dependabot[bot] opened a new pull request, #137: Bump follow-redirects from 1.6.1 to 1.14.9 in /security-admin/src/test/javascript



dependabot[bot] opened a new pull request, #137:
URL: https://github.com/apache/ranger/pull/137

   Bumps 
[follow-redirects](https://github.com/follow-redirects/follow-redirects) from 
1.6.1 to 1.14.9.
   
   Commits
   
   https://github.com/follow-redirects/follow-redirects/commit/13136e95bbe23cabbeaeb74bd0c933aa98dd9b96";>13136e9
 Release version 1.14.9 of the npm package.
   https://github.com/follow-redirects/follow-redirects/commit/2ec9b0ba850b932e82cf7fdc835e5136d0d0c8ad";>2ec9b0b
 Keep headers when upgrading from HTTP to HTTPS.
   https://github.com/follow-redirects/follow-redirects/commit/5fc74dd975b88a82508679cc0fda63f8c6a396ec";>5fc74dd
 Reduce nesting.
   https://github.com/follow-redirects/follow-redirects/commit/3d81dc3237b4ffe8b722bb3d1c70a7866657166e";>3d81dc3
 Release version 1.14.8 of the npm package.
   https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445";>62e546a
 Drop confidential headers across schemes.
   https://github.com/follow-redirects/follow-redirects/commit/2ede36d7c60d3acdcd324dcd99a9dbd52e4fb3a6";>2ede36d
 Release version 1.14.7 of the npm package.
   https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22";>8b347cb
 Drop Cookie header across domains.
   https://github.com/follow-redirects/follow-redirects/commit/6f5029ae1a0fdab4dc25f6379a5ee303c2319070";>6f5029a
 Release version 1.14.6 of the npm package.
   https://github.com/follow-redirects/follow-redirects/commit/af706bee57de954414c0bde0a9f33e62beea3e52";>af706be
 Ignore null headers.
   https://github.com/follow-redirects/follow-redirects/commit/d01ab7a5c5df3617c7a40a03de7af6427fdfac55";>d01ab7a
 Release version 1.14.5 of the npm package.
   Additional commits viewable in https://github.com/follow-redirects/follow-redirects/compare/v1.6.1...v1.14.9";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.6.1&new-version=1.14.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
   - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
   - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
   - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
   
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/ranger/network/alerts).
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Review Request 73880: RANGER-3231: Ranger-Kafka-Plugin implementing Kafka Authorizer from KIP-504

2022-04-06 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73880/#review224260
---


Ship it!




Ship It!

- Ramesh Mani


On April 6, 2022, 7:53 p.m., Andras Katona wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73880/
> ---
> 
> (Updated April 6, 2022, 7:53 p.m.)
> 
> 
> Review request for ranger and Ramesh Mani.
> 
> 
> Bugs: RANGER-3231
> https://issues.apache.org/jira/browse/RANGER-3231
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> kafka.security.auth.Authorizer has been deprecated since December 2019, and
> it's removed in Apache Kafka 3.0
> 
> 
> Diffs
> -
> 
>   plugin-kafka/pom.xml d95f591fe 
>   
> plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  97a2f2ec7 
>   ranger-kafka-plugin-shim/pom.xml 3264138a8 
>   
> ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  b84b765c2 
> 
> 
> Diff: https://reviews.apache.org/r/73880/diff/4/
> 
> 
> Testing
> ---
> 
> unit tests executed via maven
> 
> related PR: https://github.com/apache/ranger/pull/133 - currently executing 
> checks, last time failed with unrelated compile error: missing dependency
> 
> 
> Thanks,
> 
> Andras Katona
> 
>

Re: Review Request 73880: RANGER-3231: Ranger-Kafka-Plugin implementing Kafka Authorizer from KIP-504

2022-04-06 Thread Andras Katona via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73880/
---

(Updated April 6, 2022, 7:53 p.m.)


Review request for ranger and Ramesh Mani.


Changes
---

null check


Bugs: RANGER-3231
https://issues.apache.org/jira/browse/RANGER-3231


Repository: ranger


Description
---

kafka.security.auth.Authorizer has been deprecated since December 2019, and
it's removed in Apache Kafka 3.0


Diffs (updated)
-

  plugin-kafka/pom.xml d95f591fe 
  
plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
 97a2f2ec7 
  ranger-kafka-plugin-shim/pom.xml 3264138a8 
  
ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
 b84b765c2 


Diff: https://reviews.apache.org/r/73880/diff/4/

Changes: https://reviews.apache.org/r/73880/diff/3-4/


Testing
---

unit tests executed via maven

related PR: https://github.com/apache/ranger/pull/133 - currently executing 
checks, last time failed with unrelated compile error: missing dependency


Thanks,

Andras Katona

Re: Review Request 73927: RANGER-3692: Ranger cannot connect to the DB when the DB is outaged for a long time

2022-04-06 Thread Zilong Zhu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73927/
---

(Updated 四月 6, 2022, 3:34 p.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan 
Periasamy.


Changes
---

Upgrade c3p0 to 0.9.5.5. Build successful - mvn clean compile test verify 
install


Bugs: RANGER-3692
https://issues.apache.org/jira/browse/RANGER-3692


Repository: ranger


Description
---

We had a database problem where the database was offline for more than a week. 
However ranger connot connect to the DB. I found out that this is a bug in c3p0 
0.9.5.3. This bug was resolved in 0.9.5.4. So I suggest to upgrade the version 
of c3p0 to 0.9.5.4.


Diffs (updated)
-

  pom.xml 252463227 


Diff: https://reviews.apache.org/r/73927/diff/2/

Changes: https://reviews.apache.org/r/73927/diff/1-2/


Testing
---

Build successful - mvn clean compile test verify install


Thanks,

Zilong Zhu

[jira] [Updated] (RANGER-3692) Ranger cannot connect to the DB when the DB is outaged for a long time

2022-04-06 Thread Zilong Zhu (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-3692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zilong Zhu updated RANGER-3692:
---
Attachment: 0002-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch

> Ranger cannot connect to the DB when the DB is outaged for a long time
> --
>
> Key: RANGER-3692
> URL: https://issues.apache.org/jira/browse/RANGER-3692
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.1.0
>Reporter: Zilong Zhu
>Assignee: Zilong Zhu
>Priority: Major
> Attachments: 
> 0001-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch, 
> 0002-RANGER-3692-Ranger-cannot-connect-to-the-DB-when-the.patch
>
>
> We had a database problem where the database was offline for more than a 
> week. However ranger connot connect to the DB.
> {code:java}
> Internal Exception: java.sql.SQLException: Connections could not be acquired 
> from the underlying database!
> [C3P0PooledConnectionPoolManager[identityToken->1hgf80qaljdycrokead8h|73c6299]-HelperThread-#0]
>  WARN  com.mchange.v2.log.slf4j.Slf4jMLog$Slf4jMLogger$WarnLogger 
> (Slf4jMLog.java:223) - 
> com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask@7179549 -- 
> Acquisition Attempt Failed!!! Clearing pending acquires. While trying to 
> acquire a needed new resource, we failed to succeed more than the maximum 
> number of allowed acquisition attempts (30). Last acquisition attempt 
> exception:
> com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link 
> failure
> [C3P0PooledConnectionPoolManager[identityToken->1hgf80qaljdycrokead8h|73c6299]-HelperThread-#0]
>  WARN  com.mchange.v2.log.slf4j.Slf4jMLog$Slf4jMLogger$WarnLogger 
> (Slf4jMLog.java:220) - Having failed to acquire a resource, 
> com.mchange.v2.resourcepool.BasicResourcePool@5efb2b9 is interrupting all 
> Threads waiting on a resource to check out. Will try again in response to new 
> client requests. {code}
> {code:java}
> Internal Exception: java.sql.SQLException: An SQLException was provoked by 
> the following failure: com.mchange.v2.resourcepool.ResourcePoolException: A 
> ResourcePool cannot acquire a new resource -- the factory or source appears 
> to be down.
> {code}
> I found out that this is a bug in c3p0 0.9.5.3. This bug was resolved in 
> 0.9.5.4. So I suggest to upgrade the version of c3p0 to 0.9.5.4. 
> [Force kill acquires by rscadrde · Pull Request #91 · swaldman/c3p0 · 
> GitHub|https://github.com/swaldman/c3p0/pull/91]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73880: RANGER-3231: Ranger-Kafka-Plugin implementing Kafka Authorizer from KIP-504

2022-04-06 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73880/#review224258
---




plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
Lines 257 (patched)


Can the clientAddress() be null?


- Ramesh Mani


On March 26, 2022, 10:54 a.m., Andras Katona wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73880/
> ---
> 
> (Updated March 26, 2022, 10:54 a.m.)
> 
> 
> Review request for ranger and Ramesh Mani.
> 
> 
> Bugs: RANGER-3231
> https://issues.apache.org/jira/browse/RANGER-3231
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> kafka.security.auth.Authorizer has been deprecated since December 2019, and
> it's removed in Apache Kafka 3.0
> 
> 
> Diffs
> -
> 
>   plugin-kafka/pom.xml d95f591fe 
>   
> plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  97a2f2ec7 
>   ranger-kafka-plugin-shim/pom.xml 3264138a8 
>   
> ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  b84b765c2 
> 
> 
> Diff: https://reviews.apache.org/r/73880/diff/3/
> 
> 
> Testing
> ---
> 
> unit tests executed via maven
> 
> related PR: https://github.com/apache/ranger/pull/133 - currently executing 
> checks, last time failed with unrelated compile error: missing dependency
> 
> 
> Thanks,
> 
> Andras Katona
> 
>

[jira] [Commented] (RANGER-3691) Upgrade spring to 5.3.18 CVE-2022-22965

2022-04-06 Thread Christian Pfarr (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518176#comment-17518176
 ] 

Christian Pfarr commented on RANGER-3691:
-

Hey guys,

would it be possible to create a 2.2.1 release? 

i´ve built it on my own based on 2.2.0 and everything works with spring 5.3.18 
but an official release would help others maybe.

Regards,

Christian

> Upgrade spring to 5.3.18 CVE-2022-22965
> ---
>
> Key: RANGER-3691
> URL: https://issues.apache.org/jira/browse/RANGER-3691
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, kms
>Reporter: kirby zhou
>Assignee: kirby zhou
>Priority: Blocker
> Fix For: 3.0.0
>
>
> [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [https://github.com/spring-projects/spring-framework/releases]
>  
> Spring has a new 0day Remote-Code-Execution problem, related to spring-beans 
> and JDK9+
> Fixed at spring 5.3.18 / 5.2.20
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (RANGER-3699) Ranger - Upgrade poi to 5.2.1+

Mateen N Mansoori created RANGER-3699:
-

 Summary: Ranger - Upgrade poi to 5.2.1+
 Key: RANGER-3699
 URL: https://issues.apache.org/jira/browse/RANGER-3699
 Project: Ranger
  Issue Type: Task
  Components: Ranger
Reporter: Mateen N Mansoori
 Fix For: 3.0.0, 2.3.0






--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (RANGER-3698) Ranger - Upgrade kylin to 3.1.3

Mateen N Mansoori created RANGER-3698:
-

 Summary: Ranger - Upgrade kylin to 3.1.3
 Key: RANGER-3698
 URL: https://issues.apache.org/jira/browse/RANGER-3698
 Project: Ranger
  Issue Type: Task
  Components: Ranger
Reporter: Mateen N Mansoori


Ranger is currently pulling in kylin 2.6.6, This task is to track kylin verison 
upgrade to 3.1.3



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3661) Ranger - Upgrade netty to 4.1.72-final