[jira] [Created] (ZEPPELIN-5997) Upgrade to Java 11 as the minimum version
PJ Fanning created ZEPPELIN-5997: Summary: Upgrade to Java 11 as the minimum version Key: ZEPPELIN-5997 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5997 Project: Zeppelin Issue Type: Task Reporter: PJ Fanning Zeppelin is an application so you have more leeway to upgrade than lib maintainers do. Some of the dependencies that Zeppelin uses have already abandoned Java 8 support. There is even an argument to go for Java 17. Spring has already abandoned Java 11. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (ZEPPELIN-5996) Zeppelin bundles json-20180813.jar but this has a Category X license
PJ Fanning created ZEPPELIN-5996: Summary: Zeppelin bundles json-20180813.jar but this has a Category X license Key: ZEPPELIN-5996 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5996 Project: Zeppelin Issue Type: Task Reporter: PJ Fanning https://www.apache.org/legal/resolved.html lists this as nonsensical and not allowed in ASF projects. JSON License - links to https://www.json.org/license.html Prevents the jar being used for evil. In theory, we can force an upgrade to a version that uses Public Domain and gets rid of the good vs evil nonsense. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [ANNOUCE] Zeppelin 0.11.0 is released
I did a quick verification of some 0.11.0 jars and they seem fine. Regarding the sap jar - that has a reported security issue, so we will need to say in the CVE that it will never be fixed. On 2024/02/16 16:32:20 Jongyoul Lee wrote: > Hello PJ Fanning, > > Thank you for checking it. BTW, zeppelin:sap is deprecated and it won't be > released in 0.11.0. Is there any concern that I have to take care of it? > > Best regards, > Jongyoul > > 2024년 2월 16일 (금) 오후 11:43, PJ Fanning 님이 작성: > > > My verification is incomplete but I did find that at least one jar is > > missing from: > > https://repository.apache.org/content/groups/staging/org/apache/zeppelin/ > > > > The `org.apache.zeppelin:sap` jar is missing for v0.11.0. > > > > > > > > On 2024/02/16 13:29:29 PJ Fanning wrote: > > > Thanks Jongyoul. I can see the jars in repository.apache.org and I can > > see the release button. > > > > > > Could you leave the jars for a day or so that people can have a look at > > them? I can have a quick look tonight. > > > > > > On 2024/02/16 12:48:12 Jongyoul Lee wrote: > > > > Hello, > > > > > > > > Sorry, I missed it. I uploaded them now but I cannot find the release > > > > button. Should I get another permission to release it? > > > > > > > > Could you please check it? > > > > > > > > Best regards, > > > > Jongyoul > > > > > > > > 2024년 2월 16일 (금) 오전 9:45, PJ Fanning 님이 작성: > > > > > > > > > Congratulations to everyone on the release. > > > > > > > > > > I was looking at Maven Central and the Apache Nexus Server [1] and > > the > > > > > 0.11.0 jars do not appear to have been released. Is there a plan to > > release > > > > > them? > > > > > > > > > > [1] https://repository.apache.org/ > > > > > > > > > > On 2024/02/11 17:24:29 Jongyoul Lee wrote: > > > > > > Hello, > > > > > > > > > > > > The Apache Zeppelin community is pleased to announce the > > availability > > > > > > of the 0.11.0 release. > > > > > > > > > > > > Zeppelin is a collaborative data analytics and visualization tool > > for > > > > > > distributed, general-purpose data processing system such as Apache > > > > > > Spark, Apache Flink, Apache Cassandra and etc. > > > > > > > > > > > > It is the first release in two years. The community improved to > > Java > > > > > > 11, Spark 3.5, Flink 1.17, and Python 3.9. > > > > > > > > > > > > We encourage you to download the latest release > > > > > > fromhttp://zeppelin.apache.org/download.html > > > > > > > > > > > > The easiest way to try Zeppelin is to run the shipped tutorial > > notes > > > > > > via docker image > > > > > > > > > > > > > > > > > > > https://zeppelin.apache.org/download.html#using-the-official-docker-image > > > > > > > > > > > > We welcome your help and feedback. For more information on the > > project > > > > > > and how to get involved, visit our website at > > > > > > http://zeppelin.apache.org/ > > > > > > > > > > > > Thank you all users and contributors who have helped to improve > > Apache > > > > > > Zeppelin. Welcome to join our community to discuss with others > > > > > > > > https://zeppelin.apache.org/community.html#mailing-list--slack-channel > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > > Jongyoul Lee > > > > > > > > > > > > > > > > > > > > > > > -- > > > > 이종열, Jongyoul Lee, 李宗烈 > > > > http://madeng.net > > > > > > > > > > > > -- > 이종열, Jongyoul Lee, 李宗烈 > http://madeng.net >
Re: [ANNOUCE] Zeppelin 0.11.0 is released
My verification is incomplete but I did find that at least one jar is missing from: https://repository.apache.org/content/groups/staging/org/apache/zeppelin/ The `org.apache.zeppelin:sap` jar is missing for v0.11.0. On 2024/02/16 13:29:29 PJ Fanning wrote: > Thanks Jongyoul. I can see the jars in repository.apache.org and I can see > the release button. > > Could you leave the jars for a day or so that people can have a look at them? > I can have a quick look tonight. > > On 2024/02/16 12:48:12 Jongyoul Lee wrote: > > Hello, > > > > Sorry, I missed it. I uploaded them now but I cannot find the release > > button. Should I get another permission to release it? > > > > Could you please check it? > > > > Best regards, > > Jongyoul > > > > 2024년 2월 16일 (금) 오전 9:45, PJ Fanning 님이 작성: > > > > > Congratulations to everyone on the release. > > > > > > I was looking at Maven Central and the Apache Nexus Server [1] and the > > > 0.11.0 jars do not appear to have been released. Is there a plan to > > > release > > > them? > > > > > > [1] https://repository.apache.org/ > > > > > > On 2024/02/11 17:24:29 Jongyoul Lee wrote: > > > > Hello, > > > > > > > > The Apache Zeppelin community is pleased to announce the availability > > > > of the 0.11.0 release. > > > > > > > > Zeppelin is a collaborative data analytics and visualization tool for > > > > distributed, general-purpose data processing system such as Apache > > > > Spark, Apache Flink, Apache Cassandra and etc. > > > > > > > > It is the first release in two years. The community improved to Java > > > > 11, Spark 3.5, Flink 1.17, and Python 3.9. > > > > > > > > We encourage you to download the latest release > > > > fromhttp://zeppelin.apache.org/download.html > > > > > > > > The easiest way to try Zeppelin is to run the shipped tutorial notes > > > > via docker image > > > > > > > > > > > https://zeppelin.apache.org/download.html#using-the-official-docker-image > > > > > > > > We welcome your help and feedback. For more information on the project > > > > and how to get involved, visit our website at > > > > http://zeppelin.apache.org/ > > > > > > > > Thank you all users and contributors who have helped to improve Apache > > > > Zeppelin. Welcome to join our community to discuss with others > > > > https://zeppelin.apache.org/community.html#mailing-list--slack-channel > > > > > > > > > > > > Best regards, > > > > > > > > Jongyoul Lee > > > > > > > > > > > > > -- > > 이종열, Jongyoul Lee, 李宗烈 > > http://madeng.net > > >
Re: [ANNOUCE] Zeppelin 0.11.0 is released
Thanks Jongyoul. I can see the jars in repository.apache.org and I can see the release button. Could you leave the jars for a day or so that people can have a look at them? I can have a quick look tonight. On 2024/02/16 12:48:12 Jongyoul Lee wrote: > Hello, > > Sorry, I missed it. I uploaded them now but I cannot find the release > button. Should I get another permission to release it? > > Could you please check it? > > Best regards, > Jongyoul > > 2024년 2월 16일 (금) 오전 9:45, PJ Fanning 님이 작성: > > > Congratulations to everyone on the release. > > > > I was looking at Maven Central and the Apache Nexus Server [1] and the > > 0.11.0 jars do not appear to have been released. Is there a plan to release > > them? > > > > [1] https://repository.apache.org/ > > > > On 2024/02/11 17:24:29 Jongyoul Lee wrote: > > > Hello, > > > > > > The Apache Zeppelin community is pleased to announce the availability > > > of the 0.11.0 release. > > > > > > Zeppelin is a collaborative data analytics and visualization tool for > > > distributed, general-purpose data processing system such as Apache > > > Spark, Apache Flink, Apache Cassandra and etc. > > > > > > It is the first release in two years. The community improved to Java > > > 11, Spark 3.5, Flink 1.17, and Python 3.9. > > > > > > We encourage you to download the latest release > > > fromhttp://zeppelin.apache.org/download.html > > > > > > The easiest way to try Zeppelin is to run the shipped tutorial notes > > > via docker image > > > > > > > > https://zeppelin.apache.org/download.html#using-the-official-docker-image > > > > > > We welcome your help and feedback. For more information on the project > > > and how to get involved, visit our website at > > > http://zeppelin.apache.org/ > > > > > > Thank you all users and contributors who have helped to improve Apache > > > Zeppelin. Welcome to join our community to discuss with others > > > https://zeppelin.apache.org/community.html#mailing-list--slack-channel > > > > > > > > > Best regards, > > > > > > Jongyoul Lee > > > > > > > > -- > 이종열, Jongyoul Lee, 李宗烈 > http://madeng.net >
Re: [ANNOUCE] Zeppelin 0.11.0 is released
Congratulations to everyone on the release. I was looking at Maven Central and the Apache Nexus Server [1] and the 0.11.0 jars do not appear to have been released. Is there a plan to release them? [1] https://repository.apache.org/ On 2024/02/11 17:24:29 Jongyoul Lee wrote: > Hello, > > The Apache Zeppelin community is pleased to announce the availability > of the 0.11.0 release. > > Zeppelin is a collaborative data analytics and visualization tool for > distributed, general-purpose data processing system such as Apache > Spark, Apache Flink, Apache Cassandra and etc. > > It is the first release in two years. The community improved to Java > 11, Spark 3.5, Flink 1.17, and Python 3.9. > > We encourage you to download the latest release > fromhttp://zeppelin.apache.org/download.html > > The easiest way to try Zeppelin is to run the shipped tutorial notes > via docker image > > https://zeppelin.apache.org/download.html#using-the-official-docker-image > > We welcome your help and feedback. For more information on the project > and how to get involved, visit our website at > http://zeppelin.apache.org/ > > Thank you all users and contributors who have helped to improve Apache > Zeppelin. Welcome to join our community to discuss with others > https://zeppelin.apache.org/community.html#mailing-list--slack-channel > > > Best regards, > > Jongyoul Lee >
[jira] [Created] (ZEPPELIN-5987) release notes missing for last few releases
PJ Fanning created ZEPPELIN-5987: Summary: release notes missing for last few releases Key: ZEPPELIN-5987 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5987 Project: Zeppelin Issue Type: Improvement Reporter: PJ Fanning https://zeppelin.apache.org/download.html has a link for the 0.10.1 release but it is broken. Likewise - 0.10.0 https://zeppelin.apache.org/releases/ - 0.9.0 is the last release with release notes. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (ZEPPELIN-5790) upgrade gson due to CVE-2022-25647
PJ Fanning created ZEPPELIN-5790: Summary: upgrade gson due to CVE-2022-25647 Key: ZEPPELIN-5790 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5790 Project: Zeppelin Issue Type: Improvement Reporter: PJ Fanning https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647 Dependabot has opened: * https://github.com/apache/zeppelin/pull/4381 * https://github.com/apache/zeppelin/pull/4380 * https://github.com/apache/zeppelin/pull/4372 * https://github.com/apache/zeppelin/pull/4371 * https://github.com/apache/zeppelin/pull/4370 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (ZEPPELIN-5710) make hadoop 2.10.1 the minimum support hadoop version
PJ Fanning created ZEPPELIN-5710: Summary: make hadoop 2.10.1 the minimum support hadoop version Key: ZEPPELIN-5710 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5710 Project: Zeppelin Issue Type: Improvement Reporter: PJ Fanning Hadoop 2.10.1 is the oldest release not to have CVEs (athough some transitive dependencies may need to be upgraded too) https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/2.10.1 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5696) upgrade postgresql to 42.3.3 due to security issues
PJ Fanning created ZEPPELIN-5696: Summary: upgrade postgresql to 42.3.3 due to security issues Key: ZEPPELIN-5696 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5696 Project: Zeppelin Issue Type: Improvement Reporter: PJ Fanning https://github.com/advisories/GHSA-88cc-g835-76rp -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Interpreter maintenance
This issue is intermittent but is not currently happening - see https://github.com/twitter/hadoop-lzo/issues/148 for context. On 2022/03/23 13:29:17 Peter Lee wrote: > Hi Jeff, > > I'm new to Zeppelin recently. I was trying to build Zeppelin from source, but > unfortunately I met this problem you mentioned about the missing of maven > dependencies from scalding. > > Do you have any work around about this? Or I should wait until you remove > scalding interpreter? > > cheers, > Lee > > On 2022/03/23 12:19:24 Jeff Zhang wrote: > > I plan to remove scalding interpreter. Recently it causes CI fail because > > the dependency can not be downloaded (dependency is in twitter repository) > > And scalding interpreter is still based on scala 2.10, while the latest > > scalding is in 2.12 and 2.11 (not 2.10 supported) > > https://mvnrepository.com/artifact/com.twitter/scalding-core > > > > > > On Mon, Jan 3, 2022 at 9:18 AM Jongyoul Lee wrote: > > > > > Hello Alex, > > > > > > Thank you for the update. I wanted to get this kind of feedback. I’ll > > > update the wiki with your comment. > > > > > > Happy new year!! > > > > > > Regards, > > > Jongyoul Lee > > > > > > 2022년 1월 3일 (월) 00:29, Alex Ott 님이 작성: > > > > > > > Cassandra interpreter should just work with new dependency - there are > > > > enough tests to catch up problems during upgrade. Also, new versions of > > > the > > > > driver don't bring a lot of things related to interpreter, so old > > > > version > > > > of the driver should just work. > > > > > > > > On Sun, Jan 2, 2022 at 3:43 PM Jongyoul Lee wrote: > > > > > > > > > Hello, > > > > > > > > > > I made a proposal for maintaining interpreters for the future. > > > > > - > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/ZEPPELIN/Interpreter+Maintenance > > > > > > > > > > Please check it and leave your comments freely on the thread of this > > > > > email, comments on the wiki, and the threads of the slack channel. > > > > > > > > > > References > > > > > - https://the-asf.slack.com/archives/C4RDKR51R/p1632495099017000 > > > > > - https://lists.apache.org/thread/cxzsortyypgh4mnydzxfnljfnwnv2t5c > > > > > > > > > > > > > > > Regards, > > > > > Jongyoul Lee > > > > > > > > > > -- > > > > > 이종열, Jongyoul Lee, 李宗烈 > > > > > http://madeng.net > > > > > > > > > > > > > > > > > -- > > > > With best wishes,Alex Ott > > > > http://alexott.net/ > > > > Twitter: alexott_en (English), alexott (Russian) > > > > > > > -- > > > 이종열, Jongyoul Lee, 李宗烈 > > > http://madeng.net > > > > > > > > > -- > > Best Regards > > > > Jeff Zhang > > >
[jira] [Created] (ZEPPELIN-5692) upgrade geode-core due to cve
PJ Fanning created ZEPPELIN-5692: Summary: upgrade geode-core due to cve Key: ZEPPELIN-5692 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5692 Project: Zeppelin Issue Type: Sub-task Reporter: PJ Fanning https://github.com/advisories/GHSA-mw25-f5r2-hpc6 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5690) upgrade jinjava due to cves
PJ Fanning created ZEPPELIN-5690: Summary: upgrade jinjava due to cves Key: ZEPPELIN-5690 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5690 Project: Zeppelin Issue Type: Sub-task Reporter: PJ Fanning * https://github.com/advisories/GHSA-2hjr-fg6c-v2h6 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12668 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5685) upgrade shiro
PJ Fanning created ZEPPELIN-5685: Summary: upgrade shiro Key: ZEPPELIN-5685 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5685 Project: Zeppelin Issue Type: Sub-task Reporter: PJ Fanning https://github.com/advisories/GHSA-v98j-7crc-wvrj -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5684) upgrade bouncycastle due to cve
PJ Fanning created ZEPPELIN-5684: Summary: upgrade bouncycastle due to cve Key: ZEPPELIN-5684 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5684 Project: Zeppelin Issue Type: Bug Reporter: PJ Fanning part of ZEPPELIN-4657 * https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on * https://github.com/apache/hadoop/pull/3980 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5683) upgrade commons-compress and commons-io due to CVEs
PJ Fanning created ZEPPELIN-5683: Summary: upgrade commons-compress and commons-io due to CVEs Key: ZEPPELIN-5683 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5683 Project: Zeppelin Issue Type: Bug Reporter: PJ Fanning part of https://issues.apache.org/jira/browse/ZEPPELIN-4657 * https://mvnrepository.com/artifact/commons-io/commons-io * https://mvnrepository.com/artifact/org.apache.commons/commons-compress -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5679) tidy up inlineRemove in InterpreterSettingManager
PJ Fanning created ZEPPELIN-5679: Summary: tidy up inlineRemove in InterpreterSettingManager Key: ZEPPELIN-5679 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5679 Project: Zeppelin Issue Type: Improvement Reporter: PJ Fanning Issue where dir can be removed when maybe it shouldn't -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (ZEPPELIN-5665) rework SAP XML factory
PJ Fanning created ZEPPELIN-5665: Summary: rework SAP XML factory Key: ZEPPELIN-5665 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5665 Project: Zeppelin Issue Type: Improvement Reporter: PJ Fanning Tidy up existing code. -- This message was sent by Atlassian Jira (v8.20.1#820001)