[jira] [Created] (ZOOKEEPER-4047) C-Client does not return a error notification or callback
Parag created ZOOKEEPER-4047: Summary: C-Client does not return a error notification or callback Key: ZOOKEEPER-4047 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4047 Project: ZooKeeper Issue Type: Bug Reporter: Parag I have been using a zookeeper C-client libraries to communicate with the Zookeeper Cluster(Ensemble). The communication is set to be established using mTLS. While running some tests I had an incorrect certificate installed on the client side. I was expecting that the library would return a error indication AUTH failure or an callback session even indicating a failure. But it seems the no error or callback is returned in this case. I see the loglevel to DEBUG in the client and I don’t see any logs coming out either. I intend to write some re-try code and do some alarming based on the events returned by library . -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0
Il giorno mar 5 gen 2021 alle ore 15:48 Norbert Kalmar ha scritto: > It failed due to the CVE, and the fix was not a clean cherry-pick to 3.5. > Thank you Norbert, I didn't find any official "CANCELLED" response. no hurry Enrico > Then Holidays hit, and I didn't do RC2. Picking it up now, and checking > what needs to be backported and doing an RC2. > > - Norbert > > On Tue, Jan 5, 2021 at 12:26 PM Enrico Olivelli > wrote: > > > What's the status of this VOTE ? > > > > Enrico > > > > Il giorno mar 8 dic 2020 alle ore 21:28 Damien Diederen < > > ddiede...@sinenomine.net> ha scritto: > > > > > > > > Hi Andor, > > > > > > > Is this not the same Jar that I’ve upgraded recently, because of a > CVE? > > > > > > It is. You updated it for CVE-2020-27216, and this is now for > > > CVE-2020-27218! > > > > > > Cheers, -D > > > > > > > > > > > > > > > >> On 2020. Dec 5., at 22:03, Patrick Hunt wrote: > > > >> > > > >> Thanks Damien! I reviewed and it looks good except for one small > > > comment I > > > >> hope we can also address (commented on PR). > > > >> > > > >> Regards, > > > >> > > > >> Patrick > > > >> > > > >> On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen < > > > ddiede...@sinenomine.net> > > > >> wrote: > > > >> > > > >>> > > > >>> Hi Patrick, all, > > > >>> > > > -1 - the dependency check is failing with a known CVE > > > > > > $ mvn clean package -DskipTests dependency-check:check > > > ... > > > [ERROR] One or more dependencies were identified with > > vulnerabilities > > > >>> that > > > have a CVSS score greater than or equal to '0.0': > > > [ERROR] > > > [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > > > [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 > > > >>> > > > >>> For the (mailing list) record, I have created: > > > >>> > > > >>> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 > > > >>> https://github.com/apache/zookeeper/pull/1552 > > > >>> > > > >>> Best, -D > > > >>> > > > > > >
[jira] [Created] (ZOOKEEPER-4046) Fix typo
KangZhiDong created ZOOKEEPER-4046: -- Summary: Fix typo Key: ZOOKEEPER-4046 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4046 Project: ZooKeeper Issue Type: Improvement Components: server Affects Versions: 3.6.2 Reporter: KangZhiDong Fix For: 3.6.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Time to Cut 3.7.0 ?
Sorry about not noticing the open vote. (year end, time off and such) IN any case, I am very busy right now. I may or may not have time to look at the release. On Tue, Jan 5, 2021 at 3:28 AM Enrico Olivelli wrote: > Hi ZooKeepers, > I feel it is time to deliver 3.7.0 to the public. > > Any volunteer ? > Probably Demien, you already told you were available for this release > > Please also remember that there is a VOTE open for 3.5.9 > > Best regards and Happy new year > Enrico >
Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0
It failed due to the CVE, and the fix was not a clean cherry-pick to 3.5. Then Holidays hit, and I didn't do RC2. Picking it up now, and checking what needs to be backported and doing an RC2. - Norbert On Tue, Jan 5, 2021 at 12:26 PM Enrico Olivelli wrote: > What's the status of this VOTE ? > > Enrico > > Il giorno mar 8 dic 2020 alle ore 21:28 Damien Diederen < > ddiede...@sinenomine.net> ha scritto: > > > > > Hi Andor, > > > > > Is this not the same Jar that I’ve upgraded recently, because of a CVE? > > > > It is. You updated it for CVE-2020-27216, and this is now for > > CVE-2020-27218! > > > > Cheers, -D > > > > > > > > > > >> On 2020. Dec 5., at 22:03, Patrick Hunt wrote: > > >> > > >> Thanks Damien! I reviewed and it looks good except for one small > > comment I > > >> hope we can also address (commented on PR). > > >> > > >> Regards, > > >> > > >> Patrick > > >> > > >> On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen < > > ddiede...@sinenomine.net> > > >> wrote: > > >> > > >>> > > >>> Hi Patrick, all, > > >>> > > -1 - the dependency check is failing with a known CVE > > > > $ mvn clean package -DskipTests dependency-check:check > > ... > > [ERROR] One or more dependencies were identified with > vulnerabilities > > >>> that > > have a CVSS score greater than or equal to '0.0': > > [ERROR] > > [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > > [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 > > >>> > > >>> For the (mailing list) record, I have created: > > >>> > > >>> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 > > >>> https://github.com/apache/zookeeper/pull/1552 > > >>> > > >>> Best, -D > > >>> > > >
[jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
Edwin Hobor created ZOOKEEPER-4045: -- Summary: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1 Key: ZOOKEEPER-4045 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4045 Project: ZooKeeper Issue Type: Bug Affects Versions: 3.6.2, 3.6.1 Reporter: Edwin Hobor Jackson reported a vulnerability under CVE-2020-25649. Upgrading to 2.10.5.1 will resolve problem. See [https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches] for more details. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Time to Cut 3.7.0 ?
Hi Enrico, all, A Happy New Year! Yes, I am still willing to take care of 3.7.0. I thought I would start once 3.5.9 was out, but I suppose there is no reason not to make progress in parallel. I still have to dig into the tracker and sort the list of applicable tickets, but was already wondering about the ones below, for which pull requests are more or less ready. (I really would like to include the first one, which is just stalled; the latter two, which are mine, are perhaps a bit "fresh.") * ZOOKEEPER-3301:Enforce the quota limit https://github.com/apache/zookeeper/pull/934 * ZOOKEEPER-4026: Complete support for Stat objects (and create2) in multi requests https://github.com/apache/zookeeper/pull/1559 * ZOOKEEPER-4030: Optionally canonicalize host names in quorum SASL authentication https://github.com/apache/zookeeper/pull/1564 What do you think? I'll ping people on the individual PRs. Cheers, -D Enrico Olivelli writes: > Hi ZooKeepers, > I feel it is time to deliver 3.7.0 to the public. > > Any volunteer ? > Probably Demien, you already told you were available for this release > > Please also remember that there is a VOTE open for 3.5.9 > > Best regards and Happy new year > Enrico
Time to Cut 3.7.0 ?
Hi ZooKeepers, I feel it is time to deliver 3.7.0 to the public. Any volunteer ? Probably Demien, you already told you were available for this release Please also remember that there is a VOTE open for 3.5.9 Best regards and Happy new year Enrico
Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0
What's the status of this VOTE ? Enrico Il giorno mar 8 dic 2020 alle ore 21:28 Damien Diederen < ddiede...@sinenomine.net> ha scritto: > > Hi Andor, > > > Is this not the same Jar that I’ve upgraded recently, because of a CVE? > > It is. You updated it for CVE-2020-27216, and this is now for > CVE-2020-27218! > > Cheers, -D > > > > > >> On 2020. Dec 5., at 22:03, Patrick Hunt wrote: > >> > >> Thanks Damien! I reviewed and it looks good except for one small > comment I > >> hope we can also address (commented on PR). > >> > >> Regards, > >> > >> Patrick > >> > >> On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen < > ddiede...@sinenomine.net> > >> wrote: > >> > >>> > >>> Hi Patrick, all, > >>> > -1 - the dependency check is failing with a known CVE > > $ mvn clean package -DskipTests dependency-check:check > ... > [ERROR] One or more dependencies were identified with vulnerabilities > >>> that > have a CVSS score greater than or equal to '0.0': > [ERROR] > [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 > >>> > >>> For the (mailing list) record, I have created: > >>> > >>> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 > >>> https://github.com/apache/zookeeper/pull/1552 > >>> > >>> Best, -D > >>> >