[jira] [Resolved] (ARROW-1242) [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wes McKinney resolved ARROW-1242. - Resolution: Fixed Issue resolved by pull request 957 [https://github.com/apache/arrow/pull/957] > [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities > --- > > Key: ARROW-1242 > URL: https://issues.apache.org/jira/browse/ARROW-1242 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > please consider upgrading jackson to mitigate its various vulnerabilities in > 2.7.1: > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson > see also > https://github.com/FasterXML/jackson-databind/issues/1599 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ARROW-1350) [C++] Include Plasma source tree in source distribution
Wes McKinney created ARROW-1350: --- Summary: [C++] Include Plasma source tree in source distribution Key: ARROW-1350 URL: https://issues.apache.org/jira/browse/ARROW-1350 Project: Apache Arrow Issue Type: Bug Components: C++ Reporter: Wes McKinney Assignee: Wes McKinney Priority: Blocker Fix For: 0.6.0 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (ARROW-1240) security: upgrade logback to address CVE-2017-5929
[ https://issues.apache.org/jira/browse/ARROW-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wes McKinney resolved ARROW-1240. - Resolution: Fixed Issue resolved by pull request 960 [https://github.com/apache/arrow/pull/960] > security: upgrade logback to address CVE-2017-5929 > -- > > Key: ARROW-1240 > URL: https://issues.apache.org/jira/browse/ARROW-1240 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > logback versions before 1.2.0 are affected by "a rather severe serialization > vulnerability in SocketServer and ServerSocketReceiver". > We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) > in order to address this. > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 > and > https://logback.qos.ch/news.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1348) [C++/Python] Add release verification script for Windows
[ https://issues.apache.org/jira/browse/ARROW-1348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124061#comment-16124061 ] Wes McKinney commented on ARROW-1348: - PR: https://github.com/apache/arrow/pull/961 > [C++/Python] Add release verification script for Windows > > > Key: ARROW-1348 > URL: https://issues.apache.org/jira/browse/ARROW-1348 > Project: Apache Arrow > Issue Type: Improvement > Components: C++, Python >Reporter: Wes McKinney >Assignee: Wes McKinney > Fix For: 0.7.0 > > > Since I don't use Windows every day, it takes me a bit of time to conduct > release verification on Windows. It would be nice to make this more automated > in a batch file, e.g. > {code} > dev/release/verify-release-candidate.bat %PATH_TO_RC_TARBALL% > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (ARROW-1348) [C++/Python] Add release verification script for Windows
[ https://issues.apache.org/jira/browse/ARROW-1348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wes McKinney reassigned ARROW-1348: --- Assignee: Wes McKinney > [C++/Python] Add release verification script for Windows > > > Key: ARROW-1348 > URL: https://issues.apache.org/jira/browse/ARROW-1348 > Project: Apache Arrow > Issue Type: Improvement > Components: C++, Python >Reporter: Wes McKinney >Assignee: Wes McKinney > Fix For: 0.7.0 > > > Since I don't use Windows every day, it takes me a bit of time to conduct > release verification on Windows. It would be nice to make this more automated > in a batch file, e.g. > {code} > dev/release/verify-release-candidate.bat %PATH_TO_RC_TARBALL% > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ARROW-1349) [Packaging] Provide APT and Yum repositoriesP
Kouhei Sutou created ARROW-1349: --- Summary: [Packaging] Provide APT and Yum repositoriesP Key: ARROW-1349 URL: https://issues.apache.org/jira/browse/ARROW-1349 Project: Apache Arrow Issue Type: New Feature Components: Packaging Reporter: Kouhei Sutou Assignee: Kouhei Sutou Priority: Minor We have .deb and .rpm packages. Here are needed information to provide APT and Yum repositories: * PGP key to sign packages * Upload location Who knows/decides them? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ARROW-1349) [Packaging] Provide APT and Yum repositories
[ https://issues.apache.org/jira/browse/ARROW-1349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kouhei Sutou updated ARROW-1349: Summary: [Packaging] Provide APT and Yum repositories (was: [Packaging] Provide APT and Yum repositoriesP) > [Packaging] Provide APT and Yum repositories > > > Key: ARROW-1349 > URL: https://issues.apache.org/jira/browse/ARROW-1349 > Project: Apache Arrow > Issue Type: New Feature > Components: Packaging >Reporter: Kouhei Sutou >Assignee: Kouhei Sutou >Priority: Minor > > We have .deb and .rpm packages. > Here are needed information to provide APT and Yum repositories: > * PGP key to sign packages > * Upload location > Who knows/decides them? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ARROW-1348) [C++/Python] Add release verification script for Windows
Wes McKinney created ARROW-1348: --- Summary: [C++/Python] Add release verification script for Windows Key: ARROW-1348 URL: https://issues.apache.org/jira/browse/ARROW-1348 Project: Apache Arrow Issue Type: Improvement Components: C++, Python Reporter: Wes McKinney Fix For: 0.7.0 Since I don't use Windows every day, it takes me a bit of time to conduct release verification on Windows. It would be nice to make this more automated in a batch file, e.g. {code} dev/release/verify-release-candidate.bat %PATH_TO_RC_TARBALL% {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ARROW-1339) [C++] Use boost::filesystem for handling of platform-specific file path encodings
[ https://issues.apache.org/jira/browse/ARROW-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16123406#comment-16123406 ] Wes McKinney commented on ARROW-1339: - I don't think so. The only complexity is getting the UTF8-encoded path so that console error messages displayed properly. But we have a unit test for this now, so it should be safe to refactor > [C++] Use boost::filesystem for handling of platform-specific file path > encodings > - > > Key: ARROW-1339 > URL: https://issues.apache.org/jira/browse/ARROW-1339 > Project: Apache Arrow > Issue Type: Improvement > Components: C++ >Reporter: Wes McKinney >Assignee: Max Risuhin > Fix For: 0.7.0 > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Reopened] (ARROW-1240) security: upgrade logback to address CVE-2017-5929
[ https://issues.apache.org/jira/browse/ARROW-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Darwin reopened ARROW-1240: Sorry, fix was not correctly implemented, since logback is specified in multiple poms and only fixed in one. > security: upgrade logback to address CVE-2017-5929 > -- > > Key: ARROW-1240 > URL: https://issues.apache.org/jira/browse/ARROW-1240 > Project: Apache Arrow > Issue Type: Bug > Components: Java - Memory, Java - Vectors >Affects Versions: 0.4.1 >Reporter: Matt Darwin >Assignee: Matt Darwin > Fix For: 0.6.0 > > > logback versions before 1.2.0 are affected by "a rather severe serialization > vulnerability in SocketServer and ServerSocketReceiver". > We should upgrade logback from 1.0.13 to the latest version (currently 1.2.3) > in order to address this. > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 > and > https://logback.qos.ch/news.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)