[jira] [Updated] (STORM-3867) Update Apache MQ to ActiveMQ 5.16.5 (jdk8)

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3867:

Issue Type: Dependency upgrade  (was: Task)

> Update Apache MQ to ActiveMQ 5.16.5 (jdk8)
> --
>
> Key: STORM-3867
> URL: https://issues.apache.org/jira/browse/STORM-3867
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update ActiveMQ version to latest version of Active MQ for JDK8, namely 
> ActiveMQ 5.16.5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3866) Update Rockdb version from 5.18.4 to 6.27.3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3866:

Issue Type: Dependency upgrade  (was: Task)

> Update Rockdb version from 5.18.4 to 6.27.3
> ---
>
> Key: STORM-3866
> URL: https://issues.apache.org/jira/browse/STORM-3866
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> This version of rocksdb is compatible with s390.
> https://github.com/apache/storm/pull/3476



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3868) Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3868:

Issue Type: Dependency upgrade  (was: Task)

> Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples
> --
>
> Key: STORM-3868
> URL: https://issues.apache.org/jira/browse/STORM-3868
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: examples
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples
> Created by dependabot.
> PR is  https://github.com/apache/storm/pull/3481
> Prior PR for update of version was: https://github.com/apache/storm/pull/3473
> This required additional changes in DEPENDENCY-LICENSES to
> {code:java}
> * Spring AOP (org.springframework:spring-aop:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Beans (org.springframework:spring-beans:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Commons Logging Bridge 
> (org.springframework:spring-jcl:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Context (org.springframework:spring-context:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Core (org.springframework:spring-core:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Expression Language (SpEL) 
> (org.springframework:spring-expression:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring JMS (org.springframework:spring-jms:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Messaging (org.springframework:spring-messaging:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Transaction (org.springframework:spring-tx:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3864) Bump gson from 2.8.0 to 2.8.9 in /integration-test

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3864:

Issue Type: Dependency upgrade  (was: Task)

> Bump gson from 2.8.0 to 2.8.9 in /integration-test 
> ---
>
> Key: STORM-3864
> URL: https://issues.apache.org/jira/browse/STORM-3864
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: integration-test
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Change integration-test/pom.xml and DEPENDENCY-LICENSES.
> This PR was automatically generated by "dependabot", but license file has to 
> be manually updated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3865) Bump hadoop-common from 2.8.5 to 2.10.1

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3865:

Issue Type: Dependency upgrade  (was: Task)

> Bump hadoop-common from 2.8.5 to 2.10.1
> ---
>
> Key: STORM-3865
> URL: https://issues.apache.org/jira/browse/STORM-3865
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Original PR  created by dependabot https://github.com/apache/storm/pull/3468
> Requires changed to DEPENDENCY-LICENCES and LICENSE-binary



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3853) Upgrade maven-pmd-plugin from 3.12.0 to 3.16.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3853:

Issue Type: Dependency upgrade  (was: Task)

> Upgrade maven-pmd-plugin from 3.12.0 to 3.16.0
> --
>
> Key: STORM-3853
> URL: https://issues.apache.org/jira/browse/STORM-3853
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Also fix any PMPD exception when running:
> {code:java}
> mvn pmd:check
> {code}
> Do not fix PMD parsing errors when running "mvn pmd:pmd". That will be 
> addressed in a separate Jira.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3855) Remove Python2 Support in Travis and storm.py - Breaking Change

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3855:

Issue Type: New Feature  (was: Task)

> Remove Python2 Support in Travis and storm.py - Breaking Change
> ---
>
> Key: STORM-3855
> URL: https://issues.apache.org/jira/browse/STORM-3855
> Project: Apache Storm
>  Issue Type: New Feature
>  Components: build, documentation, storm-submit-tools
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Python2 was sunset Jan 1, 2020. More details here 
> https://www.python.org/doc/sunset-python-2/ 
> Python2 dependence is holding back storm.py from using python3 language 
> features.
> When new storm release is made, independent verifiers cannot install python2 
> to verify the release.
> https://docs.python.org/3/howto/pyporting.html 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3857) Bump spring-core from 5.3.18 to 5.3.19 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3857:

Issue Type: Dependency upgrade  (was: Task)

> Bump spring-core from 5.3.18 to 5.3.19 in /examples/storm-jms-examples
> --
>
> Key: STORM-3857
> URL: https://issues.apache.org/jira/browse/STORM-3857
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: examples
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3921) Bump spring-core from 5.3.26 to 5.3.27 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3921:

Issue Type: Dependency upgrade  (was: Improvement)

> Bump spring-core from 5.3.26 to 5.3.27 in /examples/storm-jms-examples
> --
>
> Key: STORM-3921
> URL: https://issues.apache.org/jira/browse/STORM-3921
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: storm-jms
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Pull Request [https://github.com/apache/storm/pull/3538] created by 
> Dependabot.
> Fix license for successful build.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3922) Update Acker Related Scheduling Changes

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3922:

Issue Type: New Feature  (was: Improvement)

> Update Acker Related Scheduling Changes
> ---
>
> Key: STORM-3922
> URL: https://issues.apache.org/jira/browse/STORM-3922
> Project: Apache Storm
>  Issue Type: New Feature
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Separate out Acker related changes to storm-server from Round Robin Strategy



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3920) Update the Secure Storm documentation

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3920:

Issue Type: Documentation  (was: Improvement)

> Update the Secure Storm documentation
> -
>
> Key: STORM-3920
> URL: https://issues.apache.org/jira/browse/STORM-3920
> Project: Apache Storm
>  Issue Type: Documentation
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update [https://storm.apache.org/releases/2.4.0/SECURITY.html]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3918) Bump snakeyaml from 1.32 to 2.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3918:

Issue Type: Dependency upgrade  (was: Improvement)

> Bump snakeyaml from 1.32 to 2.0
> ---
>
> Key: STORM-3918
> URL: https://issues.apache.org/jira/browse/STORM-3918
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: storm-core
>Affects Versions: 2.4.0
>Reporter: Alexandre Vermeerbergen
>Assignee: Alexandre Vermeerbergen
>Priority: Critical
> Fix For: 2.5.0
>
>
> Current snakeyaml version is vulnerable to 
> [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] 
> which is rated [9.8 
> CRITICAL|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1471=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=3.1=NIST]
>  by NIST.
> Trivial fix is to update to snakeyaml 2.0.
> I tried to manually replace existing snakeyaml JAR with 2.0 version (but 
> keeping the same JAR file name to avoid issue with potentially hard coded 
> CLASSPATH), and then I restarted all Storm related processes (Nimbus, 
> logview, Supervisor, Nimbus UI...) and deployed some topologies => everything 
> worked fine
> So it looks like a trivial task
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3907) Update mockito to version 4.11.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3907:

Issue Type: Dependency upgrade  (was: Improvement)

> Update mockito to version 4.11.0
> 
>
> Key: STORM-3907
> URL: https://issues.apache.org/jira/browse/STORM-3907
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update mockito to version 4. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3886) Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3886:

Issue Type: New Feature  (was: Improvement)

> Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11
> ---
>
> Key: STORM-3886
> URL: https://issues.apache.org/jira/browse/STORM-3886
> Project: Apache Storm
>  Issue Type: New Feature
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>
> Fixed in PR [https://github.com/apache/storm/pull/3503]
> by [~atulsm] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3897) Replace Travis with GitHub Actions

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3897:

Issue Type: New Feature  (was: Improvement)

> Replace Travis with GitHub Actions
> --
>
> Key: STORM-3897
> URL: https://issues.apache.org/jira/browse/STORM-3897
> Project: Apache Storm
>  Issue Type: New Feature
>Reporter: Richard Zowalla
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Travis isn't ASF anymore. We need to migrate



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3900) Upgrade Cassandra version to avoid depedency on snakeyaml 1.3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3900:

Issue Type: Dependency upgrade  (was: Improvement)

> Upgrade Cassandra version to avoid depedency on snakeyaml 1.3
> -
>
> Key: STORM-3900
> URL: https://issues.apache.org/jira/browse/STORM-3900
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>Reporter: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Snakeyaml 1.3 has a security vulnerability. Cassandra version is storm has 
> pulls in this version. Upgrade Cassandra to a version that uses snakeyaml 2.0.
> See Storm snakeyaml 2.0 upgrade in PR: 
> https://github.com/apache/storm/pull/3523



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3889) Bump snakeyaml from 1.26 to 1.32

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3889:

Issue Type: Dependency upgrade  (was: Improvement)

> Bump snakeyaml from 1.26 to 1.32
> 
>
> Key: STORM-3889
> URL: https://issues.apache.org/jira/browse/STORM-3889
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3839) Upgrade org.springframework:spring-core for CVE-2022-22965

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3839:

Issue Type: Dependency upgrade  (was: Improvement)

> Upgrade org.springframework:spring-core for CVE-2022-22965
> --
>
> Key: STORM-3839
> URL: https://issues.apache.org/jira/browse/STORM-3839
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: examples
>Reporter: Bipin Prasad
>Priority: Critical
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Upgrade org.springframework:spring-beans to version 5.2.20 or later. For 
> example:
> {code:java}
> 
>   org.springframework
>   spring-beans
>   [5.2.20,)
> 
> {code}
> Upgrade org.springframework:spring-core to version 5.2.20 or later. For 
> example:
> {code:java}
> 
>   org.springframework
>   spring-core
>   [5.2.20,)
> 
> {code}
> [CVE-2022-22965 |https://tanzu.vmware.com/security/cve-2022-22965]critical 
> severity
> Vulnerable versions: < 5.2.20
> Patched version: 5.2.20
> Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code 
> execution vulnerability known as Spring4Shell.
> Impact
> A Spring MVC or Spring WebFlux application running on JDK 9+ may be 
> vulnerable to remote code execution (RCE) via data binding. The specific 
> exploit requires the application to run on Tomcat as a WAR deployment. If the 
> application is deployed as a Spring Boot executable jar, i.e. the default, it 
> is not vulnerable to the exploit. However, the nature of the vulnerability is 
> more general, and there may be other ways to exploit it.
> These are the prerequisites for the exploit:
> JDK 9 or higher
> Apache Tomcat as the Servlet container
> Packaged as WAR
> spring-webmvc or spring-webflux dependency
> Patches
> Spring Framework 5.3.18 and 5.2.20
> Spring Boot 2.6.6 and 2.5.12
> Workarounds
> For those who are unable to upgrade, leaked reports recommend setting 
> disallowedFields on WebDataBinder through an @ControllerAdvice. This works 
> generally, but as a centrally applied workaround fix, may leave some 
> loopholes, in particular if a controller sets disallowedFields locally 
> through its own @InitBinder method, which overrides the global setting.
> To apply the workaround in a more fail-safe way, applications could extend 
> RequestMappingHandlerAdapter to update the WebDataBinder at the end after all 
> other initialization. In order to do that, a Spring Boot application can 
> declare a WebMvcRegistrations bean (Spring MVC) or a WebFluxRegistrations 
> bean (Spring WebFlux).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3892) Bump testng from 6.8.5 to 7.7.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3892:

Issue Type: Dependency upgrade  (was: Documentation)

> Bump testng from 6.8.5 to 7.7.0
> ---
>
> Key: STORM-3892
> URL: https://issues.apache.org/jira/browse/STORM-3892
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: storm-starter
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Dependabot automatic security recommendation: 
> https://github.com/apache/storm/pull/3515



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3893) Bump testng from 6.8.5 to 7.7.0 in integration test

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3893:

Issue Type: Dependency upgrade  (was: Documentation)

> Bump testng from 6.8.5 to 7.7.0 in integration test
> ---
>
> Key: STORM-3893
> URL: https://issues.apache.org/jira/browse/STORM-3893
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: integration-test
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Dependabot automatic security recommendation: 
> https://github.com/apache/storm/pull/3517



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3886) Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3886:

Issue Type: Improvement  (was: Dependency upgrade)

> Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11
> ---
>
> Key: STORM-3886
> URL: https://issues.apache.org/jira/browse/STORM-3886
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>
> Fixed in PR [https://github.com/apache/storm/pull/3503]
> by [~atulsm] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3837) upgrade activemq-client due to cve

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3837:
-

> upgrade activemq-client due to cve
> --
>
> Key: STORM-3837
> URL: https://issues.apache.org/jira/browse/STORM-3837
> Project: Apache Storm
>  Issue Type: Sub-task
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> https://mvnrepository.com/artifact/org.apache.activemq/activemq-client



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3837) upgrade activemq-client due to cve

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3837.
-
Resolution: Fixed

> upgrade activemq-client due to cve
> --
>
> Key: STORM-3837
> URL: https://issues.apache.org/jira/browse/STORM-3837
> Project: Apache Storm
>  Issue Type: Sub-task
>Reporter: PJ Fanning
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> https://mvnrepository.com/artifact/org.apache.activemq/activemq-client



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3918) Bump snakeyaml from 1.32 to 2.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3918:

Issue Type: Improvement  (was: Bug)

> Bump snakeyaml from 1.32 to 2.0
> ---
>
> Key: STORM-3918
> URL: https://issues.apache.org/jira/browse/STORM-3918
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Affects Versions: 2.4.0
>Reporter: Alexandre Vermeerbergen
>Assignee: Alexandre Vermeerbergen
>Priority: Critical
> Fix For: 2.5.0
>
>
> Current snakeyaml version is vulnerable to 
> [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] 
> which is rated [9.8 
> CRITICAL|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1471=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=3.1=NIST]
>  by NIST.
> Trivial fix is to update to snakeyaml 2.0.
> I tried to manually replace existing snakeyaml JAR with 2.0 version (but 
> keeping the same JAR file name to avoid issue with potentially hard coded 
> CLASSPATH), and then I restarted all Storm related processes (Nimbus, 
> logview, Supervisor, Nimbus UI...) and deployed some topologies => everything 
> worked fine
> So it looks like a trivial task
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3902) Print summary of difference between expected and actual licenses

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3902:

Issue Type: Improvement  (was: New Feature)

> Print summary of difference between expected and actual licenses
> 
>
> Key: STORM-3902
> URL: https://issues.apache.org/jira/browse/STORM-3902
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> During the build process, a python script checks the DEPENDENCY-LICENSES file 
> to ensure that all the licenses have been specified. When this file is not 
> what is expected, then print a summary of the differences between the 
> expected and actual file.
> Retain the current detail output of the actual and expected files.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3900) Upgrade Cassandra version to avoid depedency on snakeyaml 1.3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3900:

Issue Type: Improvement  (was: New Feature)

> Upgrade Cassandra version to avoid depedency on snakeyaml 1.3
> -
>
> Key: STORM-3900
> URL: https://issues.apache.org/jira/browse/STORM-3900
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Snakeyaml 1.3 has a security vulnerability. Cassandra version is storm has 
> pulls in this version. Upgrade Cassandra to a version that uses snakeyaml 2.0.
> See Storm snakeyaml 2.0 upgrade in PR: 
> https://github.com/apache/storm/pull/3523



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3889) Bump snakeyaml from 1.26 to 1.32

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3889:

Issue Type: Improvement  (was: New Feature)

> Bump snakeyaml from 1.26 to 1.32
> 
>
> Key: STORM-3889
> URL: https://issues.apache.org/jira/browse/STORM-3889
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3833) Migrate to JUnit5 and remove JUnit4

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3833.
---
Resolution: Duplicate

> Migrate to JUnit5 and remove JUnit4
> ---
>
> Key: STORM-3833
> URL: https://issues.apache.org/jira/browse/STORM-3833
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
>
> JUnit4 is old and works upto JDK 1.7. pom.xml contains org.junit.vintage to 
> provide compatibility with JUnit4 classes. The tests break with running with 
> more recent versions of JDK - for example with openjdk-17. The vintage 
> classes cannot detect the Test methods.
> Remove the vintage junit, migrate fully to junit5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3833) Migrate to JUnit5 and remove JUnit4

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3833:

Fix Version/s: (was: 2.5.0)

> Migrate to JUnit5 and remove JUnit4
> ---
>
> Key: STORM-3833
> URL: https://issues.apache.org/jira/browse/STORM-3833
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
>
> JUnit4 is old and works upto JDK 1.7. pom.xml contains org.junit.vintage to 
> provide compatibility with JUnit4 classes. The tests break with running with 
> more recent versions of JDK - for example with openjdk-17. The vintage 
> classes cannot detect the Test methods.
> Remove the vintage junit, migrate fully to junit5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3833) Migrate to JUnit5 and remove JUnit4

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3833:
-

> Migrate to JUnit5 and remove JUnit4
> ---
>
> Key: STORM-3833
> URL: https://issues.apache.org/jira/browse/STORM-3833
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>
> JUnit4 is old and works upto JDK 1.7. pom.xml contains org.junit.vintage to 
> provide compatibility with JUnit4 classes. The tests break with running with 
> more recent versions of JDK - for example with openjdk-17. The vintage 
> classes cannot detect the Test methods.
> Remove the vintage junit, migrate fully to junit5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3833) Migrate to JUnit5 and remove JUnit4

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3833.
---

> Migrate to JUnit5 and remove JUnit4
> ---
>
> Key: STORM-3833
> URL: https://issues.apache.org/jira/browse/STORM-3833
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>
> JUnit4 is old and works upto JDK 1.7. pom.xml contains org.junit.vintage to 
> provide compatibility with JUnit4 classes. The tests break with running with 
> more recent versions of JDK - for example with openjdk-17. The vintage 
> classes cannot detect the Test methods.
> Remove the vintage junit, migrate fully to junit5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3833) Migrate to JUnit5 and remove JUnit4

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3833.
-
Fix Version/s: 2.5.0
   Resolution: Duplicate

> Migrate to JUnit5 and remove JUnit4
> ---
>
> Key: STORM-3833
> URL: https://issues.apache.org/jira/browse/STORM-3833
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>
> JUnit4 is old and works upto JDK 1.7. pom.xml contains org.junit.vintage to 
> provide compatibility with JUnit4 classes. The tests break with running with 
> more recent versions of JDK - for example with openjdk-17. The vintage 
> classes cannot detect the Test methods.
> Remove the vintage junit, migrate fully to junit5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3877) change test_storm_cli script to use python3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3877.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> change test_storm_cli script to use python3
> ---
>
> Key: STORM-3877
> URL: https://issues.apache.org/jira/browse/STORM-3877
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
> Fix For: 2.5.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (STORM-3877) change test_storm_cli script to use python3

[Bipin Prasad (Jira)]

[ 
https://issues.apache.org/jira/browse/STORM-3877?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17732662#comment-17732662
 ] 

Bipin Prasad commented on STORM-3877:
-

PR 3488 is Junit 4 to 5 migration for 3873), but also fixes this python script 
to use python3.

> change test_storm_cli script to use python3
> ---
>
> Key: STORM-3877
> URL: https://issues.apache.org/jira/browse/STORM-3877
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3877) change test_storm_cli script to use python3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3877:
-

> change test_storm_cli script to use python3
> ---
>
> Key: STORM-3877
> URL: https://issues.apache.org/jira/browse/STORM-3877
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3877) change test_storm_cli script to use python3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3877.
---

> change test_storm_cli script to use python3
> ---
>
> Key: STORM-3877
> URL: https://issues.apache.org/jira/browse/STORM-3877
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3873) Remove Junit 4 dependencies

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3873.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Remove Junit 4 dependencies
> ---
>
> Key: STORM-3873
> URL: https://issues.apache.org/jira/browse/STORM-3873
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3873) Remove Junit 4 dependencies

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3873:
-

> Remove Junit 4 dependencies
> ---
>
> Key: STORM-3873
> URL: https://issues.apache.org/jira/browse/STORM-3873
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
>  Time Spent: 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3841) Remove dependency on javax.jms which has been removed from maven central repo

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3841.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Remove dependency on javax.jms which has been removed from maven central repo
> -
>
> Key: STORM-3841
> URL: https://issues.apache.org/jira/browse/STORM-3841
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build, examples, Flux, storm-autocreds, storm-hdfs, 
> storm-hive, storm-sql
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>
> The transitive dependency comes from 
> {noformat}
> org.apache.hive.hcatalog:hive-webhcat-java-client:jar:2.3.4
>-> org.apache.hive.hcatalog:hive-hcatalog-server-extensions:jar:2.3.4
>  -> javax.jms:jms:jar:1.1
> {noformat}
> Changing the version to 2.3.9 updates minor version but does not pull in 
> javax.jms



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3854) A very large number of PMD Exceptions are thrown when building storm

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3854.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR merged

> A very large number of PMD Exceptions are thrown when building storm
> 
>
> Key: STORM-3854
> URL: https://issues.apache.org/jira/browse/STORM-3854
> Project: Apache Storm
>  Issue Type: Task
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
> Attachments: pmderrors.txt
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>
> When running a build of storm project, say with "mvn compile" or "mvn clean 
> install",
> a very large number of PMDExceptions are thrown and a large number of files 
> are not parsed.
> This can also be duplicated by running "mvn pmd:pmd".
>  Remove PMD Exceptions - because they are too numerous, annoying, and mask 
> other warnings and errors.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3853) Upgrade maven-pmd-plugin from 3.12.0 to 3.16.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3853.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Upgrade maven-pmd-plugin from 3.12.0 to 3.16.0
> --
>
> Key: STORM-3853
> URL: https://issues.apache.org/jira/browse/STORM-3853
> Project: Apache Storm
>  Issue Type: Task
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Also fix any PMPD exception when running:
> {code:java}
> mvn pmd:check
> {code}
> Do not fix PMD parsing errors when running "mvn pmd:pmd". That will be 
> addressed in a separate Jira.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3855) Remove Python2 Support in Travis and storm.py - Breaking Change

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3855.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Remove Python2 Support in Travis and storm.py - Breaking Change
> ---
>
> Key: STORM-3855
> URL: https://issues.apache.org/jira/browse/STORM-3855
> Project: Apache Storm
>  Issue Type: Task
>  Components: build, documentation, storm-submit-tools
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Python2 was sunset Jan 1, 2020. More details here 
> https://www.python.org/doc/sunset-python-2/ 
> Python2 dependence is holding back storm.py from using python3 language 
> features.
> When new storm release is made, independent verifiers cannot install python2 
> to verify the release.
> https://docs.python.org/3/howto/pyporting.html 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3857) Bump spring-core from 5.3.18 to 5.3.19 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3857.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Bump spring-core from 5.3.18 to 5.3.19 in /examples/storm-jms-examples
> --
>
> Key: STORM-3857
> URL: https://issues.apache.org/jira/browse/STORM-3857
> Project: Apache Storm
>  Issue Type: Task
>  Components: examples
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3858) Bump hadoop-common from 2.8.5 to 2.10.1

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3858.
---
Resolution: Duplicate

> Bump hadoop-common from 2.8.5 to 2.10.1
> ---
>
> Key: STORM-3858
> URL: https://issues.apache.org/jira/browse/STORM-3858
> Project: Apache Storm
>  Issue Type: Task
>Reporter: Bipin Prasad
>Priority: Major
>
> PR created by dependabot: https://github.com/apache/storm/pull/3468
> Fix license file(s)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3865) Bump hadoop-common from 2.8.5 to 2.10.1

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3865.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Bump hadoop-common from 2.8.5 to 2.10.1
> ---
>
> Key: STORM-3865
> URL: https://issues.apache.org/jira/browse/STORM-3865
> Project: Apache Storm
>  Issue Type: Task
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Original PR  created by dependabot https://github.com/apache/storm/pull/3468
> Requires changed to DEPENDENCY-LICENCES and LICENSE-binary



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3864) Bump gson from 2.8.0 to 2.8.9 in /integration-test

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3864:

Fix Version/s: 2.5.0

> Bump gson from 2.8.0 to 2.8.9 in /integration-test 
> ---
>
> Key: STORM-3864
> URL: https://issues.apache.org/jira/browse/STORM-3864
> Project: Apache Storm
>  Issue Type: Task
>  Components: integration-test
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Change integration-test/pom.xml and DEPENDENCY-LICENSES.
> This PR was automatically generated by "dependabot", but license file has to 
> be manually updated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3866) Update Rockdb version from 5.18.4 to 6.27.3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3866.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Update Rockdb version from 5.18.4 to 6.27.3
> ---
>
> Key: STORM-3866
> URL: https://issues.apache.org/jira/browse/STORM-3866
> Project: Apache Storm
>  Issue Type: Task
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> This version of rocksdb is compatible with s390.
> https://github.com/apache/storm/pull/3476



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3867) Update Apache MQ to ActiveMQ 5.16.5 (jdk8)

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3867.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Update Apache MQ to ActiveMQ 5.16.5 (jdk8)
> --
>
> Key: STORM-3867
> URL: https://issues.apache.org/jira/browse/STORM-3867
> Project: Apache Storm
>  Issue Type: Task
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update ActiveMQ version to latest version of Active MQ for JDK8, namely 
> ActiveMQ 5.16.5.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3868) Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3868.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR was merged

> Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples
> --
>
> Key: STORM-3868
> URL: https://issues.apache.org/jira/browse/STORM-3868
> Project: Apache Storm
>  Issue Type: Task
>  Components: examples
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples
> Created by dependabot.
> PR is  https://github.com/apache/storm/pull/3481
> Prior PR for update of version was: https://github.com/apache/storm/pull/3473
> This required additional changes in DEPENDENCY-LICENSES to
> {code:java}
> * Spring AOP (org.springframework:spring-aop:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Beans (org.springframework:spring-beans:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Commons Logging Bridge 
> (org.springframework:spring-jcl:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Context (org.springframework:spring-context:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Core (org.springframework:spring-core:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Expression Language (SpEL) 
> (org.springframework:spring-expression:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring JMS (org.springframework:spring-jms:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Messaging (org.springframework:spring-messaging:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> * Spring Transaction (org.springframework:spring-tx:5.3.19 - 
> https://github.com/spring-projects/spring-framework)
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3872) Workaround for build failure with maven version >= 3.8.1

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3872.
---
Resolution: Incomplete

> Workaround for build failure with maven version >= 3.8.1
> 
>
> Key: STORM-3872
> URL: https://issues.apache.org/jira/browse/STORM-3872
> Project: Apache Storm
>  Issue Type: Task
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Nikhil Singh
>Priority: Major
>
> When maven version at or above 3.8.1 is used to build storm, the build fails 
> because repositories with "http" is blocked and only "https" is allowed.
>  
> Fix this by adding .mvn directory workaround, like discussed here 
> [https://stackoverflow.com/questions/66980047/maven-build-failure-dependencyresolutionexception]
>  or remove dependency on http repositories.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3872) Workaround for build failure with maven version >= 3.8.1

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3872:

Summary: Workaround for build failure with maven version >= 3.8.1  (was: 
Workaround for build failururr with maven version >= 3.8.1)

> Workaround for build failure with maven version >= 3.8.1
> 
>
> Key: STORM-3872
> URL: https://issues.apache.org/jira/browse/STORM-3872
> Project: Apache Storm
>  Issue Type: Task
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Nikhil Singh
>Priority: Major
>
> When maven version at or above 3.8.1 is used to build storm, the build fails 
> because repositories with "http" is blocked and only "https" is allowed.
>  
> Fix this by adding .mvn directory workaround, like discussed here 
> [https://stackoverflow.com/questions/66980047/maven-build-failure-dependencyresolutionexception]
>  or remove dependency on http repositories.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3872) Workaround for build failururr with maven version >= 3.8.1

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3872:
-

> Workaround for build failururr with maven version >= 3.8.1
> --
>
> Key: STORM-3872
> URL: https://issues.apache.org/jira/browse/STORM-3872
> Project: Apache Storm
>  Issue Type: Task
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Nikhil Singh
>Priority: Major
>
> When maven version at or above 3.8.1 is used to build storm, the build fails 
> because repositories with "http" is blocked and only "https" is allowed.
>  
> Fix this by adding .mvn directory workaround, like discussed here 
> [https://stackoverflow.com/questions/66980047/maven-build-failure-dependencyresolutionexception]
>  or remove dependency on http repositories.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3876) Cannot Compile from Master

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3876.
---

> Cannot Compile from Master
> --
>
> Key: STORM-3876
> URL: https://issues.apache.org/jira/browse/STORM-3876
> Project: Apache Storm
>  Issue Type: Bug
>  Components: build
>Reporter: Joao Bezerra
>Assignee: Bipin Prasad
>Priority: Blocker
> Attachments: image-2022-07-18-18-52-14-827.png
>
>
> After a long search I landed here and wonder if there are any requirements 
> for compiling and building the master branch (except JDK > 7 ; I use 11).
> I have loaded the master branch from Storm into IntelliJ and only get error 
> messages during the build process running `clean`and `compile` 
> {code:java}
> ...
> ...
> [INFO] < org.apache.storm:storm-maven-plugins 
> >
> [INFO] Building storm-maven-plugins 2.5.0-SNAPSHOT                       
> [8/68]
> [INFO] [ maven-plugin 
> ]
> [INFO] 
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ 
> storm-maven-plugins ---
> [INFO] 
> [INFO] --- maven-checkstyle-plugin:3.0.0:check (validate) @ 
> storm-maven-plugins ---
> [INFO] Beginne Prüfung...
> Prüfung beendet.
> [INFO] 
> [INFO] --- maven-remote-resources-plugin:1.5:process 
> (process-resource-bundles) @ storm-maven-plugins ---
> [INFO] 
> [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ 
> storm-maven-plugins ---
> [INFO] Using 'UTF-8' encoding to copy filtered resources.
> [INFO] skip non existing resourceDirectory 
> /home/joao/IdeaProjects/storm/storm-buildtools/storm-maven-plugins/src/main/resources
> [INFO] Copying 3 resources
> [INFO] 
> [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ 
> storm-maven-plugins ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 2 source files to 
> /home/joao/IdeaProjects/storm/storm-buildtools/storm-maven-plugins/target/classes
> [INFO] 
> [INFO] ---< org.apache.storm:storm-client 
> >
> [INFO] Building Storm Client 2.5.0-SNAPSHOT                              
> [9/68]
> [INFO] [ jar 
> ]-
> [INFO] 
> 
> [INFO] Reactor Summary for Storm 2.5.0-SNAPSHOT:
> [INFO] 
> [INFO] Storm .. SUCCESS [  4.470 
> s]
> [INFO] Apache Storm - Checkstyle .. SUCCESS [  0.096 
> s]
> [INFO] Shaded Deps for Storm Client ... SUCCESS [  0.737 
> s]
> [INFO] multilang-javascript ... SUCCESS [  0.101 
> s]
> [INFO] multilang-python ... SUCCESS [  0.070 
> s]
> [INFO] multilang-ruby . SUCCESS [  0.063 
> s]
> [INFO] maven-shade-clojure-transformer  SUCCESS [  0.672 
> s]
> [INFO] storm-maven-plugins  SUCCESS [  0.736 
> s]
> [INFO] Storm Client ... FAILURE [  0.015 
> s]
> [INFO] storm-server ... SKIPPED
> [INFO] storm-clojure .. SKIPPED
> [INFO] Storm Core . SKIPPED
> [INFO] Storm Webapp ... SKIPPED
> [INFO] storm-clojure-test . SKIPPED
> [INFO] storm-submit-tools . SKIPPED
> [INFO] storm-autocreds  SKIPPED
> [INFO] storm-hdfs . SKIPPED
> [INFO] storm-hdfs-blobstore ... SKIPPED
> [INFO] storm-hdfs-oci . SKIPPED
> [INFO] storm-hbase  SKIPPED
> [INFO] storm-hive . SKIPPED
> [INFO] storm-jdbc . SKIPPED
> [INFO] storm-redis  SKIPPED
> [INFO] storm-eventhubs  SKIPPED
> [INFO] storm-elasticsearch  SKIPPED
> [INFO] storm-solr . SKIPPED
> [INFO] storm-metrics .. SKIPPED
> [INFO] storm-cassandra 

[jira] [Updated] (STORM-3890) Update readme document to state usage parameters for KafkaLagUtil

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3890:

Fix Version/s: 2.5.0

> Update readme document to state usage parameters for KafkaLagUtil
> -
>
> Key: STORM-3890
> URL: https://issues.apache.org/jira/browse/STORM-3890
> Project: Apache Storm
>  Issue Type: Documentation
>  Components: storm-kafka-monitor
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Add usage information in the README



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3891) Change commons.cli version and python

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3891:

Fix Version/s: 2.5.0

> Change commons.cli version and python
> -
>
> Key: STORM-3891
> URL: https://issues.apache.org/jira/browse/STORM-3891
> Project: Apache Storm
>  Issue Type: Documentation
>  Components: Flux
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Critical
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> * Flux pulls in common-cli version 1.2 instead of the parent defined default 
> of 1.4. Change to use default version defined in topo level pom.xml
>  * python (defaulting to version 2) is no longer in use, change to python3 in 
> testing.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3886) Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3886:

Fix Version/s: 2.5.0

> Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11
> ---
>
> Key: STORM-3886
> URL: https://issues.apache.org/jira/browse/STORM-3886
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>
> Fixed in PR [https://github.com/apache/storm/pull/3503]
> by [~atulsm] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3889) Bump snakeyaml from 1.26 to 1.32

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3889:

Fix Version/s: 2.5.0

> Bump snakeyaml from 1.26 to 1.32
> 
>
> Key: STORM-3889
> URL: https://issues.apache.org/jira/browse/STORM-3889
> Project: Apache Storm
>  Issue Type: New Feature
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3893) Bump testng from 6.8.5 to 7.7.0 in integration test

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3893:

Fix Version/s: 2.5.0

> Bump testng from 6.8.5 to 7.7.0 in integration test
> ---
>
> Key: STORM-3893
> URL: https://issues.apache.org/jira/browse/STORM-3893
> Project: Apache Storm
>  Issue Type: Documentation
>  Components: integration-test
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Dependabot automatic security recommendation: 
> https://github.com/apache/storm/pull/3517



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3892) Bump testng from 6.8.5 to 7.7.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3892:

Fix Version/s: 2.5.0

> Bump testng from 6.8.5 to 7.7.0
> ---
>
> Key: STORM-3892
> URL: https://issues.apache.org/jira/browse/STORM-3892
> Project: Apache Storm
>  Issue Type: Documentation
>  Components: storm-starter
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Dependabot automatic security recommendation: 
> https://github.com/apache/storm/pull/3515



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3896) Create github actions since Travis is no longer supported

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3896.
---
Resolution: Duplicate

> Create github actions since Travis is no longer supported
> -
>
> Key: STORM-3896
> URL: https://issues.apache.org/jira/browse/STORM-3896
> Project: Apache Storm
>  Issue Type: New Feature
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3894) Bump snakeyaml from 1.32 to 2.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad closed STORM-3894.
---
Resolution: Duplicate

> Bump snakeyaml from 1.32 to 2.0
> ---
>
> Key: STORM-3894
> URL: https://issues.apache.org/jira/browse/STORM-3894
> Project: Apache Storm
>  Issue Type: Documentation
>  Components: Flux, storm-client, storm-hdfs, storm-loadgen, 
> storm-server
>Reporter: Bipin Prasad
>Priority: Major
>  Time Spent: 3h
>  Remaining Estimate: 0h
>
> Suggestion by dependabot in PR: [https://github.com/apache/storm/pull/3516]
> But the compile fails - so further code change is required.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3897) Replace Travis with GitHub Actions

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3897:
-

> Replace Travis with GitHub Actions
> --
>
> Key: STORM-3897
> URL: https://issues.apache.org/jira/browse/STORM-3897
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Richard Zowalla
>Priority: Major
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Travis isn't ASF anymore. We need to migrate



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3897) Replace Travis with GitHub Actions

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3897.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> Replace Travis with GitHub Actions
> --
>
> Key: STORM-3897
> URL: https://issues.apache.org/jira/browse/STORM-3897
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Richard Zowalla
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Travis isn't ASF anymore. We need to migrate



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3913) Upgrade version of ROCKSDB for junit tests on MAC OSX

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3913?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3913:
-

> Upgrade version of ROCKSDB for junit tests on MAC OSX
> -
>
> Key: STORM-3913
> URL: https://issues.apache.org/jira/browse/STORM-3913
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> The current version of ROCKSDB used in storm-server is 6.27.3.
> This version of ROCKSDB jar file does not contain the Mac OSX JNI library. As 
> part of the test, this platform specific JNI in ROCKSDB jar is extracted to a 
> temporary directory and used. Upgrading to version 8.1.1 fixes several 
> storm-server tests.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3913) Upgrade version of ROCKSDB for junit tests on MAC OSX

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3913?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3913.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> Upgrade version of ROCKSDB for junit tests on MAC OSX
> -
>
> Key: STORM-3913
> URL: https://issues.apache.org/jira/browse/STORM-3913
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> The current version of ROCKSDB used in storm-server is 6.27.3.
> This version of ROCKSDB jar file does not contain the Mac OSX JNI library. As 
> part of the test, this platform specific JNI in ROCKSDB jar is extracted to a 
> temporary directory and used. Upgrading to version 8.1.1 fixes several 
> storm-server tests.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3918) Bump snakeyaml from 1.32 to 2.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3918.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> Bump snakeyaml from 1.32 to 2.0
> ---
>
> Key: STORM-3918
> URL: https://issues.apache.org/jira/browse/STORM-3918
> Project: Apache Storm
>  Issue Type: Bug
>  Components: storm-core
>Affects Versions: 2.4.0
>Reporter: Alexandre Vermeerbergen
>Assignee: Alexandre Vermeerbergen
>Priority: Critical
> Fix For: 2.5.0
>
>
> Current snakeyaml version is vulnerable to 
> [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] 
> which is rated [9.8 
> CRITICAL|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1471=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=3.1=NIST]
>  by NIST.
> Trivial fix is to update to snakeyaml 2.0.
> I tried to manually replace existing snakeyaml JAR with 2.0 version (but 
> keeping the same JAR file name to avoid issue with potentially hard coded 
> CLASSPATH), and then I restarted all Storm related processes (Nimbus, 
> logview, Supervisor, Nimbus UI...) and deployed some topologies => everything 
> worked fine
> So it looks like a trivial task
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3918) Bump snakeyaml from 1.32 to 2.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3918:
-

> Bump snakeyaml from 1.32 to 2.0
> ---
>
> Key: STORM-3918
> URL: https://issues.apache.org/jira/browse/STORM-3918
> Project: Apache Storm
>  Issue Type: Bug
>  Components: storm-core
>Affects Versions: 2.4.0
>Reporter: Alexandre Vermeerbergen
>Assignee: Alexandre Vermeerbergen
>Priority: Critical
>
> Current snakeyaml version is vulnerable to 
> [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] 
> which is rated [9.8 
> CRITICAL|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1471=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=3.1=NIST]
>  by NIST.
> Trivial fix is to update to snakeyaml 2.0.
> I tried to manually replace existing snakeyaml JAR with 2.0 version (but 
> keeping the same JAR file name to avoid issue with potentially hard coded 
> CLASSPATH), and then I restarted all Storm related processes (Nimbus, 
> logview, Supervisor, Nimbus UI...) and deployed some topologies => everything 
> worked fine
> So it looks like a trivial task
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3900) Upgrade Cassandra version to avoid depedency on snakeyaml 1.3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3900:
-

> Upgrade Cassandra version to avoid depedency on snakeyaml 1.3
> -
>
> Key: STORM-3900
> URL: https://issues.apache.org/jira/browse/STORM-3900
> Project: Apache Storm
>  Issue Type: New Feature
>Reporter: Bipin Prasad
>Priority: Major
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Snakeyaml 1.3 has a security vulnerability. Cassandra version is storm has 
> pulls in this version. Upgrade Cassandra to a version that uses snakeyaml 2.0.
> See Storm snakeyaml 2.0 upgrade in PR: 
> https://github.com/apache/storm/pull/3523



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3900) Upgrade Cassandra version to avoid depedency on snakeyaml 1.3

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3900.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> Upgrade Cassandra version to avoid depedency on snakeyaml 1.3
> -
>
> Key: STORM-3900
> URL: https://issues.apache.org/jira/browse/STORM-3900
> Project: Apache Storm
>  Issue Type: New Feature
>Reporter: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Snakeyaml 1.3 has a security vulnerability. Cassandra version is storm has 
> pulls in this version. Upgrade Cassandra to a version that uses snakeyaml 2.0.
> See Storm snakeyaml 2.0 upgrade in PR: 
> https://github.com/apache/storm/pull/3523



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3903) Bump commons-fileupload from 1.3.3 to 1.5

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3903:
-

> Bump commons-fileupload from 1.3.3 to 1.5
> -
>
> Key: STORM-3903
> URL: https://issues.apache.org/jira/browse/STORM-3903
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Update suggested by dependabot.
> Pull request (dependabot): [https://github.com/apache/storm/pull/3511] 
> (closed)
> Update license files and create a new pull request, since dependabot PR is 
> not triggering builds.
> PR [https://github.com/apache/storm/pull/3529]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Reopened] (STORM-3904) Bump spring-core from 5.3.20 to 5.3.26 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reopened STORM-3904:
-

> Bump spring-core from 5.3.20 to 5.3.26 in /examples/storm-jms-examples
> --
>
> Key: STORM-3904
> URL: https://issues.apache.org/jira/browse/STORM-3904
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: examples
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Depedabot PR  https://github.com/apache/storm/pull/3529



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3905) Replace Anonymous Inner classs with Lambda in storm-core commands

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3905:

Fix Version/s: 2.5.0

> Replace Anonymous Inner classs with Lambda in storm-core commands
> -
>
> Key: STORM-3905
> URL: https://issues.apache.org/jira/browse/STORM-3905
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Minor cleanup for anonymous lambda interface with single method.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3903) Bump commons-fileupload from 1.3.3 to 1.5

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3903.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> Bump commons-fileupload from 1.3.3 to 1.5
> -
>
> Key: STORM-3903
> URL: https://issues.apache.org/jira/browse/STORM-3903
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Update suggested by dependabot.
> Pull request (dependabot): [https://github.com/apache/storm/pull/3511] 
> (closed)
> Update license files and create a new pull request, since dependabot PR is 
> not triggering builds.
> PR [https://github.com/apache/storm/pull/3529]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3902) Print summary of difference between expected and actual licenses

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3902:

Fix Version/s: 2.5.0

> Print summary of difference between expected and actual licenses
> 
>
> Key: STORM-3902
> URL: https://issues.apache.org/jira/browse/STORM-3902
> Project: Apache Storm
>  Issue Type: New Feature
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> During the build process, a python script checks the DEPENDENCY-LICENSES file 
> to ensure that all the licenses have been specified. When this file is not 
> what is expected, then print a summary of the differences between the 
> expected and actual file.
> Retain the current detail output of the actual and expected files.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3904) Bump spring-core from 5.3.20 to 5.3.26 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3904.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

> Bump spring-core from 5.3.20 to 5.3.26 in /examples/storm-jms-examples
> --
>
> Key: STORM-3904
> URL: https://issues.apache.org/jira/browse/STORM-3904
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: examples
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Depedabot PR  https://github.com/apache/storm/pull/3529



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3907) Update mockito to version 4.11.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3907:

Fix Version/s: 2.5.0

> Update mockito to version 4.11.0
> 
>
> Key: STORM-3907
> URL: https://issues.apache.org/jira/browse/STORM-3907
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update mockito to version 4. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3906) Remove use of mockito interal class org.mockito.internal.util.reflection.FieldSetter

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3906.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR Merged

> Remove use of mockito interal class 
> org.mockito.internal.util.reflection.FieldSetter
> 
>
> Key: STORM-3906
> URL: https://issues.apache.org/jira/browse/STORM-3906
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-client
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Class org.mockito.internal.util.reflection.FieldSetter is internal to 
> Mockito. In mockito version 3, minor update (3.11.2 for example), this 
> internal class has been removed.
> Replace FieldSetter with public classes and methods in mockito. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3908) Increase heap memory for MAVEN_OPTS used in github actions

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3908.
-
Fix Version/s: 2.5.0
   Resolution: Fixed

PR Merged

> Increase heap memory for MAVEN_OPTS used in github actions
> --
>
> Key: STORM-3908
> URL: https://issues.apache.org/jira/browse/STORM-3908
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: build
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Github action runner VM have 2 cpu and 7gb memory. Substantially higher than 
> the Travis machines that were in use earlier.
> The MAVEN_OPTS was then set to 1Gb.
>  
> Increase MAVEN_OPTS to avoid out of memory errors that sometimes occurs now 
> in Github actions.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3909) Use python3 in metrics test

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3909:

Fix Version/s: 2.5.0

> Use python3 in metrics test
> ---
>
> Key: STORM-3909
> URL: https://issues.apache.org/jira/browse/STORM-3909
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> *storm-core/test/clj/org/apache/storm/metrics_test.clj uses python to run 
> some test scripts. Change this to use python3.*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3909) Use python3 in metrics test

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3909.
-
Resolution: Fixed

PR Merged

> Use python3 in metrics test
> ---
>
> Key: STORM-3909
> URL: https://issues.apache.org/jira/browse/STORM-3909
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> *storm-core/test/clj/org/apache/storm/metrics_test.clj uses python to run 
> some test scripts. Change this to use python3.*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3910) Enhance LOG when rocksdb is used for metric store

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3910:

Fix Version/s: 2.5.0

> Enhance LOG when rocksdb is used for metric store
> -
>
> Key: STORM-3910
> URL: https://issues.apache.org/jira/browse/STORM-3910
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> When rocksdb is used for metric store, environment variable may not be setup 
> properly for the platform specific JNI library to be loaded.
> Change LOG output to provide more useful information when Rocksdb fails to 
> initialize.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3910) Enhance LOG when rocksdb is used for metric store

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3910.
-
Resolution: Fixed

PR Merged

> Enhance LOG when rocksdb is used for metric store
> -
>
> Key: STORM-3910
> URL: https://issues.apache.org/jira/browse/STORM-3910
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> When rocksdb is used for metric store, environment variable may not be setup 
> properly for the platform specific JNI library to be loaded.
> Change LOG output to provide more useful information when Rocksdb fails to 
> initialize.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3911) Add json-smart dependency to retrieve from maven repo

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3911:

Fix Version/s: 2.5.0

> Add json-smart dependency to retrieve from maven repo
> -
>
> Key: STORM-3911
> URL: https://issues.apache.org/jira/browse/STORM-3911
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> Artifact net.minidev:json-smart:2.3 is pulled in as a transitive dependency 
> from
> org.apache.hadoop:hadoop-auth
>      --> com.nimbusds:nimbus-jose-jwt
>       --> com.github.stephenc.jcip:jcip-annotations
> But is being downloaded from http://conjars.org/repo which is no longer 
> active.
> Download this directly from maven repository and avoid long build timeouts 
> due to multiple failed attempts to download from conjars.org.
> In order to do download from maven repo, net.minidev:json-smart:2.3 should be 
> added as a dependency on the pom file.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3912) Pull new carbonite code into storm

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3912:

Fix Version/s: 2.5.0

> Pull new carbonite code into storm
> --
>
> Key: STORM-3912
> URL: https://issues.apache.org/jira/browse/STORM-3912
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-clojure
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>
> The artifact com.twitter.carbonite:1.5 was last changed 10 years ago. The jar 
> is available from clojars.org and as per pom file, the source code resides in 
> a personal github repo not affiliated with twitter.
> This jar depends on Kryo 3 and has java class format 1.6, and clojure 1.5. 
> These need to be changed. storm-clohure module depends on carbonite jar to 
> register classes into Kryo.
> Pull the source code into storm-clojure-carbonite so that it can be modified 
> as long as clojure is supported in Storm.
>  
> Carbonite Code Details:
>  * Carbonite version 1.5 pom file shows code url as 
> [https://github.com/sritchie/carbonite.] This code was forked from 
> [https://github.com/revelytix/carbonite.] Both these are inactive.
>  * Carbonite version 1.6 resides at 
> [https://github.com/bipinprasad/carbonite.] This code was forked from 
> [https://github.com/sritchie/carbonite|https://github.com/sritchie/carbonite.]
>  (the source for Carbonite 1.5). Version 1.6 was created after changing the 
> JVM and Kryo and Chill dependencies. The jar was published to 
> [https://clojars.org.|https://clojars.org./]
>  * Steps to move code away from personal github account:
>  ** Fork Code from 
> [https://github.com/sritchie/carbonite|https://github.com/sritchie/carbonite.]
>  ** Determine new maven/clojar location for the jar
>  ** Obtain proper permission for the maven or clojar group (reverse domain)
>  ** Get userid/publishing and signing key
>  ** Update project.clj ":repositories" tag.
>  ** Follow "similar" steps in signing and publishing code as in Storm release
>  *** create GPG signing key
>  *** sign the jar and pom files (creating .asc files)
>  *** use "lein deploy clojars" or "lein deploy maven" to publish
>  * Carbonite depends on "chill". One open pull request discussion in that 
> project from Jan 7, 2021 is here [https://github.com/twitter/chill/pull/514] 
> (Kryo 5). There is some reference to carbonite and Storm.
>        



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3917) Hardcoded worker heapsize in ThroughputVsLatency

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3917:

Fix Version/s: 2.5.0

> Hardcoded worker heapsize in ThroughputVsLatency 
> -
>
> Key: STORM-3917
> URL: https://issues.apache.org/jira/browse/STORM-3917
> Project: Apache Storm
>  Issue Type: Bug
>  Components: examples
>Affects Versions: 2.4.0
>Reporter: Joshua Martell
>Assignee: Joshua Martell
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> ThroughputVsLatency adds an explicit 2GB worker heapsize overriding the RAS / 
> user settings since it's last on the command line. 
> [https://github.com/apache/storm/blob/master/examples/storm-loadgen/src/main/java/org/apache/storm/loadgen/ThroughputVsLatency.java#L264]
>  
> Allow users to change worker heap size in ThroughputVsLatency example topo.
> https://github.com/apache/storm/pull/3542



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3922) Update Acker Related Scheduling Changes

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3922:

Fix Version/s: 2.5.0

> Update Acker Related Scheduling Changes
> ---
>
> Key: STORM-3922
> URL: https://issues.apache.org/jira/browse/STORM-3922
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Separate out Acker related changes to storm-server from Round Robin Strategy



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3920) Update the Secure Storm documentation

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3920:

Fix Version/s: 2.5.0

> Update the Secure Storm documentation
> -
>
> Key: STORM-3920
> URL: https://issues.apache.org/jira/browse/STORM-3920
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
> Fix For: 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update [https://storm.apache.org/releases/2.4.0/SECURITY.html]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (STORM-3884) Bump calcite-core from 1.14.0 to 1.32.0

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3884?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad updated STORM-3884:

Fix Version/s: (was: 2.5.0)

> Bump calcite-core from 1.14.0 to 1.32.0
> ---
>
> Key: STORM-3884
> URL: https://issues.apache.org/jira/browse/STORM-3884
> Project: Apache Storm
>  Issue Type: Dependency upgrade
>  Components: storm-sql
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> h1. Bump calcite-core from 1.14.0 to 1.32.0
> Also fix this error with 1.32.0
> {code:java}
> [INFO] --- fmpp-maven-plugin:1.0:generate (generate-fmpp-sources) @ 
> storm-sql-core ---
> - Executing: Parser.jj
> log4j:WARN No appenders could be found for logger (freemarker.cache).
> log4j:WARN Please initialize the log4j system properly.
>   !!! FAILED
> [ERROR] FMPP processing session failed.
> Caused by: freemarker.core.InvalidReferenceException: The following has 
> evaluated to null or missing:
> ==> default  [in template "Parser.jj" at line 1965, column 26]
> 
> Tip: If the failing expression is known to be legally refer to something 
> that's sometimes null or missing, either specify a default value like 
> myOptionalVar!myDefault, or use <#if 
> myOptionalVar??>when-present<#else>when-missing. (These only cover the 
> last step of the expression; to cover the whole expression, use parenthesis: 
> (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)??
> 
> 
> FTL stack trace ("~" means nesting-related):
>   - Failed at: #list (parser.joinTypes!default.parse...  [in template 
> "Parser.jj" at line 1965, column 1]
> 
> [INFO] 
> 
> [INFO] BUILD FAILURE
> [INFO] 
> 
> [INFO] Total time:  8.338 s
> [INFO] Finished at: 2022-10-21T10:25:31-07:00 {code}
> Offending lines in generated Parser.jj (in 
> target/codegen/templates/Parser.jj) is 
> {code}{
> (
> LOOKAHEAD(3) // required for "LEFT SEMI JOIN" in Babel
> <#list (parser.joinTypes!default.parser.joinTypes) as method>
> joinType = ${method}()
> |
> 
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (STORM-3922) Update Acker Related Scheduling Changes

[Bipin Prasad (Jira)]

Bipin Prasad created STORM-3922:
---

 Summary: Update Acker Related Scheduling Changes
 Key: STORM-3922
 URL: https://issues.apache.org/jira/browse/STORM-3922
 Project: Apache Storm
  Issue Type: Improvement
  Components: storm-server
Reporter: Bipin Prasad


Separate out Acker related changes to storm-server from Round Robin Strategy



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (STORM-3922) Update Acker Related Scheduling Changes

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reassigned STORM-3922:
---

Assignee: Bipin Prasad

> Update Acker Related Scheduling Changes
> ---
>
> Key: STORM-3922
> URL: https://issues.apache.org/jira/browse/STORM-3922
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-server
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
>
> Separate out Acker related changes to storm-server from Round Robin Strategy



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3911) Add json-smart dependency to retrieve from maven repo

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3911.
-
Resolution: Fixed

PR Merged

> Add json-smart dependency to retrieve from maven repo
> -
>
> Key: STORM-3911
> URL: https://issues.apache.org/jira/browse/STORM-3911
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-core
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Minor
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> Artifact net.minidev:json-smart:2.3 is pulled in as a transitive dependency 
> from
> org.apache.hadoop:hadoop-auth
>      --> com.nimbusds:nimbus-jose-jwt
>       --> com.github.stephenc.jcip:jcip-annotations
> But is being downloaded from http://conjars.org/repo which is no longer 
> active.
> Download this directly from maven repository and avoid long build timeouts 
> due to multiple failed attempts to download from conjars.org.
> In order to do download from maven repo, net.minidev:json-smart:2.3 should be 
> added as a dependency on the pom file.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3921) Bump spring-core from 5.3.26 to 5.3.27 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3921.
-
Resolution: Fixed

> Bump spring-core from 5.3.26 to 5.3.27 in /examples/storm-jms-examples
> --
>
> Key: STORM-3921
> URL: https://issues.apache.org/jira/browse/STORM-3921
> Project: Apache Storm
>  Issue Type: Improvement
>  Components: storm-jms
>Reporter: Bipin Prasad
>Assignee: Bipin Prasad
>Priority: Major
>
> Pull Request [https://github.com/apache/storm/pull/3538] created by 
> Dependabot.
> Fix license for successful build.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (STORM-3876) Cannot Compile from Master

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad resolved STORM-3876.
-
Resolution: Fixed

> Cannot Compile from Master
> --
>
> Key: STORM-3876
> URL: https://issues.apache.org/jira/browse/STORM-3876
> Project: Apache Storm
>  Issue Type: Bug
>  Components: build
>Reporter: Joao Bezerra
>Assignee: Bipin Prasad
>Priority: Blocker
> Attachments: image-2022-07-18-18-52-14-827.png
>
>
> After a long search I landed here and wonder if there are any requirements 
> for compiling and building the master branch (except JDK > 7 ; I use 11).
> I have loaded the master branch from Storm into IntelliJ and only get error 
> messages during the build process running `clean`and `compile` 
> {code:java}
> ...
> ...
> [INFO] < org.apache.storm:storm-maven-plugins 
> >
> [INFO] Building storm-maven-plugins 2.5.0-SNAPSHOT                       
> [8/68]
> [INFO] [ maven-plugin 
> ]
> [INFO] 
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ 
> storm-maven-plugins ---
> [INFO] 
> [INFO] --- maven-checkstyle-plugin:3.0.0:check (validate) @ 
> storm-maven-plugins ---
> [INFO] Beginne Prüfung...
> Prüfung beendet.
> [INFO] 
> [INFO] --- maven-remote-resources-plugin:1.5:process 
> (process-resource-bundles) @ storm-maven-plugins ---
> [INFO] 
> [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ 
> storm-maven-plugins ---
> [INFO] Using 'UTF-8' encoding to copy filtered resources.
> [INFO] skip non existing resourceDirectory 
> /home/joao/IdeaProjects/storm/storm-buildtools/storm-maven-plugins/src/main/resources
> [INFO] Copying 3 resources
> [INFO] 
> [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ 
> storm-maven-plugins ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 2 source files to 
> /home/joao/IdeaProjects/storm/storm-buildtools/storm-maven-plugins/target/classes
> [INFO] 
> [INFO] ---< org.apache.storm:storm-client 
> >
> [INFO] Building Storm Client 2.5.0-SNAPSHOT                              
> [9/68]
> [INFO] [ jar 
> ]-
> [INFO] 
> 
> [INFO] Reactor Summary for Storm 2.5.0-SNAPSHOT:
> [INFO] 
> [INFO] Storm .. SUCCESS [  4.470 
> s]
> [INFO] Apache Storm - Checkstyle .. SUCCESS [  0.096 
> s]
> [INFO] Shaded Deps for Storm Client ... SUCCESS [  0.737 
> s]
> [INFO] multilang-javascript ... SUCCESS [  0.101 
> s]
> [INFO] multilang-python ... SUCCESS [  0.070 
> s]
> [INFO] multilang-ruby . SUCCESS [  0.063 
> s]
> [INFO] maven-shade-clojure-transformer  SUCCESS [  0.672 
> s]
> [INFO] storm-maven-plugins  SUCCESS [  0.736 
> s]
> [INFO] Storm Client ... FAILURE [  0.015 
> s]
> [INFO] storm-server ... SKIPPED
> [INFO] storm-clojure .. SKIPPED
> [INFO] Storm Core . SKIPPED
> [INFO] Storm Webapp ... SKIPPED
> [INFO] storm-clojure-test . SKIPPED
> [INFO] storm-submit-tools . SKIPPED
> [INFO] storm-autocreds  SKIPPED
> [INFO] storm-hdfs . SKIPPED
> [INFO] storm-hdfs-blobstore ... SKIPPED
> [INFO] storm-hdfs-oci . SKIPPED
> [INFO] storm-hbase  SKIPPED
> [INFO] storm-hive . SKIPPED
> [INFO] storm-jdbc . SKIPPED
> [INFO] storm-redis  SKIPPED
> [INFO] storm-eventhubs  SKIPPED
> [INFO] storm-elasticsearch  SKIPPED
> [INFO] storm-solr . SKIPPED
> [INFO] storm-metrics .. SKIPPED
&

[jira] [Created] (STORM-3921) Bump spring-core from 5.3.26 to 5.3.27 in /examples/storm-jms-examples

[Bipin Prasad (Jira)]

Bipin Prasad created STORM-3921:
---

 Summary: Bump spring-core from 5.3.26 to 5.3.27 in 
/examples/storm-jms-examples
 Key: STORM-3921
 URL: https://issues.apache.org/jira/browse/STORM-3921
 Project: Apache Storm
  Issue Type: Improvement
  Components: storm-jms
Reporter: Bipin Prasad
Assignee: Bipin Prasad


Pull Request [https://github.com/apache/storm/pull/3538] created by Dependabot.

Fix license for successful build.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (STORM-3876) Cannot Compile from Master

[Bipin Prasad (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bipin Prasad reassigned STORM-3876:
---

Assignee: Bipin Prasad

> Cannot Compile from Master
> --
>
> Key: STORM-3876
> URL: https://issues.apache.org/jira/browse/STORM-3876
> Project: Apache Storm
>  Issue Type: Bug
>  Components: build
>Reporter: Joao Bezerra
>Assignee: Bipin Prasad
>Priority: Blocker
> Attachments: image-2022-07-18-18-52-14-827.png
>
>
> After a long search I landed here and wonder if there are any requirements 
> for compiling and building the master branch (except JDK > 7 ; I use 11).
> I have loaded the master branch from Storm into IntelliJ and only get error 
> messages during the build process running `clean`and `compile` 
> {code:java}
> ...
> ...
> [INFO] < org.apache.storm:storm-maven-plugins 
> >
> [INFO] Building storm-maven-plugins 2.5.0-SNAPSHOT                       
> [8/68]
> [INFO] [ maven-plugin 
> ]
> [INFO] 
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ 
> storm-maven-plugins ---
> [INFO] 
> [INFO] --- maven-checkstyle-plugin:3.0.0:check (validate) @ 
> storm-maven-plugins ---
> [INFO] Beginne Prüfung...
> Prüfung beendet.
> [INFO] 
> [INFO] --- maven-remote-resources-plugin:1.5:process 
> (process-resource-bundles) @ storm-maven-plugins ---
> [INFO] 
> [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ 
> storm-maven-plugins ---
> [INFO] Using 'UTF-8' encoding to copy filtered resources.
> [INFO] skip non existing resourceDirectory 
> /home/joao/IdeaProjects/storm/storm-buildtools/storm-maven-plugins/src/main/resources
> [INFO] Copying 3 resources
> [INFO] 
> [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ 
> storm-maven-plugins ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 2 source files to 
> /home/joao/IdeaProjects/storm/storm-buildtools/storm-maven-plugins/target/classes
> [INFO] 
> [INFO] ---< org.apache.storm:storm-client 
> >
> [INFO] Building Storm Client 2.5.0-SNAPSHOT                              
> [9/68]
> [INFO] [ jar 
> ]-
> [INFO] 
> 
> [INFO] Reactor Summary for Storm 2.5.0-SNAPSHOT:
> [INFO] 
> [INFO] Storm .. SUCCESS [  4.470 
> s]
> [INFO] Apache Storm - Checkstyle .. SUCCESS [  0.096 
> s]
> [INFO] Shaded Deps for Storm Client ... SUCCESS [  0.737 
> s]
> [INFO] multilang-javascript ... SUCCESS [  0.101 
> s]
> [INFO] multilang-python ... SUCCESS [  0.070 
> s]
> [INFO] multilang-ruby . SUCCESS [  0.063 
> s]
> [INFO] maven-shade-clojure-transformer  SUCCESS [  0.672 
> s]
> [INFO] storm-maven-plugins  SUCCESS [  0.736 
> s]
> [INFO] Storm Client ... FAILURE [  0.015 
> s]
> [INFO] storm-server ... SKIPPED
> [INFO] storm-clojure .. SKIPPED
> [INFO] Storm Core . SKIPPED
> [INFO] Storm Webapp ... SKIPPED
> [INFO] storm-clojure-test . SKIPPED
> [INFO] storm-submit-tools . SKIPPED
> [INFO] storm-autocreds  SKIPPED
> [INFO] storm-hdfs . SKIPPED
> [INFO] storm-hdfs-blobstore ... SKIPPED
> [INFO] storm-hdfs-oci . SKIPPED
> [INFO] storm-hbase  SKIPPED
> [INFO] storm-hive . SKIPPED
> [INFO] storm-jdbc . SKIPPED
> [INFO] storm-redis  SKIPPED
> [INFO] storm-eventhubs  SKIPPED
> [INFO] storm-elasticsearch  SKIPPED
> [INFO] storm-solr . SKIPPED
> [INFO] storm-metrics .. SKIPPED
&

[jira] [Resolved] (STORM-3920) Update the Secure Storm documentation

[Xin Wang (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xin Wang resolved STORM-3920.
-
Resolution: Fixed

Thanks [~snikhil5] Merged into master.

> Update the Secure Storm documentation
> -
>
> Key: STORM-3920
> URL: https://issues.apache.org/jira/browse/STORM-3920
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Update [https://storm.apache.org/releases/2.4.0/SECURITY.html]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (STORM-3920) Update the Secure Storm documentation

[Nikhil Singh (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nikhil Singh reassigned STORM-3920:
---

Assignee: Nikhil Singh

> Update the Secure Storm documentation
> -
>
> Key: STORM-3920
> URL: https://issues.apache.org/jira/browse/STORM-3920
> Project: Apache Storm
>  Issue Type: Improvement
>Reporter: Nikhil Singh
>Assignee: Nikhil Singh
>Priority: Minor
>
> Update [https://storm.apache.org/releases/2.4.0/SECURITY.html]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (STORM-3920) Update the Secure Storm documentation

[Nikhil Singh (Jira)]

Nikhil Singh created STORM-3920:
---

 Summary: Update the Secure Storm documentation
 Key: STORM-3920
 URL: https://issues.apache.org/jira/browse/STORM-3920
 Project: Apache Storm
  Issue Type: Improvement
Reporter: Nikhil Singh


Update [https://storm.apache.org/releases/2.4.0/SECURITY.html]

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (STORM-3919) Upgrade Hadoop to version 3

[Bipin Prasad (Jira)]

Bipin Prasad created STORM-3919:
---

 Summary: Upgrade Hadoop to version 3
 Key: STORM-3919
 URL: https://issues.apache.org/jira/browse/STORM-3919
 Project: Apache Storm
  Issue Type: Improvement
  Components: storm-core
Reporter: Bipin Prasad


There are several fixes and enhancements in Hadoop version 3.0.0 that Storm can 
benefit from.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3918) Bump snakeyaml from 1.32 to 2.0

[Alexandre Vermeerbergen (Jira)]

 [ 
https://issues.apache.org/jira/browse/STORM-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alexandre Vermeerbergen closed STORM-3918.
--
Resolution: Fixed

Sorry for duplicate JIRA

> Bump snakeyaml from 1.32 to 2.0
> ---
>
> Key: STORM-3918
> URL: https://issues.apache.org/jira/browse/STORM-3918
> Project: Apache Storm
>  Issue Type: Bug
>  Components: storm-core
>Affects Versions: 2.4.0
>Reporter: Alexandre Vermeerbergen
>Assignee: Alexandre Vermeerbergen
>Priority: Critical
>
> Current snakeyaml version is vulnerable to 
> [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471] 
> which is rated [9.8 
> CRITICAL|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1471=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=3.1=NIST]
>  by NIST.
> Trivial fix is to update to snakeyaml 2.0.
> I tried to manually replace existing snakeyaml JAR with 2.0 version (but 
> keeping the same JAR file name to avoid issue with potentially hard coded 
> CLASSPATH), and then I restarted all Storm related processes (Nimbus, 
> logview, Supervisor, Nimbus UI...) and deployed some topologies => everything 
> worked fine
> So it looks like a trivial task
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)