[jira] [Resolved] (ZOOKEEPER-3798) remove the useless code in the ProposalRequestProcessor#processRequest
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Han resolved ZOOKEEPER-3798. Fix Version/s: (was: 3.7.0) 3.6.3 Resolution: Fixed Issue resolved by pull request 1335 [https://github.com/apache/zookeeper/pull/1335] > remove the useless code in the ProposalRequestProcessor#processRequest > -- > > Key: ZOOKEEPER-3798 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3798 > Project: ZooKeeper > Issue Type: Improvement > Components: server >Reporter: maoling >Priority: Minor > Labels: pull-request-available > Fix For: 3.6.3 > > Time Spent: 0.5h > Remaining Estimate: 0h > > remove the following useless codes in the > ProposalRequestProcessor#processRequest > {code:java} > public void processRequest(Request request) throws RequestProcessorException { > // LOG.warn("Ack>>> cxid = " + request.cxid + " type = " + > // request.type + " id = " + request.sessionId); > // request.addRQRec(">prop"); > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (ZOOKEEPER-3858) Add metrics to track server unavailable time
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Han reassigned ZOOKEEPER-3858: -- Assignee: Jie Huang > Add metrics to track server unavailable time > > > Key: ZOOKEEPER-3858 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3858 > Project: ZooKeeper > Issue Type: Improvement > Components: metric system >Reporter: Jie Huang >Assignee: Jie Huang >Priority: Minor > Fix For: 3.6.3 > > Time Spent: 20m > Remaining Estimate: 0h > > These metrics track the time when a ZooKeeper server is up and running but > not serving client traffic because it is not part of a quorum. They don't > track the hardware down time or ZooKeeper process down time. > UNAVAILABLE_TIME: time between LOOKING and BROADCAST > LEADER_UNAVAILABLE_TIME: time between LOOKING and BROADCAST on the leader > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (ZOOKEEPER-3858) Add metrics to track server unavailable time
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Han resolved ZOOKEEPER-3858. Fix Version/s: (was: 3.7.0) 3.6.3 Resolution: Fixed Issue resolved by pull request 1378 [https://github.com/apache/zookeeper/pull/1378] > Add metrics to track server unavailable time > > > Key: ZOOKEEPER-3858 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3858 > Project: ZooKeeper > Issue Type: Improvement > Components: metric system >Reporter: Jie Huang >Priority: Minor > Fix For: 3.6.3 > > Time Spent: 10m > Remaining Estimate: 0h > > These metrics track the time when a ZooKeeper server is up and running but > not serving client traffic because it is not part of a quorum. They don't > track the hardware down time or ZooKeeper process down time. > UNAVAILABLE_TIME: time between LOOKING and BROADCAST > LEADER_UNAVAILABLE_TIME: time between LOOKING and BROADCAST on the leader > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (ZOOKEEPER-3841) remove useless codes in the Leader.java
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Han resolved ZOOKEEPER-3841. Fix Version/s: 3.6.3 Resolution: Fixed Issue resolved by pull request 1394 [https://github.com/apache/zookeeper/pull/1394] > remove useless codes in the Leader.java > --- > > Key: ZOOKEEPER-3841 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3841 > Project: ZooKeeper > Issue Type: Improvement > Components: server >Reporter: maoling >Priority: Minor > Fix For: 3.6.3 > > Time Spent: 20m > Remaining Estimate: 0h > > - There are some useless code in the Leader.java which were comment out. > - Pls recheck all the things in this class to clear up > e.g: > {code:java} > // Everything is a go, simply start counting the ticks > // WARNING: I couldn't find any wait statement on a synchronized > // block that would be notified by this notifyAll() call, so > // I commented it out > //synchronized (this) { > //notifyAll(); > //} > {code} > {code:java} > //turnOffFollowers(); > {code} > {code:java} > //LOG.warn("designated leader is: " + designatedLeader); > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manjunath Mandya Surendrakumar updated ZOOKEEPER-3933: -- Comment: was deleted (was: Hi, Thanks for this fix. Could you please tell me, when is the fixed version 3.5.9 will be released? Regards Manjunath) > owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712 > --- > > Key: ZOOKEEPER-3933 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3933 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.7.0, 3.5.8, 3.6.2 >Reporter: Patrick D. Hunt >Priority: Blocker > Fix For: 3.7.0, 3.5.9, 3.6.3 > > > dependency-check is failing with: > json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3731) Disable HTTP TRACE Method
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17204491#comment-17204491 ] Michel Wigbers commented on ZOOKEEPER-3731: --- Guardian360 is reporting this as a security issue > Disable HTTP TRACE Method > - > > Key: ZOOKEEPER-3731 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3731 > Project: ZooKeeper > Issue Type: Improvement >Affects Versions: 3.5.7 >Reporter: Aaron >Priority: Critical > > ZooKeeper uses embedded jetty which allows TRACE method by default. This is a > widely-known security concern. Please disable HTTP TRACE method. > > CVE-2004-2320, CVE-2010-0386, CVE-2003-1567 for more info. > > Example: > {quote}{{$ curl -vX TRACE 10.32.99.185:8080}} > {{* Rebuilt URL to: 10.32.99.185:8080/}} > {{* Trying 10.32.99.185...}} > {{* TCP_NODELAY set}} > {{* Connected to 10.32.99.185 (10.32.99.185) port 8080 (#0)}} > {{> TRACE / HTTP/1.1}} > {{> Host: 10.32.99.185:8080}} > {{> User-Agent: curl/7.59.0}} > {{> Accept: */*}} > {{>}} > {{< HTTP/1.1 200 OK}} > {{< Date: Tue, 18 Feb 2020 12:38:35 GMT}} > {{< Content-Type: message/http}} > {{< Content-Length: 81}} > {{< Server: Jetty(9.4.17.v20190418)}} > {{<}} > {{TRACE / HTTP/1.1}} > {{User-Agent: curl/7.59.0}} > {{Accept: */*}} > {{Host: 10.32.99.185:8080}} > {{* Connection #0 to host 10.32.99.185 left intact}}{quote} -- This message was sent by Atlassian Jira (v8.3.4#803005)