[jira] [Commented] (ZOOKEEPER-4216) Flaky test: WatcherCleanerTest.testDeadWatcherMetrics
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698149#comment-17698149 ] Kezhu Wang commented on ZOOKEEPER-4216: --- New fail case https://github.com/apache/zookeeper/actions/runs/4359798217/jobs/7622395578#step:7:1048 {noformat} [ERROR] WatcherCleanerTest.testDeadWatcherMetrics:161 Total dead watchers cleared should be 3 ==> expected: <3> but was: <2> {noformat} > Flaky test: WatcherCleanerTest.testDeadWatcherMetrics > - > > Key: ZOOKEEPER-4216 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4216 > Project: ZooKeeper > Issue Type: Bug > Components: tests >Reporter: Ling Mao >Priority: Minor > > {code:java} > [INFO] Running org.apache.zookeeper.server.watch.WatchManagerTest > [INFO] Running org.apache.zookeeper.server.watch.WatchManagerTest[INFO] Tests > run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 16.836 s - in > org.apache.zookeeper.server.PrepRequestProcessorMetricsTest > [INFO] Running org.apache.zookeeper.server.ZooKeeperServerCreationTest > [ERROR] Tests run: 4, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 5.26 > s <<< FAILURE! - in > org.apache.zookeeper.server.watch.WatcherCleanerTest[ERROR] > testDeadWatcherMetrics Time elapsed: 0.142 s <<< > FAILURE!org.opentest4j.AssertionFailedError: expected: <20.0> but was: > <27.> at > org.apache.zookeeper.server.watch.WatcherCleanerTest.testDeadWatcherMetrics(WatcherCleanerTest.java:166) > [INFO] Running org.apache.zookeeper.server.InvalidSnapshotTest[INFO] Tests > run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 5.196 s - in > org.apache.zookeeper.server.ZooKeeperServerCreationTest[INFO] Tests run: 8, > Failures: 0, > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (ZOOKEEPER-3731) Disable HTTP TRACE Method
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enrico Olivelli resolved ZOOKEEPER-3731. Fix Version/s: 3.9.0 Resolution: Fixed > Disable HTTP TRACE Method > - > > Key: ZOOKEEPER-3731 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3731 > Project: ZooKeeper > Issue Type: Improvement >Affects Versions: 3.5.7 >Reporter: Aaron >Assignee: Enrico Olivelli >Priority: Critical > Labels: pull-request-available > Fix For: 3.9.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > ZooKeeper uses embedded jetty which allows TRACE method by default. This is a > widely-known security concern. Please disable HTTP TRACE method. > > CVE-2004-2320, CVE-2010-0386, CVE-2003-1567 for more info. > > Example: > {quote}{{$ curl -vX TRACE 10.32.99.185:8080}} > {{* Rebuilt URL to: 10.32.99.185:8080/}} > {{* Trying 10.32.99.185...}} > {{* TCP_NODELAY set}} > {{* Connected to 10.32.99.185 (10.32.99.185) port 8080 (#0)}} > {{> TRACE / HTTP/1.1}} > {{> Host: 10.32.99.185:8080}} > {{> User-Agent: curl/7.59.0}} > {{> Accept: */*}} > {{>}} > {{< HTTP/1.1 200 OK}} > {{< Date: Tue, 18 Feb 2020 12:38:35 GMT}} > {{< Content-Type: message/http}} > {{< Content-Length: 81}} > {{< Server: Jetty(9.4.17.v20190418)}} > {{<}} > {{TRACE / HTTP/1.1}} > {{User-Agent: curl/7.59.0}} > {{Accept: */*}} > {{Host: 10.32.99.185:8080}} > {{* Connection #0 to host 10.32.99.185 left intact}}{quote} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (ZOOKEEPER-3731) Disable HTTP TRACE Method
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enrico Olivelli reassigned ZOOKEEPER-3731: -- Assignee: Enrico Olivelli > Disable HTTP TRACE Method > - > > Key: ZOOKEEPER-3731 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3731 > Project: ZooKeeper > Issue Type: Improvement >Affects Versions: 3.5.7 >Reporter: Aaron >Assignee: Enrico Olivelli >Priority: Critical > Labels: pull-request-available > Time Spent: 1h 40m > Remaining Estimate: 0h > > ZooKeeper uses embedded jetty which allows TRACE method by default. This is a > widely-known security concern. Please disable HTTP TRACE method. > > CVE-2004-2320, CVE-2010-0386, CVE-2003-1567 for more info. > > Example: > {quote}{{$ curl -vX TRACE 10.32.99.185:8080}} > {{* Rebuilt URL to: 10.32.99.185:8080/}} > {{* Trying 10.32.99.185...}} > {{* TCP_NODELAY set}} > {{* Connected to 10.32.99.185 (10.32.99.185) port 8080 (#0)}} > {{> TRACE / HTTP/1.1}} > {{> Host: 10.32.99.185:8080}} > {{> User-Agent: curl/7.59.0}} > {{> Accept: */*}} > {{>}} > {{< HTTP/1.1 200 OK}} > {{< Date: Tue, 18 Feb 2020 12:38:35 GMT}} > {{< Content-Type: message/http}} > {{< Content-Length: 81}} > {{< Server: Jetty(9.4.17.v20190418)}} > {{<}} > {{TRACE / HTTP/1.1}} > {{User-Agent: curl/7.59.0}} > {{Accept: */*}} > {{Host: 10.32.99.185:8080}} > {{* Connection #0 to host 10.32.99.185 left intact}}{quote} -- This message was sent by Atlassian Jira (v8.20.10#820010)