[jira] [Commented] (ZOOKEEPER-4216) Flaky test: WatcherCleanerTest.testDeadWatcherMetrics

2023-03-08 Thread Kezhu Wang (Jira) 


[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698149#comment-17698149
 ] 

Kezhu Wang commented on ZOOKEEPER-4216:
---

New fail case 
https://github.com/apache/zookeeper/actions/runs/4359798217/jobs/7622395578#step:7:1048

{noformat}
[ERROR]   WatcherCleanerTest.testDeadWatcherMetrics:161 Total dead watchers 
cleared should be 3 ==> expected: <3> but was: <2>
{noformat}

> Flaky test: WatcherCleanerTest.testDeadWatcherMetrics
> -
>
> Key: ZOOKEEPER-4216
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4216
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: tests
>Reporter: Ling Mao
>Priority: Minor
>
> {code:java}
> [INFO] Running org.apache.zookeeper.server.watch.WatchManagerTest
> [INFO] Running org.apache.zookeeper.server.watch.WatchManagerTest[INFO] Tests 
> run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 16.836 s - in 
> org.apache.zookeeper.server.PrepRequestProcessorMetricsTest
> [INFO] Running org.apache.zookeeper.server.ZooKeeperServerCreationTest
> [ERROR] Tests run: 4, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 5.26 
> s <<< FAILURE! - in 
> org.apache.zookeeper.server.watch.WatcherCleanerTest[ERROR] 
> testDeadWatcherMetrics  Time elapsed: 0.142 s  <<< 
> FAILURE!org.opentest4j.AssertionFailedError: expected: <20.0> but was: 
> <27.> at 
> org.apache.zookeeper.server.watch.WatcherCleanerTest.testDeadWatcherMetrics(WatcherCleanerTest.java:166)
> [INFO] Running org.apache.zookeeper.server.InvalidSnapshotTest[INFO] Tests 
> run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 5.196 s - in 
> org.apache.zookeeper.server.ZooKeeperServerCreationTest[INFO] Tests run: 8, 
> Failures: 0,
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ZOOKEEPER-3731) Disable HTTP TRACE Method

2023-03-08 Thread Enrico Olivelli (Jira) 


 [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Enrico Olivelli resolved ZOOKEEPER-3731.

Fix Version/s: 3.9.0
   Resolution: Fixed

> Disable HTTP TRACE Method
> -
>
> Key: ZOOKEEPER-3731
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3731
> Project: ZooKeeper
>  Issue Type: Improvement
>Affects Versions: 3.5.7
>Reporter: Aaron
>Assignee: Enrico Olivelli
>Priority: Critical
>  Labels: pull-request-available
> Fix For: 3.9.0
>
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> ZooKeeper uses embedded jetty which allows TRACE method by default. This is a 
> widely-known security concern. Please disable HTTP TRACE method.
>  
> CVE-2004-2320, CVE-2010-0386, CVE-2003-1567 for more info.
>  
> Example:
> {quote}{{$ curl -vX TRACE 10.32.99.185:8080}}
> {{* Rebuilt URL to: 10.32.99.185:8080/}}
> {{* Trying 10.32.99.185...}}
> {{* TCP_NODELAY set}}
> {{* Connected to 10.32.99.185 (10.32.99.185) port 8080 (#0)}}
> {{> TRACE / HTTP/1.1}}
> {{> Host: 10.32.99.185:8080}}
> {{> User-Agent: curl/7.59.0}}
> {{> Accept: */*}}
> {{>}}
> {{< HTTP/1.1 200 OK}}
> {{< Date: Tue, 18 Feb 2020 12:38:35 GMT}}
> {{< Content-Type: message/http}}
> {{< Content-Length: 81}}
> {{< Server: Jetty(9.4.17.v20190418)}}
> {{<}}
> {{TRACE / HTTP/1.1}}
> {{User-Agent: curl/7.59.0}}
> {{Accept: */*}}
> {{Host: 10.32.99.185:8080}}
> {{* Connection #0 to host 10.32.99.185 left intact}}{quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (ZOOKEEPER-3731) Disable HTTP TRACE Method

2023-03-08 Thread Enrico Olivelli (Jira) 


 [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Enrico Olivelli reassigned ZOOKEEPER-3731:
--

Assignee: Enrico Olivelli

> Disable HTTP TRACE Method
> -
>
> Key: ZOOKEEPER-3731
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3731
> Project: ZooKeeper
>  Issue Type: Improvement
>Affects Versions: 3.5.7
>Reporter: Aaron
>Assignee: Enrico Olivelli
>Priority: Critical
>  Labels: pull-request-available
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> ZooKeeper uses embedded jetty which allows TRACE method by default. This is a 
> widely-known security concern. Please disable HTTP TRACE method.
>  
> CVE-2004-2320, CVE-2010-0386, CVE-2003-1567 for more info.
>  
> Example:
> {quote}{{$ curl -vX TRACE 10.32.99.185:8080}}
> {{* Rebuilt URL to: 10.32.99.185:8080/}}
> {{* Trying 10.32.99.185...}}
> {{* TCP_NODELAY set}}
> {{* Connected to 10.32.99.185 (10.32.99.185) port 8080 (#0)}}
> {{> TRACE / HTTP/1.1}}
> {{> Host: 10.32.99.185:8080}}
> {{> User-Agent: curl/7.59.0}}
> {{> Accept: */*}}
> {{>}}
> {{< HTTP/1.1 200 OK}}
> {{< Date: Tue, 18 Feb 2020 12:38:35 GMT}}
> {{< Content-Type: message/http}}
> {{< Content-Length: 81}}
> {{< Server: Jetty(9.4.17.v20190418)}}
> {{<}}
> {{TRACE / HTTP/1.1}}
> {{User-Agent: curl/7.59.0}}
> {{Accept: */*}}
> {{Host: 10.32.99.185:8080}}
> {{* Connection #0 to host 10.32.99.185 left intact}}{quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)