[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16947071#comment-16947071 ] Hudson commented on ZOOKEEPER-3563: --- SUCCESS: Integrated in Jenkins build ZooKeeper-trunk #728 (See [https://builds.apache.org/job/ZooKeeper-trunk/728/]) ZOOKEEPER-3563: Update Netty to 4.1.42.Final - fix license files (andor: rev 2dcb5e799ec02a2c6a6c7bad80c47169dc095271) * (delete) zookeeper-server/src/main/resources/lib/netty-handler-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-handler-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-transport-4.1.29.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-resolver-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-transport-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-codec-4.1.42.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-common-4.1.42.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-resolver-4.1.42.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-buffer-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-codec-4.1.29.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-common-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-buffer-4.1.29.Final.LICENSE.txt > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.6.0, 3.5.6 > > Time Spent: 3h > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16946969#comment-16946969 ] Hudson commented on ZOOKEEPER-3563: --- SUCCESS: Integrated in Jenkins build Zookeeper-trunk-single-thread #566 (See [https://builds.apache.org/job/Zookeeper-trunk-single-thread/566/]) ZOOKEEPER-3563: Update Netty to 4.1.42.Final - fix license files (andor: rev 2dcb5e799ec02a2c6a6c7bad80c47169dc095271) * (add) zookeeper-server/src/main/resources/lib/netty-buffer-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-codec-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.42.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-handler-4.1.42.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-resolver-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.29.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-buffer-4.1.29.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-transport-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-transport-4.1.42.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-common-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-handler-4.1.29.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-resolver-4.1.29.Final.LICENSE.txt * (add) zookeeper-server/src/main/resources/lib/netty-codec-4.1.42.Final.LICENSE.txt * (delete) zookeeper-server/src/main/resources/lib/netty-common-4.1.29.Final.LICENSE.txt > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.6.0, 3.5.6 > > Time Spent: 3h > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943693#comment-16943693 ] Hudson commented on ZOOKEEPER-3563: --- SUCCESS: Integrated in Jenkins build ZooKeeper-trunk #722 (See [https://builds.apache.org/job/ZooKeeper-trunk/722/]) ZOOKEEPER-3563: Update Netty to address CVE-2019-16869 (nkalmar: rev 874aaf136ccda2759cc61f4c48ff9d15f6433e07) * (edit) pom.xml * (edit) build.xml > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.4.15, 3.5.6 > > Time Spent: 2h > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943670#comment-16943670 ] Hudson commented on ZOOKEEPER-3563: --- SUCCESS: Integrated in Jenkins build Zookeeper-trunk-single-thread #560 (See [https://builds.apache.org/job/Zookeeper-trunk-single-thread/560/]) ZOOKEEPER-3563: Update Netty to address CVE-2019-16869 (nkalmar: rev 874aaf136ccda2759cc61f4c48ff9d15f6433e07) * (edit) build.xml * (edit) pom.xml > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.4.15, 3.5.6 > > Time Spent: 2h > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16942041#comment-16942041 ] Hadoop QA commented on ZOOKEEPER-3563: -- +1 overall. GitHub Pull Request Build +1 @author. The patch does not contain any @author tags. +0 tests included. The patch appears to be a documentation patch that doesn't require tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version ) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/4175//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/4175//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/4175//console This message is automatically generated. > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.4.15, 3.5.6 > > Time Spent: 40m > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941421#comment-16941421 ] Hadoop QA commented on ZOOKEEPER-3563: -- +1 overall. GitHub Pull Request Build +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 2 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version ) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/4169//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/4169//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/4169//console This message is automatically generated. > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.4.15, 3.5.6 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941408#comment-16941408 ] Patrick D. Hunt commented on ZOOKEEPER-3563: I submitted patches for 3.5 and trunk. 3.4 is currently on 3.10.6.Final which is very different base vs 4.1 (current dev line for netty). Someone would need to backport what we did for 3.5/trunk if we want to fix that. > dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty > -- > > Key: ZOOKEEPER-3563 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.5.5, 3.4.14 >Reporter: Patrick D. Hunt >Priority: Blocker > Labels: pull-request-available > Fix For: 3.4.15, 3.5.6 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The mvn dependency check is failing on 3.4 and 3.5: > 3.4: > [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869 > 3.5: > [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869 -- This message was sent by Atlassian Jira (v8.3.4#803005)