Build failed in Jenkins: Geode-nightly-flaky #136

2017-09-29 Thread Apache Jenkins Server 
See 


Changes:

[dsmith] GEODE-3722: Fixing typo in lucene query command

[github] GEODE-3721: Renabling durable client tests that were ignored (#840)

[dsmith] GEODE-3613: Dumping container logs files in session replication tests

--
[...truncated 127.27 KB...]
at org.jgroups.protocols.UNICAST3.up(UNICAST3.java:426)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.StatRecorder.up(StatRecorder.java:74)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.AddressManager.up(AddressManager.java:72)
at org.jgroups.protocols.TP.passMessageUp(TP.java:1601)
at org.jgroups.protocols.TP$SingleMessageHandler.run(TP.java:1817)
at org.jgroups.util.DirectExecutor.execute(DirectExecutor.java:10)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1729)
at org.jgroups.protocols.TP.receive(TP.java:1654)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.Transport.receive(Transport.java:160)
at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at 
org.apache.geode.distributed.internal.membership.gms.messenger.GMSEncrypt.getClusterSecretKey(GMSEncrypt.java:104)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.GMSEncrypt.getClusterEncryptor(GMSEncrypt.java:290)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.GMSEncrypt.decryptData(GMSEncrypt.java:153)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger.readEncryptedMessage(JGroupsMessenger.java:1089)
... 20 more

---
Found suspect string in log4j at line 609

[error 2017/09/30 04:32:37.939 UTC  
tid=0x27f] Exception deserializing message payload: [dst: 
asf914.gq1.ygridcore.net:32771, src: asf914.gq1.ygridcore.net:32770 (2 
headers), size=218 bytes, flags=OOB|DONT_BUNDLE|NO_FC|SKIP_BARRIER]
java.lang.Exception: Message id is -153
at 
org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger.readEncryptedMessage(JGroupsMessenger.java:1110)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger.readJGMessage(JGroupsMessenger.java:1011)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger$JGroupsReceiver.receive(JGroupsMessenger.java:1279)
at org.jgroups.JChannel.invokeCallback(JChannel.java:816)
at org.jgroups.JChannel.up(JChannel.java:741)
at org.jgroups.stack.ProtocolStack.up(ProtocolStack.java:1030)
at org.jgroups.protocols.FRAG2.up(FRAG2.java:165)
at org.jgroups.protocols.FlowControl.up(FlowControl.java:390)
at org.jgroups.protocols.UNICAST3.deliverMessage(UNICAST3.java:1070)
at org.jgroups.protocols.UNICAST3.handleDataReceived(UNICAST3.java:785)
at org.jgroups.protocols.UNICAST3.up(UNICAST3.java:426)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.StatRecorder.up(StatRecorder.java:74)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.AddressManager.up(AddressManager.java:72)
at org.jgroups.protocols.TP.passMessageUp(TP.java:1601)
at org.jgroups.protocols.TP$SingleMessageHandler.run(TP.java:1817)
at org.jgroups.util.DirectExecutor.execute(DirectExecutor.java:10)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1729)
at org.jgroups.protocols.TP.receive(TP.java:1654)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.Transport.receive(Transport.java:160)
at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at 
org.apache.geode.distributed.internal.membership.gms.messenger.GMSEncrypt.getClusterSecretKey(GMSEncrypt.java:104)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.GMSEncrypt.getClusterEncryptor(GMSEncrypt.java:290)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.GMSEncrypt.decryptData(GMSEncrypt.java:153)
at 
org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger.readEncryptedMessage(JGroupsMessenger.java:1089)
... 20 more

---
Found suspect string in log4j at line 639

[error 2017/09/30 04:32:37.940 UTC  
tid=0x27f] Exception deserializing message payload: [dst: 
asf914.gq1.ygridcore.net:32771, src: asf914.gq1.ygridcore.net:32770 (2 
headers), size=876 bytes, flags=OOB|DONT_BUNDLE|NO_FC|SKIP_BARRIER]
java.lang.Exception: Message id is -150

Build failed in Jenkins: Geode-nightly #971

2017-09-29 Thread Apache Jenkins Server 
See 

--
[...truncated 112.43 KB...]
Download 
https://repo1.maven.org/maven2/io/swagger/swagger-annotations/1.5.10/swagger-annotations-1.5.10.jar
Download 
https://repo1.maven.org/maven2/io/swagger/swagger-models/1.5.10/swagger-models-1.5.10.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-spi/2.6.1/springfox-spi-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-schema/2.6.1/springfox-schema-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-swagger-common/2.6.1/springfox-swagger-common-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-spring-web/2.6.1/springfox-spring-web-2.6.1.jar
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-core/1.2.0.RELEASE/spring-plugin-core-1.2.0.RELEASE.jar
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-metadata/1.2.0.RELEASE/spring-plugin-metadata-1.2.0.RELEASE.jar
Download 
https://repo1.maven.org/maven2/org/mapstruct/mapstruct/1.0.0.Final/mapstruct-1.0.0.Final.jar
Download 
https://repo1.maven.org/maven2/com/thoughtworks/paranamer/paranamer/2.8/paranamer-2.8.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-core/2.6.1/springfox-core-2.6.1.jar
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
:geode-web-api:processResources
:geode-web-api:classes
:geode-assembly:docsjavadoc: warning - Error fetching URL: 
https://lucene.apache.org/core/6_4_1/core/

1 warning
:geode-assembly:gfshDepsJar
:geode-common:javadocJar
:geode-common:sourcesJar
:geode-common:signArchives SKIPPED
:geode-core:javadocJar
:geode-core:raJar
:geode-core:jcaJar
:geode-core:sourcesJar
:geode-core:signArchives SKIPPED
:geode-core:webJar
:geode-cq:jar
:geode-cq:javadoc
:geode-cq:javadocJar
:geode-cq:sourcesJar
:geode-cq:signArchives SKIPPED
:geode-json:javadocJar
:geode-json:sourcesJar
:geode-json:signArchives SKIPPED
:geode-lucene:jar
:geode-lucene:javadoc
:geode-lucene:javadocJar
:geode-lucene:sourcesJar
:geode-lucene:signArchives SKIPPED
:geode-old-client-support:jar
:geode-old-client-support:javadoc
:geode-old-client-support:javadocJar
:geode-old-client-support:sourcesJar
:geode-old-client-support:signArchives SKIPPED
:geode-protobuf:jar
:geode-protobuf:javadoc
:geode-protobuf:javadocJar
:geode-protobuf:sourcesJar
:geode-protobuf:signArchives SKIPPED
:geode-pulse:javadoc
:geode-pulse:javadocJar
:geode-pulse:sourcesJar
:geode-pulse:war
:geode-pulse:signArchives SKIPPED
:geode-rebalancer:jar
:geode-rebalancer:javadoc
:geode-rebalancer:javadocJar
:geode-rebalancer:sourcesJar
:geode-rebalancer:signArchives SKIPPED
:geode-wan:jar
:geode-wan:javadoc
:geode-wan:javadocJar
:geode-wan:sourcesJar
:geode-wan:signArchives SKIPPED
:geode-web:javadoc NO-SOURCE
:geode-web:javadocJar
:geode-web:sourcesJar
:geode-web:war
:geode-web:signArchives SKIPPED
:geode-web-api:javadoc
:geode-web-api:javadocJar
:geode-web-api:sourcesJar
:geode-web-api:war
:geode-web-api:signArchives SKIPPED
:geode-assembly:installDist
:geode-pulse:jar
:geode-assembly:compileTestJava
Download 
https://repo1.maven.org/maven2/org/codehaus/cargo/cargo-core-uberjar/1.6.3/cargo-core-uberjar-1.6.3.pom
Download 
https://repo1.maven.org/maven2/org/codehaus/cargo/cargo-core/1.6.3/cargo-core-1.6.3.pom
Download 
https://repo1.maven.org/maven2/org/codehaus/cargo/codehaus-cargo/1.6.3/codehaus-cargo-1.6.3.pom
Download 
https://repo1.maven.org/maven2/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.pom
Download 
https://repo1.maven.org/maven2/org/codehaus/cargo/cargo-core-uberjar/1.6.3/cargo-core-uberjar-1.6.3.jar
Download 
https://repo1.maven.org/maven2/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
:geode-assembly:processTestResources
:geode-assembly:testClasses
:geode-assembly:acceptanceTest
:extensions/geode-modules-assembly:jar
:extensions/geode-modules-assembly:signArchives SKIPPED
:extensions/geode-modules-assembly:assemble
:extensions/geode-modules-assembly:compileTestJava NO-SOURCE
:extensions/geode-modules-assembly:processTestResources NO-SOURCE
:extensions/geode-modules-assembly:testClasses UP-TO-DATE
:extensions/geode-modules-assembly:checkMissedTests NO-SOURCE
:extensions/geode-modules-assembly:spotlessJavaCheck
:extensions/geode-modules-assembly:spotlessCheck
:extensions/geode-modules-assembly:test NO-SOURCE
:extensions/geode-modules-assembly:check
:extensions/geode-modules-assembly:build
:extensions/geode-modules-assembly:distributedTest NO-SOURCE
:extensions/geode-modules-assembly:integrationTest NO-SOURCE
:extensions/geode-modules-session:compileTestJava
Download

Build failed in Jenkins: Geode-nightly #970

2017-09-29 Thread Apache Jenkins Server 
See 


Changes:

[dsmith] GEODE-3722: Fixing typo in lucene query command

[github] GEODE-3721: Renabling durable client tests that were ignored (#840)

[dsmith] GEODE-3613: Dumping container logs files in session replication tests

--
Started by timer
[EnvInject] - Loading node environment variables.
Building remotely on qnode2 (ubuntu xenial) in workspace 

Cloning the remote Git repository
Cloning repository https://github.com/apache/geode.git
 > git init  # timeout=10
Fetching upstream changes from https://github.com/apache/geode.git
 > git --version # timeout=10
 > git fetch --tags --progress https://github.com/apache/geode.git 
 > +refs/heads/*:refs/remotes/origin/*
 > git config remote.origin.url https://github.com/apache/geode.git # timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # 
 > timeout=10
 > git config remote.origin.url https://github.com/apache/geode.git # timeout=10
Fetching upstream changes from https://github.com/apache/geode.git
 > git fetch --tags --progress https://github.com/apache/geode.git 
 > +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/develop^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/develop^{commit} # timeout=10
Checking out Revision dcb7af0ba73ced879446ca061495d3dd995ebeba 
(refs/remotes/origin/develop)
Commit message: "GEODE-3613: Dumping container logs files in session 
replication tests"
 > git config core.sparsecheckout # timeout=10
 > git checkout -f dcb7af0ba73ced879446ca061495d3dd995ebeba
 > git branch -a -v --no-abbrev # timeout=10
 > git checkout -b develop dcb7af0ba73ced879446ca061495d3dd995ebeba
 > git rev-list 90db66be389e799c9c2f87957d6ba660a19d9016 # timeout=10
[Geode-nightly] $ /bin/bash -xe /tmp/jenkins6667077375660088341.sh
+ git status
On branch develop
nothing to commit, working directory clean
[Geode-nightly] $ /bin/bash -xe /tmp/jenkins8057298070383831895.sh
+ docker pull apachegeode/geode-build
Using default tag: latest
latest: Pulling from apachegeode/geode-build
06b22ddb1913: Pulling fs layer
336c28b408ed: Pulling fs layer
1f3e6b8d80c3: Pulling fs layer
5ccc640979f6: Pulling fs layer
14eaa20184e6: Pulling fs layer
19a8522e2399: Pulling fs layer
39ba9d7befca: Pulling fs layer
635bf5037831: Pulling fs layer
d1236c277f1c: Pulling fs layer
7d77086df8c4: Pulling fs layer
0851a1a4aa6e: Pulling fs layer
194a744ae517: Pulling fs layer
5ccc640979f6: Waiting
19a8522e2399: Waiting
14eaa20184e6: Waiting
39ba9d7befca: Waiting
7d77086df8c4: Waiting
194a744ae517: Waiting
0851a1a4aa6e: Waiting
635bf5037831: Waiting
336c28b408ed: Verifying Checksum
336c28b408ed: Download complete
1f3e6b8d80c3: Verifying Checksum
1f3e6b8d80c3: Download complete
06b22ddb1913: Verifying Checksum
06b22ddb1913: Download complete
19a8522e2399: Verifying Checksum
19a8522e2399: Download complete
5ccc640979f6: Verifying Checksum
5ccc640979f6: Download complete
14eaa20184e6: Download complete
39ba9d7befca: Verifying Checksum
39ba9d7befca: Download complete
d1236c277f1c: Download complete
7d77086df8c4: Verifying Checksum
7d77086df8c4: Download complete
0851a1a4aa6e: Verifying Checksum
0851a1a4aa6e: Download complete
194a744ae517: Download complete
635bf5037831: Verifying Checksum
635bf5037831: Download complete
06b22ddb1913: Pull complete
336c28b408ed: Pull complete
1f3e6b8d80c3: Pull complete
5ccc640979f6: Pull complete
14eaa20184e6: Pull complete
19a8522e2399: Pull complete
39ba9d7befca: Pull complete
635bf5037831: Pull complete
d1236c277f1c: Pull complete
7d77086df8c4: Pull complete
0851a1a4aa6e: Pull complete
194a744ae517: Pull complete
Digest: sha256:65cae64e514e4439c35afac2232e3fb8af3b4357c3b911648125d961b571a4c4
Status: Downloaded newer image for apachegeode/geode-build:latest
+ docker images
REPOSITORY   TAG IMAGE ID
CREATED SIZE
 d16a083f1b782 days 
ago  603 MB
traffic_monitor_builder  latest  2ca5052fb5962 days 
ago  687 MB
traffic_stats_builderlatest  353e9d68ce533 days 
ago  594 MB
traffic_ops_builder  latest  539e194fbc653 days 
ago  823 MB
trafficcontrol_tarball   latest  241f80b59d943 days 
ago  271 MB
traffic_router_builder   latest  1d7bed90d8ce3 days 
ago  687 MB
traffic_portal_builder   latest  98fcb3cb3b513 days 
ago  556 MB
traffic_monitor_golang_builder   latest  786efa7b82623 days 
ago  594 MB
centos   7   196e0ce0c9fb2 
weeks ago 197 MB
ubuntu

Permission to assign issue to myself

2017-09-29 Thread Yuqi Li 
Hi there,

I reported an issue related to Kafka Connect and I have a solution already.
Would like to have the issue assigned to myself so I can work on it and open a 
PR.
My JIRA username is  yuqili1...@gmai.com

Thanks,
Yuqi

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Mark Bretl 
+1 for removal

—Mark

On Fri, Sep 29, 2017 at 1:17 PM Gregory Chase  wrote:

> Yes please, especially since I'm not the one posting these :)
>
> On Fri, Sep 29, 2017 at 11:35 AM, Dave Barnes  wrote:
>
> > +1 to removing the button.
> > +1 to Dan's suggestion of nudging users toward the mailing list.  I see a
> > place we could add a few words on the Community page, where the Users
> > mailing list is the first entry; add to the blurb "or raise an issue".
> (The
> > Mailing Lists menu choice takes you here, as well.)
> >
> >
> > On Fri, Sep 29, 2017 at 11:15 AM, Dan Smith  wrote:
> >
> > > +1 - I think it would be better to just encourage users to send
> > > issues/questions to the users list initially.
> > >
> > > -Dan
> > >
> > > On Fri, Sep 29, 2017 at 11:08 AM, Michael William Dodge
> > >  wrote:
> > > > +1 to improving the signal-to-noise ratio
> > > >
> > > >> On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
> > > >>
> > > >> GEODE-3280
> > > >
> > >
> >
>
>
>
> --
> Greg Chase
>
> Product team, Pivotal Cloud Foundry Services
> https://pivotal.io/platform/services 
>
> Pivotal Software
> http://www.pivotal.io/
>
> 650-215-0477
> @GregChase
>

[Spring CI] Spring Data GemFire > Nightly-ApacheGeode > #694 was SUCCESSFUL (with 2182 tests)

2017-09-29 Thread Spring CI 

---
Spring Data GemFire > Nightly-ApacheGeode > #694 was successful.
---
Scheduled
2184 tests in total.

https://build.spring.io/browse/SGF-NAG-694/





--
This message is automatically generated by Atlassian Bamboo

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Gregory Chase 
Yes please, especially since I'm not the one posting these :)

On Fri, Sep 29, 2017 at 11:35 AM, Dave Barnes  wrote:

> +1 to removing the button.
> +1 to Dan's suggestion of nudging users toward the mailing list.  I see a
> place we could add a few words on the Community page, where the Users
> mailing list is the first entry; add to the blurb "or raise an issue". (The
> Mailing Lists menu choice takes you here, as well.)
>
>
> On Fri, Sep 29, 2017 at 11:15 AM, Dan Smith  wrote:
>
> > +1 - I think it would be better to just encourage users to send
> > issues/questions to the users list initially.
> >
> > -Dan
> >
> > On Fri, Sep 29, 2017 at 11:08 AM, Michael William Dodge
> >  wrote:
> > > +1 to improving the signal-to-noise ratio
> > >
> > >> On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
> > >>
> > >> GEODE-3280
> > >
> >
>



-- 
Greg Chase

Product team, Pivotal Cloud Foundry Services
https://pivotal.io/platform/services 

Pivotal Software
http://www.pivotal.io/

650-215-0477
@GregChase

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Dave Barnes 
+1 to removing the button.
+1 to Dan's suggestion of nudging users toward the mailing list.  I see a
place we could add a few words on the Community page, where the Users
mailing list is the first entry; add to the blurb "or raise an issue". (The
Mailing Lists menu choice takes you here, as well.)


On Fri, Sep 29, 2017 at 11:15 AM, Dan Smith  wrote:

> +1 - I think it would be better to just encourage users to send
> issues/questions to the users list initially.
>
> -Dan
>
> On Fri, Sep 29, 2017 at 11:08 AM, Michael William Dodge
>  wrote:
> > +1 to improving the signal-to-noise ratio
> >
> >> On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
> >>
> >> GEODE-3280
> >
>

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Dan Smith 
+1 - I think it would be better to just encourage users to send
issues/questions to the users list initially.

-Dan

On Fri, Sep 29, 2017 at 11:08 AM, Michael William Dodge
 wrote:
> +1 to improving the signal-to-noise ratio
>
>> On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
>>
>> GEODE-3280
>

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Lynn Hughes-Godfrey 
+1

On Fri, Sep 29, 2017 at 11:08 AM, Michael William Dodge 
wrote:

> +1 to improving the signal-to-noise ratio
>
> > On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
> >
> > GEODE-3280
>
>

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Joey McAllister 
+1 to removing the button

On Fri, Sep 29, 2017 at 11:09 AM Michael William Dodge 
wrote:

> +1 to improving the signal-to-noise ratio
>
> > On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
> >
> > GEODE-3280
>
>

Re: [DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Michael William Dodge 
+1 to improving the signal-to-noise ratio

> On 29 Sep, 2017, at 11:07, Jason Huynh  wrote:
> 
> GEODE-3280

[DISCUSS] Removal of "Submit an Issue" from Geode webpage

2017-09-29 Thread Jason Huynh 
I'd like to remove the "Submit an Issue" button/script attached to the site.

We occasionally get JIRA tickets that come through the Apache Geode website
through the "Submit an Issue" Button  However these tickets are being
created through a script, and this sets Gregory Chase as the reporter and
also marks the ticket as an Improvement.  We may also end up
overlooking/not seeing these issues (as GEODE-3280 had been open and no one
really noticed...)

For example:
https://issues.apache.org/jira/browse/GEODE-3280
https://issues.apache.org/jira/browse/GEODE-3709
https://issues.apache.org/jira/browse/GEODE-2181


Attached is a screen shot showing the "Submit an Issue" button[image:
Screen Shot 2017-09-29 at 10.43.44 AM.png]

[SECURITY] CVE-2017-9797 Apache Geode client/server authentication vulnerability

2017-09-29 Thread Anthony Baker 
CVE-2017-9797 Apache Geode client/server authentication vulnerability

Severity: Medium
CVSS Base Score 6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)

Vendor: The Apache Software Foundation

Versions Affected:
Apache Geode 1.0.0 through 1.2.0

Description:
When a cluster is operating in secure mode, an unauthenticated client
can enter multi-user authentication mode and send metadata messages.
These metadata operations could leak information about application
data types.  In addition, an attacker could perform a denial of
service attack on the cluster.

Mitigation:
Users of the affected versions should upgrade to Apache Geode 1.2.1 or later.

Credit:
This issue was reported responsibly to the Apache Geode Security Team
by Dan Smith from Pivotal.

References:
[1] https://issues.apache.org/jira/browse/GEODE-3249
[2] 
https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities

---
The Geode PMC

[SECURITY] CVE-2017-9794 Apache Geode gfsh query vulnerability

2017-09-29 Thread Anthony Baker 
CVE-2017-9794 Apache Geode gfsh query vulnerability

Severity: Low
CVSS Base Score 3.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

Vendor: The Apache Software Foundation

Versions Affected:
Apache Geode 1.0.0 through 1.2.0

Description:
When a cluster is operating in secure mode, a user with read
privileges for specific data  regions can use the gfsh command line
utility to execute queries.  The query results may contain data from
another user’s concurrently executing gfsh query, potentially
revealing data that the user is not authorized to view.

Mitigation:
Users of the affected versions should upgrade to Apache Geode 1.2.1 or later.

Credit:
This issue was reported responsibly to the Apache Geode PMC by Jared
Stewart from Pivotal.

References:
[1] https://issues.apache.org/jira/browse/GEODE-3217
[2] 
https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities

---
The Geode PMC

Build failed in Jenkins: Geode-nightly-flaky #135

2017-09-29 Thread Apache Jenkins Server 
See 


Changes:

[jdeppe] GEODE-3640: Accept all certs when --skip-ssl-verification is used

[jdeppe] GEODE-3640: Do not add skipSslVerifaction to SSLConfig

[jdeppe] GEODE-3640 Push setting default hostname verifier down to

[nabarunnag] GEODE-3520: isValid API made public

[gosullivan] GEODE-3710 Make CodecAlreadyRegisteredForTypeException a

[kohlmu-pivotal] GEODE-3717: Fixing CacheMaxConnectionJUnitTest

[kohlmu-pivotal] GEODE-3699: Prevent gradle warnings by avoiding deprecated << 
operator.

[jinmeiliao] GEODE-3703: rename target permission from JAR to DEPLOY

[lhughesgodfrey] GEODE-3612: Add support for hostname-for-senders in gfsh create

[jinmeiliao] GEODE-3720: clean up SocketCreators in each test VM properly

[upthewaterspout] Adding jpf.properties to .gitignore

[klund] GEODE-3713: add VM.getId() and fix VM.getPid()

--
[...truncated 108.76 KB...]
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-swagger-common/2.6.1/springfox-swagger-common-2.6.1.pom
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-spring-web/2.6.1/springfox-spring-web-2.6.1.pom
Download 
https://repo1.maven.org/maven2/com/fasterxml/classmate/1.3.1/classmate-1.3.1.pom
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-core/1.2.0.RELEASE/spring-plugin-core-1.2.0.RELEASE.pom
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin/1.2.0.RELEASE/spring-plugin-1.2.0.RELEASE.pom
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-metadata/1.2.0.RELEASE/spring-plugin-metadata-1.2.0.RELEASE.pom
Download 
https://repo1.maven.org/maven2/org/mapstruct/mapstruct/1.0.0.Final/mapstruct-1.0.0.Final.pom
Download 
https://repo1.maven.org/maven2/org/mapstruct/mapstruct-parent/1.0.0.Final/mapstruct-parent-1.0.0.Final.pom
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-core/2.6.1/springfox-core-2.6.1.pom
Download 
https://repo1.maven.org/maven2/com/fasterxml/jackson/module/jackson-module-scala_2.10/2.8.6/jackson-module-scala_2.10-2.8.6.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-swagger2/2.6.1/springfox-swagger2-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-swagger-ui/2.6.1/springfox-swagger-ui-2.6.1.jar
Download 
https://repo1.maven.org/maven2/org/springframework/hateoas/spring-hateoas/0.23.0.RELEASE/spring-hateoas-0.23.0.RELEASE.jar
Download 
https://repo1.maven.org/maven2/com/fasterxml/jackson/module/jackson-module-paranamer/2.8.6/jackson-module-paranamer-2.8.6.jar
Download 
https://repo1.maven.org/maven2/io/swagger/swagger-annotations/1.5.10/swagger-annotations-1.5.10.jar
Download 
https://repo1.maven.org/maven2/io/swagger/swagger-models/1.5.10/swagger-models-1.5.10.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-spi/2.6.1/springfox-spi-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-schema/2.6.1/springfox-schema-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-swagger-common/2.6.1/springfox-swagger-common-2.6.1.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-spring-web/2.6.1/springfox-spring-web-2.6.1.jar
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-core/1.2.0.RELEASE/spring-plugin-core-1.2.0.RELEASE.jar
Download 
https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-metadata/1.2.0.RELEASE/spring-plugin-metadata-1.2.0.RELEASE.jar
Download 
https://repo1.maven.org/maven2/org/mapstruct/mapstruct/1.0.0.Final/mapstruct-1.0.0.Final.jar
Download 
https://repo1.maven.org/maven2/com/thoughtworks/paranamer/paranamer/2.8/paranamer-2.8.jar
Download 
https://repo1.maven.org/maven2/io/springfox/springfox-core/2.6.1/springfox-core-2.6.1.jar
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
:geode-web-api:processResources
:geode-web-api:classes
:geode-assembly:docs
:geode-assembly:gfshDepsJar
:geode-common:javadocJar
:geode-common:sourcesJar
:geode-common:signArchives SKIPPED
:geode-core:javadocJar
:geode-core:raJar
:geode-core:jcaJar
:geode-core:sourcesJar
:geode-core:signArchives SKIPPED
:geode-core:webJar
:geode-cq:jar
:geode-cq:javadoc
:geode-cq:javadocJar
:geode-cq:sourcesJar
:geode-cq:signArchives SKIPPED
:geode-json:javadocJar
:geode-json:sourcesJar
:geode-json:signArchives SKIPPED
:geode-lucene:jar
:geode-lucene:javadoc
:geode-lucene:javadocJar
:geode-lucene:sourcesJar
:geode-lucene:signArchives SKIPPED
:geode-old-client-support:jar
:geode-old-client-support:javadoc
:geode-old-client-support:javadocJar
:geode-old-client-support:sourcesJar
:geode-old-client-support:signArchives SKIPPED
:geode-protobuf:jar
:geode-protobuf:javadoc
:geode-protobuf:javadocJar
:geode-protobuf:sourcesJar
:geode-protobuf:signArchives SKIPPED
:geode-pulse:javadoc

Jenkins build is back to normal : Geode-nightly #969

2017-09-29 Thread Apache Jenkins Server 
See