Re: mesos git commit: Added documentation for API versioning.

The "Upgrades" section says "The master and agent are typically compatible as long as they are running the same major version.". Is my understanding correct that this will apply to 1.0.0+ versions? Currently we advice people not to skip any Mesos releases, could you please clarify that in the doc?

Re: mesos git commit: Added recommendations for programming with persistent volumes.

One more caveat here is when there are multiple frameworks in the role: one framework may successfully reserve certain resources but they will be offered to another framework in the role. Do you think it's worth mentioning this use case in the doc? On 18 January 2016 at 23:30,

Re: [3/9] mesos git commit: Added agent flags for HTTP authentication.

Greg, let's use `EXIT(EXIT_FAILURE)` instead of `EXIT(1)` in the future. I'll be fixing all occurrences (including these) in our codebase for consistency soon. Alex. On 24 March 2016 at 05:07, wrote: > Added agent flags for HTTP authentication. > > Three command-line flags

Re: [5/6] mesos git commit: WIP: mesos-execute.

Folks, my apologies for this. The rogue patch has been reverted, all culprits are punished. AlexR. On 31 March 2016 at 15:32, wrote: > WIP: mesos-execute. > > > Project: http://git-wip-us.apache.org/repos/asf/mesos/repo > Commit:

Re: mesos git commit: Replaced CHECK with CHECK_READY.

I agree that "atomic patches" (those that do one thing per patch) are a good thing because they simplify navigating history, do blame and bisect. But how to define that "one thing"? Some people would say, that a new feature is one thing, and if introducing a feature requires some refactoring, it

[VOTE] Release Apache Mesos 1.1.1 (rc1)

Hi all, Please vote on releasing the following candidate as Apache Mesos 1.1.1. 1.1.1 includes the following: ** Bug * [MESOS-6002] - The whiteout file cannot be removed correctly using aufs backend. *

Re: mesos git commit: Fixed a typo in `docker_containerizer_tests.cpp`.

Thanks for fixing typos on the go Qian, details matter. I've decided I share with you a lifehack I use : ) Every time I encounter a typo, I assume it has been copy-pasted, so I grep the whole folder for a misspelled word and fix all occurrences in one shot to minimize the churn. For example,

Re: Build failed in Jenkins: Mesos » autotools,gcc,--verbose --enable-libevent --enable-ssl,GLOG_v=1 MESOS_VERBOSE=1,ubuntu:14.04,(docker||Hadoop)&&(!ubuntu-us1)&&(!ubuntu-6)&&(!ubuntu-eu2) #2933

Looks like VM lag again: http://pastebin.com/GZhG4fuN What do folks think about removing future timeouts in tests altogether? Instead, we can time the whole suite differently on different CIs? On 16 November 2016 at 15:30, Apache Jenkins Server < jenk...@builds.apache.org> wrote: > See

Re: [2/2] mesos git commit: Added documentation on the state of Windows support.

All: Please follow the markdown style guide [1] for docs. Here formatting of code snippets and spacing between sections need to be cleaned up. [1] https://github.com/apache/mesos/blob/d150036bfbdb595f43e9cb85b999495865dabf54/docs/markdown-style-guide.md On 1 November 2016 at 23:53,

Re: Build failed in Jenkins: Mesos » autotools,gcc,--verbose,GLOG_v=1 MESOS_VERBOSE=1,ubuntu:14.04,(docker||Hadoop)&&(!ubuntu-us1)&&(!ubuntu-6) #2853

>From the log: I1031 13:57:54.254748 29433 sched.cpp:820] Sending SUBSCRIBE call to master@172.17.0.2:34385 I1031 13:58:18.482736 29433 sched.cpp:853] Will retry registration in 3.204867476secs if necessary Looks like this VM experienced a lag. On 31 October 2016 at 15:04, Apache Jenkins Server

Re: mesos git commit: Added documentation for posix/rlimit isolator.

Folks, I saw this commit today and thought I would use this opportunity to remind everyone the obvious: documentation is usually the first thing a user—especially a new user—sees when they start evaluating Mesos. As with everything, first impression is utterly important. Please strive to make our

Re: Build failed in Jenkins: Mesos-Reviewbot #19409

We broke the Apache CI in [1]. Due to a docker bug [2], cmake manual installation step (we can't use the packaged one since we require cmake to be at least 3.7) failed and so the whole build. Andrei Budnik has found and tested the workaround [3], which is now committed upstream. Apologies for the

CVE-2017-7687: Libprocess might crash when decoding a malformed request.

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 1.1.0 to 1.3.0 The unsupported Apache Mesos 1.0.x as well as 0.x versions may be also affected. Description: When handling a decoding failure for a malformed URL path of an HTTP request, libprocess might

CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 1.1.0 to 1.3.0 The unsupported Apache Mesos 1.0.x as well as 0.x versions may be also affected. Description: When handling a libprocess message wrapped in an HTTP request, libprocess crashes if the

Re: [6/6] mesos git commit: Added `linux/devices` isolator whitelist tests.

This commit breaks the build on Ubuntu 14.04 with `gcc (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4` due to what seems to me a compiler bug, likely this one [1]. Ubuntu 14.04 is officially supported until mid-2019, hence not sure we can ignore this issue. James, can you commit a workaround? [1]

CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API.

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 1.4.0 to 1.6.0 The unsupported Apache Mesos pre-1.4.0 releases may be also affected. Description: Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web

CVE-2018-1330: Libprocess might crash when decoding malformed HTTP requests or malformed JSON payload.

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 1.4.0 to 1.5.0 The unsupported Apache Mesos pre-1.4.0 releases may be also affected. Description: When parsing a malformed JSON payload, libprocess might crash due to an uncaught exception. Parsing

CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 1.4.0 to 1.7.0 The unsupported Apache Mesos pre-1.4.0 releases may be also affected. Description: A specifically crafted Docker image running under the root user can overwrite the init helper binary of

CVE-2018-11793: Mesos components might crash when parsing deeply nested JSON structures.

Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 1.4.0 to 1.7.0 The unsupported Apache Mesos pre-1.4.0 releases may be also affected. Description: When parsing a JSON payload with deeply nested JSON structures, the parser might overflow the stack due to

Welcome Benno Evers as committer and PMC member!

Folks, Please welcome Benno Evers as an Apache committer and PMC member of the Apache Mesos! Benno has been active in the project for more than a year now and has made significant contributions, including: * Agent reconfiguration, MESOS-1739 * Memory profiling, MESOS-7944 * "/state"

Re: [VOTE] Move Apache Mesos to Attic

+1 (binding) Great times having worked with you folks! On Mon, 5 Apr 2021 at 21:50, Andrew Schwartzmeyer wrote: > It seems to be the best (and really only) move at this point, +1. > > It was nice working with you all! > > Andy > > On 2021/04/05 18:31:13, Benjamin Bannier wrote: > > With a