Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump zookeeper version to solve CVE-2023-44981 #18378

Open
wants to merge 3 commits into
base: master-2.x
Choose a base branch
from
Open

Bump zookeeper version to solve CVE-2023-44981 #18378

wants to merge 3 commits into from

Conversation

maobaolong
Copy link
Contributor

@maobaolong maobaolong commented Nov 6, 2023
edited
Loading

@maobaolong maobaolong requested a review from jiacheliu3 November 6, 2023 07:06
@maobaolong maobaolong closed this Nov 17, 2023
@maobaolong maobaolong reopened this Nov 17, 2023
@jiacheliu3
Copy link
Contributor

jiacheliu3 commented Nov 19, 2023
edited by maobaolong
Loading

what is GHSA-7286-pgfv-vxvh ? I can't open it

@maobaolong maobaolong closed this Nov 19, 2023
@maobaolong maobaolong reopened this Nov 19, 2023
@dbw9580 dbw9580 self-requested a review November 24, 2023 03:27
@dbw9580
Copy link
Contributor

dbw9580 commented Nov 24, 2023

test failure was due to compilation error:

ERROR] /usr/src/alluxio/core/common/src/main/java/alluxio/util/LogUtils.java:[24,22] cannot find symbol
Error: 6.764 [ERROR]   symbol:   class Log4jLoggerAdapter
Error: 6.764 [ERROR]   location: package org.slf4j.impl
Error: 6.764 [ERROR] /usr/src/alluxio/core/common/src/main/java/alluxio/util/LogUtils.java:[78,47] package org.apache.log4j does not exist
Error: 6.764 [ERROR] /usr/src/alluxio/core/common/src/main/java/alluxio/AlluxioRemoteLogFilter.java:[14,24] package org.apache.log4j does not exist
Error: 6.765 [ERROR] /usr/src/alluxio/core/common/src/main/java/alluxio/AlluxioRemoteLogFilter.java:[15,28] package org.apache.log4j.spi does not exist
Error: 6.765 [ERROR] /usr/src/alluxio/core/common/src/main/java/alluxio/AlluxioRemoteLogFilter.java:[16,28] package org.apache.log4j.spi does not exist

looks like a transitive dependency issue.

@dbw9580 dbw9580 changed the title Bump zookeeper version to solve HOSA-mwn2-2xzbu57el Bump zookeeper version to solve CVE-2023-44981 Nov 24, 2023
@maobaolong
Copy link
Contributor Author

The failed ci check looks not related to this PR

2023-12-04T02:44:47.1518870Z 02:44:47.150 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:3.2.3:shade (shade) on project alluxio-underfs-adl: Error creating shaded jar: error in opening zip file /home/jenkins/.m2/repository/org/wildfly/openssl/wildfly-openssl/1.0.7.Final/wildfly-openssl-1.0.7.Final.jar -> [Help 1]
2023-12-04T02:44:47.1526516Z 02:44:47.151 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:3.2.3:shade (shade) on project alluxio-underfs-wasb: Error creating shaded jar: error in opening zip file /home/jenkins/.m2/repository/org/wildfly/openssl/wildfly-openssl/1.0.7.Final/wildfly-openssl-1.0.7.Final.jar -> [Help 1]
2023-12-04T02:44:47.1553701Z 02:44:47.152 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:3.2.3:shade (shade) on project alluxio-underfs-abfs: Error creating shaded jar: error in opening zip file /home/jenkins/.m2/repository/org/wildfly/openssl/wildfly-openssl/1.0.7.Final/wildfly-openssl-1.0.7.Final.jar -> [Help 1]
2023-12-04T02:44:47.1557187Z 02:44:47.154 [ERROR]

@maobaolong maobaolong closed this Dec 8, 2023
@maobaolong maobaolong reopened this Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiacheliu3 jiacheliu3 Awaiting requested review from jiacheliu3

@dbw9580 dbw9580 Awaiting requested review from dbw9580

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maobaolong @jiacheliu3 @dbw9580