[ https://issues.apache.org/jira/browse/OOZIE-3657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488666#comment-17488666 ]
Andras Salamon commented on OOZIE-3657: --------------------------------------- Yes, Spotbugs errors can be ignored {noformat} 17:53:23 +1 PATCH_APPLIES 17:53:23 +1 CLEAN 17:53:23 -1 RAW_PATCH_ANALYSIS 17:53:23 +1 the patch does not introduce any @author tags 17:53:23 +1 the patch does not introduce any tabs 17:53:23 +1 the patch does not introduce any trailing spaces 17:53:23 +1 the patch does not introduce any star imports 17:53:23 +1 the patch does not introduce any line longer than 132 17:53:23 -1 the patch does not add/modify any testcase 17:53:23 +1 RAT 17:53:23 +1 the patch does not seem to introduce new RAT warnings 17:53:23 +1 JAVADOC 17:53:23 +1 Javadoc generation succeeded with the patch 17:53:23 +1 the patch does not seem to introduce new Javadoc warning(s) 17:53:23 -1 COMPILE 17:53:23 -1 HEAD does not compile 17:53:23 +1 patch compiles 17:53:23 +1 the patch does not seem to introduce new javac warnings 17:53:23 -1 There are [4] new bugs found below threshold in total that must be fixed. 17:53:23 +1 There are no new bugs found in [sharelib/oozie]. 17:53:23 +1 There are no new bugs found in [sharelib/git]. 17:53:23 +1 There are no new bugs found in [sharelib/sqoop]. 17:53:23 +1 There are no new bugs found in [sharelib/pig]. 17:53:23 +1 There are no new bugs found in [sharelib/streaming]. 17:53:23 +1 There are no new bugs found in [sharelib/spark]. 17:53:23 +1 There are no new bugs found in [sharelib/hcatalog]. 17:53:23 +1 There are no new bugs found in [sharelib/hive2]. 17:53:23 +1 There are no new bugs found in [sharelib/hive]. 17:53:23 +1 There are no new bugs found in [sharelib/distcp]. 17:53:23 +1 There are no new bugs found in [docs]. 17:53:23 +1 There are no new bugs found in [examples]. 17:53:23 +1 There are no new bugs found in [fluent-job/fluent-job-api]. 17:53:23 +1 There are no new bugs found in [webapp]. 17:53:23 +1 There are no new bugs found in [client]. 17:53:23 +1 There are no new bugs found in [tools]. 17:53:23 -1 There are [4] new bugs found below threshold in [core] that must be fixed. 17:53:23 You can find the SpotBugs diff here (look for the red and orange ones): core/findbugs-new.html 17:53:23 The most important SpotBugs errors are: 17:53:23 At BulkJPAExecutor.java:[line 206]: This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection 17:53:23 At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175] 17:53:23 At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199] 17:53:23 java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input: At BulkJPAExecutor.java:[line 206] 17:53:23 At AuthorizationService.java:[line 189]: At AuthorizationService.java:[line 192] 17:53:23 +1 There are no new bugs found in [server]. 17:53:23 +1 BACKWARDS_COMPATIBILITY 17:53:23 +1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient annotations 17:53:23 +1 the patch does not modify JPA files 17:53:23 +1 TESTS 17:53:23 Tests run: 3215 17:53:23 Tests failed at first run: 17:53:23 TestPurgeXCommand#testPurgeableBundleUnpurgeableCoordinatorUnpurgebleWorkflowPurgeableSubWorkflow 17:53:23 For the complete list of flaky tests, see TEST-SUMMARY-FULL files. 17:53:23 +1 DISTRO 17:53:23 +1 distro tarball builds with the patch 17:53:23 +1 MODERNIZER 17:53:23 17:53:23 ---------------------------- 17:53:23 -1 Overall result, please check the reported -1(s) {noformat} > upgrade jetty to 9.4.44.v20210927 due to cve > -------------------------------------------- > > Key: OOZIE-3657 > URL: https://issues.apache.org/jira/browse/OOZIE-3657 > Project: Oozie > Issue Type: Improvement > Reporter: PJ Fanning > Assignee: PJ Fanning > Priority: Major > Attachments: OOZIE-3657-001.patch > > > https://github.com/advisories/GHSA-vjv5-gp2w-65vm -- This message was sent by Atlassian Jira (v8.20.1#820001)