[
https://issues.apache.org/jira/browse/OOZIE-3657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488666#comment-17488666
]
Andras Salamon commented on OOZIE-3657:
---------------------------------------
Yes, Spotbugs errors can be ignored
{noformat}
17:53:23 +1 PATCH_APPLIES
17:53:23 +1 CLEAN
17:53:23 -1 RAW_PATCH_ANALYSIS
17:53:23 +1 the patch does not introduce any @author tags
17:53:23 +1 the patch does not introduce any tabs
17:53:23 +1 the patch does not introduce any trailing spaces
17:53:23 +1 the patch does not introduce any star imports
17:53:23 +1 the patch does not introduce any line longer than 132
17:53:23 -1 the patch does not add/modify any testcase
17:53:23 +1 RAT
17:53:23 +1 the patch does not seem to introduce new RAT warnings
17:53:23 +1 JAVADOC
17:53:23 +1 Javadoc generation succeeded with the patch
17:53:23 +1 the patch does not seem to introduce new Javadoc warning(s)
17:53:23 -1 COMPILE
17:53:23 -1 HEAD does not compile
17:53:23 +1 patch compiles
17:53:23 +1 the patch does not seem to introduce new javac warnings
17:53:23 -1 There are [4] new bugs found below threshold in total that must be
fixed.
17:53:23 +1 There are no new bugs found in [sharelib/oozie].
17:53:23 +1 There are no new bugs found in [sharelib/git].
17:53:23 +1 There are no new bugs found in [sharelib/sqoop].
17:53:23 +1 There are no new bugs found in [sharelib/pig].
17:53:23 +1 There are no new bugs found in [sharelib/streaming].
17:53:23 +1 There are no new bugs found in [sharelib/spark].
17:53:23 +1 There are no new bugs found in [sharelib/hcatalog].
17:53:23 +1 There are no new bugs found in [sharelib/hive2].
17:53:23 +1 There are no new bugs found in [sharelib/hive].
17:53:23 +1 There are no new bugs found in [sharelib/distcp].
17:53:23 +1 There are no new bugs found in [docs].
17:53:23 +1 There are no new bugs found in [examples].
17:53:23 +1 There are no new bugs found in [fluent-job/fluent-job-api].
17:53:23 +1 There are no new bugs found in [webapp].
17:53:23 +1 There are no new bugs found in [client].
17:53:23 +1 There are no new bugs found in [tools].
17:53:23 -1 There are [4] new bugs found below threshold in [core] that
must be fixed.
17:53:23 You can find the SpotBugs diff here (look for the red and orange
ones): core/findbugs-new.html
17:53:23 The most important SpotBugs errors are:
17:53:23 At BulkJPAExecutor.java:[line 206]: This use of
javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
can be vulnerable to SQL/JPQL injection
17:53:23 At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line
175]
17:53:23 At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line
199]
17:53:23 java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V
reads a file whose location might be specified by user input: At
BulkJPAExecutor.java:[line 206]
17:53:23 At AuthorizationService.java:[line 189]: At
AuthorizationService.java:[line 192]
17:53:23 +1 There are no new bugs found in [server].
17:53:23 +1 BACKWARDS_COMPATIBILITY
17:53:23 +1 the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
17:53:23 +1 the patch does not modify JPA files
17:53:23 +1 TESTS
17:53:23 Tests run: 3215
17:53:23 Tests failed at first run:
17:53:23
TestPurgeXCommand#testPurgeableBundleUnpurgeableCoordinatorUnpurgebleWorkflowPurgeableSubWorkflow
17:53:23 For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
17:53:23 +1 DISTRO
17:53:23 +1 distro tarball builds with the patch
17:53:23 +1 MODERNIZER
17:53:23
17:53:23 ----------------------------
17:53:23 -1 Overall result, please check the reported -1(s)
{noformat}
> upgrade jetty to 9.4.44.v20210927 due to cve
> --------------------------------------------
>
> Key: OOZIE-3657
> URL: https://issues.apache.org/jira/browse/OOZIE-3657
> Project: Oozie
> Issue Type: Improvement
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Attachments: OOZIE-3657-001.patch
>
>
> https://github.com/advisories/GHSA-vjv5-gp2w-65vm
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
