[
https://issues.apache.org/jira/browse/BEAM-11227?focusedWorklogId=570787&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-570787
]
ASF GitHub Bot logged work on BEAM-11227:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 23/Mar/21 21:12
Start Date: 23/Mar/21 21:12
Worklog Time Spent: 10m
Work Description: suztomo commented on pull request #14295:
URL: https://github.com/apache/beam/pull/14295#issuecomment-805264109
Java Precommit is unstable with this PR. Sometimes it succeeds. This PR of
upgrading gRPC might be introducing randomly failing tests
(`ParDoLifecycleTest`, `MetricsTest$AttemptedMetricTests` above, yesterday it
was timed-out).
<img width="532" alt="Screen Shot 2021-03-23 at 17 02 37"
src="https://user-images.githubusercontent.com/28604/112218180-d0bb8580-8bf9-11eb-9bb2-b8ea96eac4f5.png";>
(Compare this to an empty change with 5 consecutive success
https://github.com/apache/beam/pull/14307#issuecomment-805255582)
@kennknowles The failures are from different test classes. Have you
observed such problematic PRs in past?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 570787)
Time Spent: 58h 50m (was: 58h 40m)
> Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216
> ---------------------------------------------------------
>
> Key: BEAM-11227
> URL: https://issues.apache.org/jira/browse/BEAM-11227
> Project: Beam
> Issue Type: Bug
> Components: build-system
> Affects Versions: 2.21.0, 2.22.0, 2.23.0, 2.24.0, 2.25.0
> Reporter: Boury Mbodj
> Assignee: Kenneth Knowles
> Priority: P1
> Labels: apache-beam, beam
> Fix For: 2.29.0
>
> Time Spent: 58h 50m
> Remaining Estimate: 0h
>
> *+Description+**:* [Apache Beam :: Vendored Dependencies :: GRPC ::
> 1.26.0|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_26_0]
> »
> [0.3|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_26_0/0.3]
> uses the dependency Eclipse Jetty (9.2.10.v20150310), which is prone to a
> privilege escalation vulnerability. This issue (CVE-2020-27216) was published
> on 23/10/2020.
> *+Affected Versions:+*
> Eclipse Jetty versions 9.4.32.v20200930 and prior, 10.0.0.beta2 and prior
> and 11.0.0.beta2 and prior.
> *+Recommendation/+* *+Update Suggestion:+*
> Update the Eclipse Jetty dependency to version 9.4.33.v20201020,
> 10.0.0.beta3, 11.0.0.beta3 or later.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
![https://user-images.githubusercontent.com/28604/112218180-d0bb8580-8bf9-11eb-9bb2-b8ea96eac4f5.png"](https://user-images.githubusercontent.com/28604/112218180-d0bb8580-8bf9-11eb-9bb2-b8ea96eac4f5.png"){kind=link}