[jira] [Commented] (RATIS-294) Fix ratis-hadoop CVEs

Hadoop QA (JIRA) Fri, 21 Sep 2018 14:18:06 -0700


    [ 
https://issues.apache.org/jira/browse/RATIS-294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624193#comment-16624193
 ]


Hadoop QA commented on RATIS-294:
---------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m 
12s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red}  0m  
0s{color} | {color:red} The patch doesn't appear to include any new or modified 
tests. Please justify why no new tests are needed for this patch. Also please 
list what manual steps were performed to verify this patch. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  1m 
11s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
48s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
41s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  1m 
 3s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
53s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  0m 
53s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green}  0m  
2s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
42s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 20m 55s{color} 
| {color:red} root in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
11s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 26m 49s{color} | 
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | ratis.netty.TestRaftReconfigurationWithNetty |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/ratis:date2018-09-21 
|
| JIRA Issue | RATIS-294 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12940842/r294_20180921.patch |
| Optional Tests |  asflicense  javac  javadoc  unit  xml  compile  |
| uname | Linux 90a12c8e3749 3.13.0-153-generic #203-Ubuntu SMP Thu Jun 14 
08:52:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | 
/home/jenkins/jenkins-slave/workspace/PreCommit-RATIS-Build/yetus-personality.sh
 |
| git revision | master / 3b9d50d |
| Default Java | 1.8.0_181 |
| unit | 
https://builds.apache.org/job/PreCommit-RATIS-Build/356/artifact/out/patch-unit-root.txt
 |
|  Test Results | 
https://builds.apache.org/job/PreCommit-RATIS-Build/356/testReport/ |
| modules | C: . U: . |
| Console output | 
https://builds.apache.org/job/PreCommit-RATIS-Build/356/console |
| Powered by | Apache Yetus 0.5.0   http://yetus.apache.org |


This message was automatically generated.



> Fix ratis-hadoop CVEs
> ---------------------
>
>                 Key: RATIS-294
>                 URL: https://issues.apache.org/jira/browse/RATIS-294
>             Project: Ratis
>          Issue Type: Improvement
>          Components: HadoopRPC
>            Reporter: Tsz Wo Nicholas Sze
>            Assignee: Tsz Wo Nicholas Sze
>            Priority: Blocker
>              Labels: ozone
>         Attachments: r294_20180921.patch
>
>
> There are multiple CVEs found in ratis-hadoop.
> - CVE-2012-4449  |  High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
> - CVE-2016-5001  |  Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
> - CVE-2017-3161  |  Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
> - CVE-2017-3162  |  High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
> It is very likely that the CVEs come from the Hadoop dependency.  We should 
> either update the Hadoop version or temporarily remove Hadoop dependency in 
> order to fix the CVEs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RATIS-294) Fix ratis-hadoop CVEs

Reply via email to