[
https://issues.apache.org/jira/browse/SOLR-15355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17429521#comment-17429521
]
David Smiley commented on SOLR-15355:
-------------------------------------
I was trying out [~krisden]'s
[solr-s3a-testing|https://github.com/risdenk/solr-s3a-testing] repo in order to
do a bit of experimentation of HdfsDirectory with S3. It worked before this
HDFS upgrade but not after. On core creation, the snapshot_metadata dir is
created but oddly Solr/HDFS is unable to read it immediately after. I saw this
in a debugger with [~nazerke]. SSH'ing into Minio's image shows the directory
was created. It's very weird. I tried disabling the block cache and NRT
wrapper to no avail. Using a file:///.... based protocol (thus not S3) worked,
if memory serves. Any idea what might be up with this Kevin? Do you think
upgrading to 3.3.1 might be straight-forward; perhaps that could fix it?
{noformat}
solr-s3a-testing-solr-1 | Caused by: java.lang.IllegalStateException:
java.io.FileNotFoundException: No such file or directory:
s3a://solr/test/core_node2/data/snapshot_metadata
solr-s3a-testing-solr-1 | at
org.apache.solr.core.SolrCore.initSnapshotMetaDataManager(SolrCore.java:557)
solr-s3a-testing-solr-1 | at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:995)
solr-s3a-testing-solr-1 | ... 51 more
solr-s3a-testing-solr-1 | Caused by: java.io.FileNotFoundException: No such
file or directory: s3a://solr/test/core_node2/data/snapshot_metadata
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.S3AFileSystem.s3GetFileStatus(S3AFileSystem.java:2344)
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.S3AFileSystem.innerGetFileStatus(S3AFileSystem.java:2226)
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.S3AFileSystem.getFileStatus(S3AFileSystem.java:2160)
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.S3AFileSystem.innerListStatus(S3AFileSystem.java:1961)
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.S3AFileSystem.lambda$listStatus$9(S3AFileSystem.java:1940)
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.Invoker.once(Invoker.java:109)
solr-s3a-testing-solr-1 | at
org.apache.hadoop.fs.s3a.S3AFileSystem.listStatus(S3AFileSystem.java:1940)
solr-s3a-testing-solr-1 | at
org.apache.solr.store.hdfs.HdfsDirectory.listAll(HdfsDirectory.java:200)
solr-s3a-testing-solr-1 | at
org.apache.lucene.store.FilterDirectory.listAll(FilterDirectory.java:58)
solr-s3a-testing-solr-1 | at
org.apache.lucene.store.NRTCachingDirectory.listAll(NRTCachingDirectory.java:102)
solr-s3a-testing-solr-1 | at
org.apache.solr.core.snapshots.SolrSnapshotMetaDataManager.loadFromSnapshotMetadataFile(SolrSnapshotMetaDataManager.java:369)
solr-s3a-testing-solr-1 | at
org.apache.solr.core.snapshots.SolrSnapshotMetaDataManager.<init>(SolrSnapshotMetaDataManager.java:149)
solr-s3a-testing-solr-1 | at
org.apache.solr.core.snapshots.SolrSnapshotMetaDataManager.<init>(SolrSnapshotMetaDataManager.java:128)
solr-s3a-testing-solr-1 | at
org.apache.solr.core.SolrCore.initSnapshotMetaDataManager(SolrCore.java:555)
solr-s3a-testing-solr-1 | ... 52 more
{noformat}
> CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2
> --------------------------------------------------
>
> Key: SOLR-15355
> URL: https://issues.apache.org/jira/browse/SOLR-15355
> Project: Solr
> Issue Type: Bug
> Components: hdfs, security
> Affects Versions: 8.6, 8.6.2
> Reporter: Nazerke Seidan
> Priority: Major
> Fix For: 8.10
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> CVE-2020-9492 vuln. issue is found in 8x component
> maven:org.apache.hadoop:hadoop-hdfs-client (version3.2.0) It seems with the
> version 3.2.0 hdfs client might send authorization header to remote url
> without verification.
> ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9492])
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
