Re: [DISCUSS] Proposal to add transaction support to TinkerGraph.
Hi all, I opened PR with a detailed proposal for transaction implementation: https://github.com/apache/tinkerpop/pull/2054. Regards, Valentyn On Mon, Feb 27, 2023 at 1:22 PM Valentyn Kahamlyk < valent...@bitquilltech.com> wrote: > Hi all, > > Now, if you need to use transactions in tinkerpop, the only solution is to > use the Neo4J plugin. Unfortunately, this plugin has not been updated for a > long time and is only compatible with Neo4J version 3.4, which reached end > of life in March, 2020. > > I propose to implement native transaction support in TinkerGraph. > > The most interesting question to discuss is the level of isolation in SQL > 92 terms. There are 5 options to choose from: `Read uncommitted`, `Read > committed`, `Repeatable read`, `Snapshot` and `Serializable`. > > In terms of balancing complexity of implementation and functionality, I > think the most optimal option is `Read committed` or `Repeatable read`. > > I hope to implement `Read committed`, it is enough to add versions to the > Vertices and Edges, add list of updated Elements in Graph. > Write lock can be Vertex-level and Edge-level. > > Regards, Valentyn >
[jira] [Commented] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0
[ https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721547#comment-17721547 ] ASF GitHub Bot commented on TINKERPOP-2948: --- codecov-commenter commented on PR #2061: URL: https://github.com/apache/tinkerpop/pull/2061#issuecomment-1542785683 ## [Codecov](https://app.codecov.io/gh/apache/tinkerpop/pull/2061?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > Merging [#2061](https://app.codecov.io/gh/apache/tinkerpop/pull/2061?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (311cd8d) into [3.5-dev](https://app.codecov.io/gh/apache/tinkerpop/commit/2ee47f203ffa76b9c0c466bd8ba291010afdd831?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (2ee47f2) will **decrease** coverage by `5.14%`. > The diff coverage is `n/a`. ```diff @@ Coverage Diff @@ ## 3.5-dev#2061 +/- ## = - Coverage 69.38% 64.24% -5.14% = Files866 25 -841 Lines 41251 3759 -37492 Branches54420-5442 = - Hits 28621 2415 -26206 + Misses 10719 1166-9553 + Partials1911 178-1733 ``` [see 841 files with indirect coverage changes](https://app.codecov.io/gh/apache/tinkerpop/pull/2061/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) > PRISMA security vulnerabilty for jackson-databind 2.14.0 > > > Key: TINKERPOP-2948 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 > Project: TinkerPop > Issue Type: Bug > Components: server >Affects Versions: 3.6.3, 3.5.6 >Reporter: Aaron Coady >Priority: Major > > > h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 > [https://github.com/FasterXML/jackson-core/pull/827] > > com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are > vulnerable to Denial of Service (DoS). The package does not properly restrict > the size or amount of resources that are requested or influenced by an actor, > which can be used to consume more resources than intended and leads to > Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)
[DISCUSS] Proposing 3.6.4 Patch Release
Hi all, In light of a recently discovered critical bug in TextP.regex() serialization in 3.6.x (https://issues.apache.org/jira/browse/TINKERPOP-2945), which unfortunately missed the 3.6.3 release, I'd like to propose a patch release as 3.6.4 to bring this fix to the users as soon as possible. Given we just had a release and no new changes have been merged, I propose we can skip the code freeze week and begin the preparation for the release VOTE on 3.6.4 once the fix is merged ( https://github.com/apache/tinkerpop/pull/2059). We will essentially be performing a full release on the 3.6.4 branch only. The 3.5-dev and 3.6-dev branches will need to be frozen to any changes which would fall outside of this 3.6.4 patch release. I do want to point out a .NET memory leak fix in 3.5 ( https://issues.apache.org/jira/browse/TINKERPOP-2944), with PR ( https://github.com/apache/tinkerpop/pull/2058) by Florian may warrant inclusion in this patch release. I would welcome any feedback regarding the inclusion of this change in a 3.6.4 patch release, as well as if it would also justify a 3.5.7 patch release. If there are no responses, I will assume a lazy consensus supporting a 3.6.4 patch release only, with the only significant change being TINKERPOP-2945. I would also look to include a few trivial changes such as https://github.com/apache/tinkerpop/pull/2052 and fixes to the console and server NOTICE files. Feel free to comment on this thread if you have any questions or concerns. Regards, Yang *--* *Yang Xia*
[jira] [Created] (TINKERPOP-2949) More strict handling of predicates
Valentyn Kahamlyk created TINKERPOP-2949: Summary: More strict handling of predicates Key: TINKERPOP-2949 URL: https://issues.apache.org/jira/browse/TINKERPOP-2949 Project: TinkerPop Issue Type: Improvement Components: process Affects Versions: 3.7.0 Reporter: Valentyn Kahamlyk P, TextP, ConnectiveP now accept arbitrary `biPredicate` as argument, which can lead to serialization problems. Introduce new interface over `biPredicate` to make predicate naming more strict -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0
[ https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721531#comment-17721531 ] ASF GitHub Bot commented on TINKERPOP-2948: --- acoady opened a new pull request, #2061: URL: https://github.com/apache/tinkerpop/pull/2061 (no comment) > PRISMA security vulnerabilty for jackson-databind 2.14.0 > > > Key: TINKERPOP-2948 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 > Project: TinkerPop > Issue Type: Bug > Components: server >Affects Versions: 3.6.3, 3.5.6 >Reporter: Aaron Coady >Priority: Major > > > h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 > [https://github.com/FasterXML/jackson-core/pull/827] > > com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are > vulnerable to Denial of Service (DoS). The package does not properly restrict > the size or amount of resources that are requested or influenced by an actor, > which can be used to consume more resources than intended and leads to > Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0
[ https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721530#comment-17721530 ] ASF GitHub Bot commented on TINKERPOP-2948: --- acoady closed pull request #2060: [TINKERPOP-2948] Bump jackson databind to 2.15.0 URL: https://github.com/apache/tinkerpop/pull/2060 > PRISMA security vulnerabilty for jackson-databind 2.14.0 > > > Key: TINKERPOP-2948 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 > Project: TinkerPop > Issue Type: Bug > Components: server >Affects Versions: 3.6.3, 3.5.6 >Reporter: Aaron Coady >Priority: Major > > > h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 > [https://github.com/FasterXML/jackson-core/pull/827] > > com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are > vulnerable to Denial of Service (DoS). The package does not properly restrict > the size or amount of resources that are requested or influenced by an actor, > which can be used to consume more resources than intended and leads to > Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0
[ https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721523#comment-17721523 ] ASF GitHub Bot commented on TINKERPOP-2948: --- acoady opened a new pull request, #2060: URL: https://github.com/apache/tinkerpop/pull/2060 (no comment) > PRISMA security vulnerabilty for jackson-databind 2.14.0 > > > Key: TINKERPOP-2948 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 > Project: TinkerPop > Issue Type: Bug > Components: server >Affects Versions: 3.6.3, 3.5.6 >Reporter: Aaron Coady >Priority: Major > > > h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 > [https://github.com/FasterXML/jackson-core/pull/827] > > com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are > vulnerable to Denial of Service (DoS). The package does not properly restrict > the size or amount of resources that are requested or influenced by an actor, > which can be used to consume more resources than intended and leads to > Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0
Aaron Coady created TINKERPOP-2948: -- Summary: PRISMA security vulnerabilty for jackson-databind 2.14.0 Key: TINKERPOP-2948 URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 Project: TinkerPop Issue Type: Bug Components: server Affects Versions: 3.5.6, 3.6.3 Reporter: Aaron Coady h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 [https://github.com/FasterXML/jackson-core/pull/827] com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS). The package does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended and leads to Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TINKERPOP-2947) Provide a plain text serializer for HTTP
Stephen Mallette created TINKERPOP-2947: --- Summary: Provide a plain text serializer for HTTP Key: TINKERPOP-2947 URL: https://issues.apache.org/jira/browse/TINKERPOP-2947 Project: TinkerPop Issue Type: Improvement Components: server Affects Versions: 3.6.3 Reporter: Stephen Mallette Provide a way to return just plain text from the HTTP endpoint using {{text/plain}}. Follow the format of Gremlin Console. This feature could help tools with their integrations. -- This message was sent by Atlassian Jira (v8.20.10#820010)