[jira] [Updated] (GEODE-10339) The server fails to start because the .crf or the .drf file is missing
[ https://issues.apache.org/jira/browse/GEODE-10339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated GEODE-10339: --- Labels: pull-request-available (was: ) > The server fails to start because the .crf or the .drf file is missing > -- > > Key: GEODE-10339 > URL: https://issues.apache.org/jira/browse/GEODE-10339 > Project: Geode > Issue Type: Bug >Reporter: Jakov Varenina >Priority: Major > Labels: pull-request-available > > {color:#0e101a}The server fails with following:{color} > {code:java} > {"timestamp":"2022-05-16T08:25:35.708Z","severity":"error","message":"Cache > initialization for GemFireCache[id = 776315735; isClosing = false; > isShutDownAll = false; created = Mon May 16 08:25:33 UTC 2022; server = > false; copyOnRead = false; lockLease = 120; lockTimeout = 60] failed because: > java.lang.IllegalStateException: The following required files could not be > found: *.crf files with these ids: > [33].","metadata":{"function":"KVDB"},"version":"1.1.0","service_id":"eric-udr-kvdb-ag","extra_data":{"thread_info":{"thread_name":"main","thread_id":"1"},"e":{"exception":""}}} > {code} > > {color:#0e101a}As a last compaction step, the server deletes the compacted > .crf file. The deletion is done in the following way:{color} > # {color:#0e101a}Write delete operation (delete ".crf" file) in the ".if" > file. {color} > # {color:#0e101a}Delete .crf file{color} > {color:#0e101a}The problem with server startup happens in the following > scenario:{color} > # {color:#0e101a}The server writes the delete operation (for .crf file) in > the ".if" file. The write is not immediately flushed to the ".if" file, but > it goes to the async write buffer.{color} > # {color:#0e101a}The server deletes the ".crf" file.{color} > # {color:#0e101a}The forceful restart (of the machine where the server > resides) happens before the async write buffer is flushed to the ".if" file. > This scenario leaves the ".if" file not updated, and therefore server startup > fails later on from the persisted region data.{color} > > {color:#0e101a}To avoid the above issue, we can use the existing parameter in > a geode that forces the server to write synchronously to the ".if" > file:{color} > {code:java} > --J=-Dgemfire.syncMetaDataWrites=true > {code} > {color:#0e101a}This parameter is not mentioned anywhere in the documentation. > So it would be good to add it to the following document:{color} > {color:#0e101a}[https://geode.apache.org/docs/guide/114/managing/disk_storage/managing_disk_buffer_flushes.html]{color} > > {color:#0e101a}Changing this parameter's default value to true would also be > good. {color}{color:#0e101a}This parameter should not affect performance as > the ".if" file is not updated frequently.{color} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (GEODE-10339) The server fails to start because the .crf or the .drf file is missing
[ https://issues.apache.org/jira/browse/GEODE-10339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jakov Varenina reassigned GEODE-10339: -- Assignee: Jakov Varenina > The server fails to start because the .crf or the .drf file is missing > -- > > Key: GEODE-10339 > URL: https://issues.apache.org/jira/browse/GEODE-10339 > Project: Geode > Issue Type: Bug >Reporter: Jakov Varenina >Assignee: Jakov Varenina >Priority: Major > Labels: pull-request-available > > {color:#0e101a}The server fails with following:{color} > {code:java} > {"timestamp":"2022-05-16T08:25:35.708Z","severity":"error","message":"Cache > initialization for GemFireCache[id = 776315735; isClosing = false; > isShutDownAll = false; created = Mon May 16 08:25:33 UTC 2022; server = > false; copyOnRead = false; lockLease = 120; lockTimeout = 60] failed because: > java.lang.IllegalStateException: The following required files could not be > found: *.crf files with these ids: > [33].","metadata":{"function":"KVDB"},"version":"1.1.0","service_id":"eric-udr-kvdb-ag","extra_data":{"thread_info":{"thread_name":"main","thread_id":"1"},"e":{"exception":""}}} > {code} > > {color:#0e101a}As a last compaction step, the server deletes the compacted > .crf file. The deletion is done in the following way:{color} > # {color:#0e101a}Write delete operation (delete ".crf" file) in the ".if" > file. {color} > # {color:#0e101a}Delete .crf file{color} > {color:#0e101a}The problem with server startup happens in the following > scenario:{color} > # {color:#0e101a}The server writes the delete operation (for .crf file) in > the ".if" file. The write is not immediately flushed to the ".if" file, but > it goes to the async write buffer.{color} > # {color:#0e101a}The server deletes the ".crf" file.{color} > # {color:#0e101a}The forceful restart (of the machine where the server > resides) happens before the async write buffer is flushed to the ".if" file. > This scenario leaves the ".if" file not updated, and therefore server startup > fails later on from the persisted region data.{color} > > {color:#0e101a}To avoid the above issue, we can use the existing parameter in > a geode that forces the server to write synchronously to the ".if" > file:{color} > {code:java} > --J=-Dgemfire.syncMetaDataWrites=true > {code} > {color:#0e101a}This parameter is not mentioned anywhere in the documentation. > So it would be good to add it to the following document:{color} > {color:#0e101a}[https://geode.apache.org/docs/guide/114/managing/disk_storage/managing_disk_buffer_flushes.html]{color} > > {color:#0e101a}Changing this parameter's default value to true would also be > good. {color}{color:#0e101a}This parameter should not affect performance as > the ".if" file is not updated frequently.{color} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (GEODE-10414) Add putIfAbsent method to region interfaces
Mario Salazar de Torres created GEODE-10414: --- Summary: Add putIfAbsent method to region interfaces Key: GEODE-10414 URL: https://issues.apache.org/jira/browse/GEODE-10414 Project: Geode Issue Type: New Feature Components: native client Reporter: Mario Salazar de Torres *AS A* geode-native contributor *I WANT TO* have putIfAbsent region method implemented *SO THAT* I can atomically put entries only if they don't previously, exist and also, to align it with the Java API. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alexander Murmann updated GEODE-10415: -- Labels: needsTriage (was: ) > CVEs detected in latest geode > - > > Key: GEODE-10415 > URL: https://issues.apache.org/jira/browse/GEODE-10415 > Project: Geode > Issue Type: Bug >Affects Versions: 1.15.0 >Reporter: Shruti >Priority: Major > Labels: needsTriage > > We are detecting the following CVEs with geode > 💥 High or critical vulnerabilities: 21 > The spring-core is likely Not Affected. But we would like to know about the > rest of these listed CVEs. Any info is appreciated > > {{NAME INSTALLED FIXED-IN TYPE > VULNERABILITY SEVERITY > jetty-security 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-server 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-servlet 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-util 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-util-ajax 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-webapp 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-xml 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jgroups 3.6.14.Final 4.0.0 > java-archive GHSA-rc7h-x6cq-988q Critical > shiro-cache 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-config-core 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-config-ogdl 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-core 1.9.0 1.9.1 > java-archive GHSA-4cf5-xmhp-3xj7 Critical > shiro-core 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-crypto-cipher 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-crypto-core 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-crypto-hash 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-event 1.9.0 > java-archive CVE-2022-32532 Critical > shiro-lang 1.9.0 > java-archive CVE-2022-32532 Critical > spring-core 5.3.20 > java-archive CVE-2016-127 Critical > jetty-http 9.4.46.v20220331 > java-archive CVE-2022-2048 High > jetty-io 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (GEODE-10415) CVEs detected in latest geode
Shruti created GEODE-10415: -- Summary: CVEs detected in latest geode Key: GEODE-10415 URL: https://issues.apache.org/jira/browse/GEODE-10415 Project: Geode Issue Type: Bug Affects Versions: 1.15.0 Reporter: Shruti We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated {{NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical shiro-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical shiro-event 1.9.0 java-archive CVE-2022-32532 Critical shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical spring-core 5.3.20 java-archive CVE-2016-127 Critical jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High}} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shruti updated GEODE-10415: --- Description: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated {{ }} {}NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY{}}} {{jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical}} {{shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical}} {{shiro-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-event 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical}} {{spring-core 5.3.20 java-archive CVE-2016-127 Critical}} {{jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{{}jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High{} was: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 {{The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated}} {{ }} NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY}} {{jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical}} {{shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical}} {{shiro-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-core 1.9.0
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shruti updated GEODE-10415: --- Description: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 {{The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated}} {{ }} NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY}} {{jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical}} {{shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical}} {{shiro-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-event 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical}} {{spring-core 5.3.20 java-archive CVE-2016-127 Critical}} {{jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High was: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated {{NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical shiro-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-hash
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shruti updated GEODE-10415: --- Priority: Blocker (was: Major) > CVEs detected in latest geode > - > > Key: GEODE-10415 > URL: https://issues.apache.org/jira/browse/GEODE-10415 > Project: Geode > Issue Type: Bug >Affects Versions: 1.15.0 >Reporter: Shruti >Priority: Blocker > Labels: needsTriage > > We are detecting the following CVEs with geode > 💥 High or critical vulnerabilities: 21 > The spring-core is likely Not Affected. But we would like to know about the > rest of these listed CVEs. Any info is appreciated > {{ }} > {}NAME INSTALLED FIXED-IN > TYPE VULNERABILITY SEVERITY{}}} > {{jetty-security 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-server 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-servlet 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-util 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-util-ajax 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-webapp 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-xml 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jgroups 3.6.14.Final 4.0.0 > java-archive GHSA-rc7h-x6cq-988q Critical}} > {{shiro-cache 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-config-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-config-ogdl 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-core 1.9.0 1.9.1 > java-archive GHSA-4cf5-xmhp-3xj7 Critical}} > {{shiro-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-cipher 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-hash 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-event 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-lang 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{spring-core 5.3.20 > java-archive CVE-2016-127 Critical}} > {{jetty-http 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{{}jetty-io 9.4.46.v20220331 > java-archive CVE-2022-2048 High{} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shruti updated GEODE-10415: --- Description: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated {{ }} {{NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY}} {{jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical}} {{shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical}} {{shiro-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-event 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical}} {{spring-core 5.3.20 java-archive CVE-2016-127 Critical}} {{jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High}} was: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated {{ }} {}NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY{}}} {{jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical}} {{shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical}} {{shiro-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-core 1.9.0 j
[jira] [Assigned] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kirk Lund reassigned GEODE-10415: - Assignee: Kirk Lund > CVEs detected in latest geode > - > > Key: GEODE-10415 > URL: https://issues.apache.org/jira/browse/GEODE-10415 > Project: Geode > Issue Type: Bug >Affects Versions: 1.15.0 >Reporter: Shruti >Assignee: Kirk Lund >Priority: Blocker > Labels: needsTriage > > We are detecting the following CVEs with geode > 💥 High or critical vulnerabilities: 21 > The spring-core is likely Not Affected. But we would like to know about the > rest of these listed CVEs. Any info is appreciated > {{ }} > {{NAME INSTALLED FIXED-IN TYPE > VULNERABILITY SEVERITY}} > {{jetty-security 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-server 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-servlet 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-util 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-util-ajax 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-webapp 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-xml 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jgroups 3.6.14.Final 4.0.0 > java-archive GHSA-rc7h-x6cq-988q Critical}} > {{shiro-cache 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-config-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-config-ogdl 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-core 1.9.0 1.9.1 > java-archive GHSA-4cf5-xmhp-3xj7 Critical}} > {{shiro-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-cipher 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-hash 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-event 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-lang 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{spring-core 5.3.20 > java-archive CVE-2016-127 Critical}} > {{jetty-http 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-io 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} -- This message was sent by Atlassian Jira (v8.20.10#820010)