[jira] [Updated] (GEODE-10339) The server fails to start because the .crf or the .drf file is missing
[
https://issues.apache.org/jira/browse/GEODE-10339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated GEODE-10339:
---
Labels: pull-request-available (was: )
> The server fails to start because the .crf or the .drf file is missing
> --
>
> Key: GEODE-10339
> URL: https://issues.apache.org/jira/browse/GEODE-10339
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Priority: Major
> Labels: pull-request-available
>
> {color:#0e101a}The server fails with following:{color}
> {code:java}
> {"timestamp":"2022-05-16T08:25:35.708Z","severity":"error","message":"Cache
> initialization for GemFireCache[id = 776315735; isClosing = false;
> isShutDownAll = false; created = Mon May 16 08:25:33 UTC 2022; server =
> false; copyOnRead = false; lockLease = 120; lockTimeout = 60] failed because:
> java.lang.IllegalStateException: The following required files could not be
> found: *.crf files with these ids:
> [33].","metadata":{"function":"KVDB"},"version":"1.1.0","service_id":"eric-udr-kvdb-ag","extra_data":{"thread_info":{"thread_name":"main","thread_id":"1"},"e":{"exception":""}}}
> {code}
>
> {color:#0e101a}As a last compaction step, the server deletes the compacted
> .crf file. The deletion is done in the following way:{color}
> # {color:#0e101a}Write delete operation (delete ".crf" file) in the ".if"
> file. {color}
> # {color:#0e101a}Delete .crf file{color}
> {color:#0e101a}The problem with server startup happens in the following
> scenario:{color}
> # {color:#0e101a}The server writes the delete operation (for .crf file) in
> the ".if" file. The write is not immediately flushed to the ".if" file, but
> it goes to the async write buffer.{color}
> # {color:#0e101a}The server deletes the ".crf" file.{color}
> # {color:#0e101a}The forceful restart (of the machine where the server
> resides) happens before the async write buffer is flushed to the ".if" file.
> This scenario leaves the ".if" file not updated, and therefore server startup
> fails later on from the persisted region data.{color}
>
> {color:#0e101a}To avoid the above issue, we can use the existing parameter in
> a geode that forces the server to write synchronously to the ".if"
> file:{color}
> {code:java}
> --J=-Dgemfire.syncMetaDataWrites=true
> {code}
> {color:#0e101a}This parameter is not mentioned anywhere in the documentation.
> So it would be good to add it to the following document:{color}
> {color:#0e101a}[https://geode.apache.org/docs/guide/114/managing/disk_storage/managing_disk_buffer_flushes.html]{color}
>
> {color:#0e101a}Changing this parameter's default value to true would also be
> good. {color}{color:#0e101a}This parameter should not affect performance as
> the ".if" file is not updated frequently.{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (GEODE-10339) The server fails to start because the .crf or the .drf file is missing
[
https://issues.apache.org/jira/browse/GEODE-10339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jakov Varenina reassigned GEODE-10339:
--
Assignee: Jakov Varenina
> The server fails to start because the .crf or the .drf file is missing
> --
>
> Key: GEODE-10339
> URL: https://issues.apache.org/jira/browse/GEODE-10339
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Assignee: Jakov Varenina
>Priority: Major
> Labels: pull-request-available
>
> {color:#0e101a}The server fails with following:{color}
> {code:java}
> {"timestamp":"2022-05-16T08:25:35.708Z","severity":"error","message":"Cache
> initialization for GemFireCache[id = 776315735; isClosing = false;
> isShutDownAll = false; created = Mon May 16 08:25:33 UTC 2022; server =
> false; copyOnRead = false; lockLease = 120; lockTimeout = 60] failed because:
> java.lang.IllegalStateException: The following required files could not be
> found: *.crf files with these ids:
> [33].","metadata":{"function":"KVDB"},"version":"1.1.0","service_id":"eric-udr-kvdb-ag","extra_data":{"thread_info":{"thread_name":"main","thread_id":"1"},"e":{"exception":""}}}
> {code}
>
> {color:#0e101a}As a last compaction step, the server deletes the compacted
> .crf file. The deletion is done in the following way:{color}
> # {color:#0e101a}Write delete operation (delete ".crf" file) in the ".if"
> file. {color}
> # {color:#0e101a}Delete .crf file{color}
> {color:#0e101a}The problem with server startup happens in the following
> scenario:{color}
> # {color:#0e101a}The server writes the delete operation (for .crf file) in
> the ".if" file. The write is not immediately flushed to the ".if" file, but
> it goes to the async write buffer.{color}
> # {color:#0e101a}The server deletes the ".crf" file.{color}
> # {color:#0e101a}The forceful restart (of the machine where the server
> resides) happens before the async write buffer is flushed to the ".if" file.
> This scenario leaves the ".if" file not updated, and therefore server startup
> fails later on from the persisted region data.{color}
>
> {color:#0e101a}To avoid the above issue, we can use the existing parameter in
> a geode that forces the server to write synchronously to the ".if"
> file:{color}
> {code:java}
> --J=-Dgemfire.syncMetaDataWrites=true
> {code}
> {color:#0e101a}This parameter is not mentioned anywhere in the documentation.
> So it would be good to add it to the following document:{color}
> {color:#0e101a}[https://geode.apache.org/docs/guide/114/managing/disk_storage/managing_disk_buffer_flushes.html]{color}
>
> {color:#0e101a}Changing this parameter's default value to true would also be
> good. {color}{color:#0e101a}This parameter should not affect performance as
> the ".if" file is not updated frequently.{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (GEODE-10414) Add putIfAbsent method to region interfaces
Mario Salazar de Torres created GEODE-10414: --- Summary: Add putIfAbsent method to region interfaces Key: GEODE-10414 URL: https://issues.apache.org/jira/browse/GEODE-10414 Project: Geode Issue Type: New Feature Components: native client Reporter: Mario Salazar de Torres *AS A* geode-native contributor *I WANT TO* have putIfAbsent region method implemented *SO THAT* I can atomically put entries only if they don't previously, exist and also, to align it with the Java API. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Murmann updated GEODE-10415:
--
Labels: needsTriage (was: )
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Priority: Major
> Labels: needsTriage
>
> We are detecting the following CVEs with geode
> 💥 High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
>
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY
> jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical
> shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical
> shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical
> spring-core 5.3.20
> java-archive CVE-2016-127 Critical
> jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (GEODE-10415) CVEs detected in latest geode
Shruti created GEODE-10415:
--
Summary: CVEs detected in latest geode
Key: GEODE-10415
URL: https://issues.apache.org/jira/browse/GEODE-10415
Project: Geode
Issue Type: Bug
Affects Versions: 1.15.0
Reporter: Shruti
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY
jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High
jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical
shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical
shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical
shiro-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical
shiro-event 1.9.0
java-archive CVE-2022-32532 Critical
shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical
spring-core 5.3.20
java-archive CVE-2016-127 Critical
jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Description:
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{ }}
{}NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY{}}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-event 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical}}
{{spring-core 5.3.20
java-archive CVE-2016-127 Critical}}
{{jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{{}jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High{}
was:
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
{{The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated}}
{{ }}
NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Description:
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
{{The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated}}
{{ }}
NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-event 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical}}
{{spring-core 5.3.20
java-archive CVE-2016-127 Critical}}
{{jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High
was:
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY
jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High
jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical
shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical
shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical
shiro-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-hash
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Priority: Blocker (was: Major)
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Priority: Blocker
> Labels: needsTriage
>
> We are detecting the following CVEs with geode
> 💥 High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {}NAME INSTALLED FIXED-IN
> TYPE VULNERABILITY SEVERITY{}}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{{}jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High{}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Description:
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{ }}
{{NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-event 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical}}
{{spring-core 5.3.20
java-archive CVE-2016-127 Critical}}
{{jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
was:
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{ }}
{}NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY{}}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
j
[jira] [Assigned] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kirk Lund reassigned GEODE-10415:
-
Assignee: Kirk Lund
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Assignee: Kirk Lund
>Priority: Blocker
> Labels: needsTriage
>
> We are detecting the following CVEs with geode
> 💥 High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
