[jira] [Commented] (IGNITE-6628) Make possible to rebuild all SQL indexes programmatically with enabled persistence.
[ https://issues.apache.org/jira/browse/IGNITE-6628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543003#comment-17543003 ] Maxim Muzafarov commented on IGNITE-6628: - [~ascherbakov] Hello, It seems the issue described here already resolved, right? IGNITE-14321 Can we close this one? > Make possible to rebuild all SQL indexes programmatically with enabled > persistence. > --- > > Key: IGNITE-6628 > URL: https://issues.apache.org/jira/browse/IGNITE-6628 > Project: Ignite > Issue Type: Improvement >Affects Versions: 2.0 >Reporter: Alexey Scherbakov >Priority: Major > > We have unofficial way for rebuilding indexes, which is called on activation > if index.bin is removed from PDS directory. > Code is located here [1] > I think it's ok to make it public for several cases: model is changed, index > is damaged, etc... > Also current impl has a bug: CacheEntry in [2] is not touched, polluting heap > and leading to OOM. > [1] > org.apache.ignite.internal.processors.cache.persistence.GridCacheDatabaseSharedManager#beforeExchange > [2] > org.apache.ignite.internal.processors.query.h2.IgniteH2Indexing#rebuildIndexesFromHash -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin resolved IGNITE-15241.
---
Resolution: Won't Fix
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary real impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> support the {{CREATE ALIAS}} statement
> * [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
> This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
> version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
> up to 2.0.202.
> * [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
> This vulnerability is not applicable to H2 in Ignite since Ignite runs H2
> in embedded mode. H2 cannot be externally exposed in embedded mode. The
> vulnerability could be exploited on the local machine where Ignite is
> running. However, this limits the severity a lot.
> * [CVE-2021-42392|https://www.cvedetails.com/cve/CVE-2021-42392/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> use and does not expose the {{org.h2.util.JdbcUtils.getConnection}} method.
>
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, our security policies are very formal and require somehow
> addressing the security vulnerabilities anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Description:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{{}ignite-indexing{}}}) depends on H2 database
version 1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary real impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
* [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
This vulnerability is not applicable to H2 in Ignite since Ignite runs H2 in
embedded mode. H2 cannot be externally exposed in embedded mode. The
vulnerability could be exploited on the local machine where Ignite is running.
However, this limits the severity a lot.
* [CVE-2021-42392|https://www.cvedetails.com/cve/CVE-2021-42392/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not use
and does not expose the {{org.h2.util.JdbcUtils.getConnection}} method.
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
was:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary real impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
* [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
This vulnerability is not applicable to H2 in Ignite since Ignite runs H2 in
embedded mode. H2 cannot be externally exposed in embedded mode. The
vulnerability could be exploited on the local machine where Ignite is running.
However, this limits the severity a lot.
* [CVE-2021-42392|https://www.cvedetails.com/cve/CVE-2021-42392/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
use and does not expose the {{org.h2.util.JdbcUtils.getConnection}} method.
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{{}ignite-indexing{}}}) depends on H2 database
> version 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvede
[jira] [Closed] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin closed IGNITE-15241.
-
Ignite Flags: (was: Docs Required,Release Notes Required)
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary real impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> support the {{CREATE ALIAS}} statement
> * [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
> This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
> version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
> up to 2.0.202.
> * [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
> This vulnerability is not applicable to H2 in Ignite since Ignite runs H2
> in embedded mode. H2 cannot be externally exposed in embedded mode. The
> vulnerability could be exploited on the local machine where Ignite is
> running. However, this limits the severity a lot.
> * [CVE-2021-42392|https://www.cvedetails.com/cve/CVE-2021-42392/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> use and does not expose the {{org.h2.util.JdbcUtils.getConnection}} method.
>
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, our security policies are very formal and require somehow
> addressing the security vulnerabilities anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542992#comment-17542992
]
Alexey Kukushkin commented on IGNITE-15241:
---
The [H2's PR 2227|https://github.com/h2database/h2database/pull/2227] really
makes it impossible to upgrade to a newer H2 version where all the
vulnerabilities are addressed.
I see the following options to address the problem:
# None of the vulnerabilities is really applicable to H2 in Apache Ignite due
to specifics of how Ignite uses H2. See the impact analysis in the description
of this JIRA.
This can be used as a justification for appropriate team (DevOps, security) in
the organization to add the H2 modules used by Ignite to the list of exceptions
of the security vulnerabilities scanner.
# H2 module shading: rename the H2 module group or name and replace the
default H2 with the new one. This could be done manually or using the [Apache
Maven Shade Plugin|https://maven.apache.org/plugins/maven-shade-plugin/]. There
is not guarantee that specific security vulnerabilities scanner will not detect
such a trick but most likely it will not and the scan would be clean.
# [Calcite-based SQL
Engine|https://ignite.apache.org/docs/latest/SQL/sql-calcite] was added in
Ignite 2.13. This is an alternative to H2 and H2 could be excluded if the
Calcite-based engine is configured. The Calcite engine is in beta in release
2.13 and the community wants to announce it as production ready in release 2.14
or 2.15. However, there is no guarantee about that and the release dates are
not known at the moment of writing this comment.
However, some application development teams may consider trying the Calcite
engine and it may prove to be stable enough for them, allowing to get rid of
the H2 dependency.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary real impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> support the {{CREATE ALIAS}} statement
> * [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
> This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
> version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
> up to 2.0.202.
> * [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
> This vulnerability is not applicable to H2 in Ignite since Ignite runs H2
> in embedded mode. H2 cannot be externally exposed in embedded mode. The
> vulnerability could be exploited on the local machine where Ignite is
> running. However, this limits the severity a lot.
> * [CVE-2021-42392|https://www.cvedetails.com/cve/CVE-2021-42392/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> use and does not expose the {{org.h2.util.JdbcUtils.getConnection}} method.
>
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, our security policies are very formal and require somehow
> addressing the security vulnerabilities anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Description:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary real impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
* [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
This vulnerability is not applicable to H2 in Ignite since Ignite runs H2 in
embedded mode. H2 cannot be externally exposed in embedded mode. The
vulnerability could be exploited on the local machine where Ignite is running.
However, this limits the severity a lot.
* [CVE-2021-42392|https://www.cvedetails.com/cve/CVE-2021-42392/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
use and does not expose the {{org.h2.util.JdbcUtils.getConnection}} method.
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
was:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary real impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
* [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary real impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cv
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Description:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary real impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
* [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
was:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary *real* impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
*
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary real impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> support the {{CREATE ALIAS}} statement
> * [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
> This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
> version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
> up to 2.0.202.
> * [CVE-2022-23221|https://www.cvedetails.com/cve/CVE-2022-23221/]
>
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, ou
[jira] [Updated] (IGNITE-17002) Indexes rebuild in Maintenance Mode
[ https://issues.apache.org/jira/browse/IGNITE-17002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Semyon Danilov updated IGNITE-17002: Release Note: Added control.sh command that schedules index rebuild via the maintenance mode > Indexes rebuild in Maintenance Mode > --- > > Key: IGNITE-17002 > URL: https://issues.apache.org/jira/browse/IGNITE-17002 > Project: Ignite > Issue Type: Improvement > Components: control.sh, persistence >Reporter: Sergey Chugunov >Assignee: Semyon Danilov >Priority: Major > Fix For: 2.14 > > Time Spent: 10m > Remaining Estimate: 0h > > Now Ignite supports entering Maintenance Mode after index corruption > automatically - this was implemented in linked issue. > But there are use-cases when user needs to request rebuilding specific > indexes in MM, so we need to provide a control.sh API to make these requests. > Also for better integration with monitoring tools it is nice to provide an > API to check status of rebuilding task and print message to logs when each > task is finished and all tasks are finished. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (IGNITE-17002) Indexes rebuild in Maintenance Mode
[ https://issues.apache.org/jira/browse/IGNITE-17002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Semyon Danilov updated IGNITE-17002: Reviewer: Kirill Tkalenko > Indexes rebuild in Maintenance Mode > --- > > Key: IGNITE-17002 > URL: https://issues.apache.org/jira/browse/IGNITE-17002 > Project: Ignite > Issue Type: Improvement > Components: control.sh, persistence >Reporter: Sergey Chugunov >Assignee: Semyon Danilov >Priority: Major > Fix For: 2.14 > > Time Spent: 10m > Remaining Estimate: 0h > > Now Ignite supports entering Maintenance Mode after index corruption > automatically - this was implemented in linked issue. > But there are use-cases when user needs to request rebuilding specific > indexes in MM, so we need to provide a control.sh API to make these requests. > Also for better integration with monitoring tools it is nice to provide an > API to check status of rebuilding task and print message to logs when each > task is finished and all tasks are finished. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Assigned] (IGNITE-16962) SQL API: Implement query metadata.
[ https://issues.apache.org/jira/browse/IGNITE-16962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Mashenkov reassigned IGNITE-16962: - Assignee: Andrey Mashenkov > SQL API: Implement query metadata. > -- > > Key: IGNITE-16962 > URL: https://issues.apache.org/jira/browse/IGNITE-16962 > Project: Ignite > Issue Type: Improvement > Components: sql >Reporter: Andrey Mashenkov >Assignee: Andrey Mashenkov >Priority: Major > Labels: ignite-3 > Fix For: 3.0.0-alpha5 > > > Implement query result metadata. > Add public classes for SQL types (if needed) and map them to Calcite types. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (IGNITE-17046) Move H2RowComparator logic to the core module
Aleksey Plekhanov created IGNITE-17046:
--
Summary: Move H2RowComparator logic to the core module
Key: IGNITE-17046
URL: https://issues.apache.org/jira/browse/IGNITE-17046
Project: Ignite
Issue Type: Improvement
Reporter: Aleksey Plekhanov
Assignee: Aleksey Plekhanov
{{H2RowComparator}} depends on H2 classes and can't be used without
ignite-indexing module. We should move the logic from this comparator to the
core module providing backward compatibility, to be able to use indexes without
H2.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (IGNITE-17002) Indexes rebuild in Maintenance Mode
[
https://issues.apache.org/jira/browse/IGNITE-17002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542909#comment-17542909
]
Ignite TC Bot commented on IGNITE-17002:
{panel:title=Branch: [pull/10042/head] Base: [master] : No blockers
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
{panel:title=Branch: [pull/10042/head] Base: [master] : New Tests
(9)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}
{color:#8b}PDS (Indexing){color} [[tests
1|https://ci.ignite.apache.org/viewLog.html?buildId=6591334]]
* {color:#013220}IgnitePdsWithIndexingTestSuite:
MaintenanceRebuildIndexUtilsSelfTest.testConstructFromMap - PASSED{color}
{color:#8b}Control Utility{color} [[tests
8|https://ci.ignite.apache.org/viewLog.html?buildId=6591342]]
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testCorruptedIndexRebuildCacheWithGroupOnAllNodes
- PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testErrors - PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testConsecutiveCommandInvocations -
PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testCorruptedIndexRebuildCacheWithGroup -
PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testCorruptedIndexRebuildCache -
PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testCorruptedIndexRebuildCacheOnAllNodes -
PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
GridCommandHandlerIndexRebuildTest.testRebuild - PASSED{color}
* {color:#013220}IgniteControlUtilityTestSuite:
CommandHandlerParsingTest.testIndexRebuildWrongArgs - PASSED{color}
{panel}
[TeamCity *--> Run :: All*
Results|https://ci.ignite.apache.org/viewLog.html?buildId=6590633&buildTypeId=IgniteTests24Java8_RunAll]
> Indexes rebuild in Maintenance Mode
> ---
>
> Key: IGNITE-17002
> URL: https://issues.apache.org/jira/browse/IGNITE-17002
> Project: Ignite
> Issue Type: Improvement
> Components: control.sh, persistence
>Reporter: Sergey Chugunov
>Assignee: Semyon Danilov
>Priority: Major
> Fix For: 2.14
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Now Ignite supports entering Maintenance Mode after index corruption
> automatically - this was implemented in linked issue.
> But there are use-cases when user needs to request rebuilding specific
> indexes in MM, so we need to provide a control.sh API to make these requests.
> Also for better integration with monitoring tools it is nice to provide an
> API to check status of rebuilding task and print message to logs when each
> task is finished and all tasks are finished.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (IGNITE-17045) SQL Cache Replicated - Select doesn't work
[
https://issues.apache.org/jira/browse/IGNITE-17045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Angelo Pingo updated IGNITE-17045:
--
Description:
I upgraded the Apache Ignite version from 2.12.0 to 2.13.0 and all my SQL
Caches configured as Replicated mode does not work correctly (2.12.0 works
fine). The table is created successfully and the inserts are done without any
problem, but I can't select the inserted rows.
Queries to reproduce the issue:
CREATE TABLE test_table (
field1 varchar,
field2 BOOLEAN,
PRIMARY KEY (field1)
) WITH "template=Replicated";
INSERT INTO test_table (field1, field2) VALUES
('field-value-1', true),
('field-value-2', true, ),
('field-value-3', false);
SELECT * FROM test_table;
was:
I upgraded the Apache Ignite from 2.12.0 to 2.13.0 and all my SQL Caches
configured as Replicated mode does not work correctly. The table is created
successfully and the inserts are done without any problem, but I can't select
the inserted rows.
Queries to reproduce the issue:
CREATE TABLE test_table (
field1 varchar,
field2 BOOLEAN,
PRIMARY KEY (field1)
) WITH "template=Replicated";
INSERT INTO test_table (field1, field2) VALUES
('field-value-1', true),
('field-value-2', true, ),
('field-value-3', false);
SELECT * FROM test_table;
> SQL Cache Replicated - Select doesn't work
> --
>
> Key: IGNITE-17045
> URL: https://issues.apache.org/jira/browse/IGNITE-17045
> Project: Ignite
> Issue Type: Bug
> Components: cache, sql
>Affects Versions: 2.13
> Environment: Official Helm for Kubernetes.
> Apache Ignite version 2.13.0.
> node-configuration.xml attached.
>Reporter: Angelo Pingo
>Priority: Blocker
> Attachments: ignite-issue-partitioned.PNG,
> ignite-issue-replicated.PNG, node-configuration.xml
>
>
> I upgraded the Apache Ignite version from 2.12.0 to 2.13.0 and all my SQL
> Caches configured as Replicated mode does not work correctly (2.12.0 works
> fine). The table is created successfully and the inserts are done without any
> problem, but I can't select the inserted rows.
> Queries to reproduce the issue:
> CREATE TABLE test_table (
> field1 varchar,
> field2 BOOLEAN,
> PRIMARY KEY (field1)
> ) WITH "template=Replicated";
> INSERT INTO test_table (field1, field2) VALUES
> ('field-value-1', true),
> ('field-value-2', true, ),
> ('field-value-3', false);
> SELECT * FROM test_table;
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (IGNITE-17045) SQL Cache Replicated - Select doesn't work
[
https://issues.apache.org/jira/browse/IGNITE-17045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Angelo Pingo updated IGNITE-17045:
--
Summary: SQL Cache Replicated - Select doesn't work (was: SQL Cache
Replicated )
> SQL Cache Replicated - Select doesn't work
> --
>
> Key: IGNITE-17045
> URL: https://issues.apache.org/jira/browse/IGNITE-17045
> Project: Ignite
> Issue Type: Bug
> Components: cache, sql
>Affects Versions: 2.13
> Environment: Official Helm for Kubernetes.
> Apache Ignite version 2.13.0.
> node-configuration.xml attached.
>Reporter: Angelo Pingo
>Priority: Blocker
> Attachments: ignite-issue-partitioned.PNG,
> ignite-issue-replicated.PNG, node-configuration.xml
>
>
> I upgraded the Apache Ignite from 2.12.0 to 2.13.0 and all my SQL Caches
> configured as Replicated mode does not work correctly. The table is created
> successfully and the inserts are done without any problem, but I can't select
> the inserted rows.
> Queries to reproduce the issue:
> CREATE TABLE test_table (
> field1 varchar,
> field2 BOOLEAN,
> PRIMARY KEY (field1)
> ) WITH "template=Replicated";
> INSERT INTO test_table (field1, field2) VALUES
> ('field-value-1', true),
> ('field-value-2', true, ),
> ('field-value-3', false);
> SELECT * FROM test_table;
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Created] (IGNITE-17045) SQL Cache Replicated
Angelo Pingo created IGNITE-17045:
-
Summary: SQL Cache Replicated
Key: IGNITE-17045
URL: https://issues.apache.org/jira/browse/IGNITE-17045
Project: Ignite
Issue Type: Bug
Components: cache, sql
Affects Versions: 2.13
Environment: Official Helm for Kubernetes.
Apache Ignite version 2.13.0.
node-configuration.xml attached.
Reporter: Angelo Pingo
Attachments: ignite-issue-partitioned.PNG,
ignite-issue-replicated.PNG, node-configuration.xml
I upgraded the Apache Ignite from 2.12.0 to 2.13.0 and all my SQL Caches
configured as Replicated mode does not work correctly. The table is created
successfully and the inserts are done without any problem, but I can't select
the inserted rows.
Queries to reproduce the issue:
CREATE TABLE test_table (
field1 varchar,
field2 BOOLEAN,
PRIMARY KEY (field1)
) WITH "template=Replicated";
INSERT INTO test_table (field1, field2) VALUES
('field-value-1', true),
('field-value-2', true, ),
('field-value-3', false);
SELECT * FROM test_table;
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Description:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary *real* impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
* [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
up to 2.0.202.
*
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
was:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary *real* impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary *real* impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> support the {{CREATE ALIAS}} statement
> * [CVE-2021-23463|https://www.cvedetails.com/cve/CVE-2021-23463/]
> This vulnerability is not applicable to H2 in Ignite since Ignite uses H2
> version 1.4.197 and the vulnerability is applicable to H2 version 1.4.198 and
> up to 2.0.202.
> *
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, our security policies are very formal and require somehow
> addressing the security vulnerabilities anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Description:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2:
!Ignite-H2-Vulnerabilities.png!
We did preliminary *real* impact analysis considering how Ignite uses H2:
* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
store data in H2 and thus there can be no H2 backups in Ignite.
* [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
This vulnerability is not applicable to H2 in Ignite since Ignite does not
support the {{CREATE ALIAS}} statement
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
was:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2 (see !Ignite-H2-Vulnerabilities.png! :
* *Critical* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
*Impact Analysis*; This vulnerability is not applicable to the H2 in Ignite
since Ignite does not store data in H2 and thus there can be no H2 backups in
Ignite.
* d !Ignite-H2-Vulnerabilities.png!
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2:
> !Ignite-H2-Vulnerabilities.png!
> We did preliminary *real* impact analysis considering how Ignite uses H2:
> * [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> store data in H2 and thus there can be no H2 backups in Ignite.
> * [CVE-2018-10054|https://www.cvedetails.com/cve/CVE-2018-10054/]
> This vulnerability is not applicable to H2 in Ignite since Ignite does not
> support the {{CREATE ALIAS}} statement
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, our security policies are very formal and require somehow
> addressing the security vulnerabilities anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Created] (IGNITE-17044) [Native Persistence 3.0] End-to-end test for in-memory PageMemory
Kirill Tkalenko created IGNITE-17044: Summary: [Native Persistence 3.0] End-to-end test for in-memory PageMemory Key: IGNITE-17044 URL: https://issues.apache.org/jira/browse/IGNITE-17044 Project: Ignite Issue Type: Task Reporter: Kirill Tkalenko Assignee: Kirill Tkalenko Fix For: 3.0.0-alpha5 In-memory PageMemory storage was ported and fully integrated into ignite-3, though only unit tests were written covering this piece of functionality. We need to write an end-to-end integration test for PageMemory-based in-memory storage. The test should include: * New storage creation with necessary configuration; * Simple store/retrieve operations showing that storage actually performs its tasks. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Description:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197. Black Duck SCA detects these [security
vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
in H2 (see !Ignite-H2-Vulnerabilities.png! :
* *Critical* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
*Impact Analysis*; This vulnerability is not applicable to the H2 in Ignite
since Ignite does not store data in H2 and thus there can be no H2 backups in
Ignite.
* d !Ignite-H2-Vulnerabilities.png!
We realize all those vulnerabilities are not applicable to H2 in Apache Ignite.
However, our security policies are very formal and require somehow addressing
the security vulnerabilities anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
was:
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197, which has these two [security
vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-17893/product_id-45580/year-2018/H2database-H2.html]
[CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/] is regarded as
a critical vulnerability by our analyzer (Black Duck SCA) and makes it
impossible to use Ignite SQL due to security policies. We realize this
vulnerability is probably not even applicable to the H2 in Ignite since there
is no H2 database or H2 backups in Ignite. Still the security policies are very
formal and do not allow that anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197. Black Duck SCA detects these [security
> vulnerabilities|https://www.cvedetails.com/product/45580/H2database-H2.html?vendor_id=17893]
> in H2 (see !Ignite-H2-Vulnerabilities.png! :
> * *Critical* [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/]
> *Impact Analysis*; This vulnerability is not applicable to the H2 in Ignite
> since Ignite does not store data in H2 and thus there can be no H2 backups in
> Ignite.
> * d !Ignite-H2-Vulnerabilities.png!
> We realize all those vulnerabilities are not applicable to H2 in Apache
> Ignite. However, our security policies are very formal and require somehow
> addressing the security vulnerabilities anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (IGNITE-15241) Ignite H2 Security Vulnerabilities
[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-15241:
--
Attachment: Ignite-H2-Vulnerabilities.png
> Ignite H2 Security Vulnerabilities
> --
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
>Affects Versions: 2.13
>Reporter: Alexey Kukushkin
>Assignee: Alexey Kukushkin
>Priority: Major
> Labels: cggg
> Attachments: Ignite-H2-Vulnerabilities.png
>
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197, which has these two [security
> vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-17893/product_id-45580/year-2018/H2database-H2.html]
> [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/] is regarded
> as a critical vulnerability by our analyzer (Black Duck SCA) and makes it
> impossible to use Ignite SQL due to security policies. We realize this
> vulnerability is probably not even applicable to the H2 in Ignite since there
> is no H2 database or H2 backups in Ignite. Still the security policies are
> very formal and do not allow that anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Assigned] (IGNITE-17043) Performance degradation in Marshaller
[
https://issues.apache.org/jira/browse/IGNITE-17043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Semyon Danilov reassigned IGNITE-17043:
---
Assignee: Semyon Danilov
> Performance degradation in Marshaller
> -
>
> Key: IGNITE-17043
> URL: https://issues.apache.org/jira/browse/IGNITE-17043
> Project: Ignite
> Issue Type: Bug
> Components: cache
>Affects Versions: 2.13, 2.14
>Reporter: Sergey Kosarev
>Assignee: Semyon Danilov
>Priority: Major
>
> There is a problem in ignite-core code in GridHandleTable used inside
> OptimizedMarshaller where the internal buffers grow in size and does not
> shrink back.
> What problematic is in GridHandleTable? This is its reset() method that fills
> arrays in memory. Done once, it's not a big deal. Done a million times for a
> long buffer, it becomes really long and CPU-consuming.
> Here is simple reproducer (omitting imports for brevity):
> Marshalling of the same object at first takes about 50ms, and then after
> degradation more than 100 seconds.
> {code:title=DegradationReproducer.java|borderStyle=solid}
> public class DegradationReproducer extends BinaryMarshallerSelfTest {
> @Test
> public void reproduce() throws Exception {
> List> obj = IntStream.range(0,
> 10).mapToObj(Collections::singletonList).collect(Collectors.toList());
> for (int i = 0; i < 50; i++) {
> Assert.assertThat(measureMarshal(obj), Matchers.lessThan(1000L));
> }
> binaryMarshaller().marshal(
> Collections.singletonList(IntStream.range(0,
> 1000_000).mapToObj(String::valueOf).collect(Collectors.toList()))
> );
> Assert.assertThat(measureMarshal(obj), Matchers.lessThan(1000L));
> }
> private long measureMarshal(List> obj) throws
> IgniteCheckedException {
> info("marshalling started ");
> long millis = System.currentTimeMillis();
> binaryMarshaller().marshal(obj);
> millis = System.currentTimeMillis() - millis;
> info("marshalling finished in " + millis + " ms");
> return millis;
> }
> }
> {code}
> on my machine reslust is:
> {quote}
> .
> [2022-05-26 20:58:27,178][INFO
> ][test-runner-#1%binary.DegradationReproducer%][root] marshalling finished in
> 39 ms
> [2022-05-26 20:58:27,769][INFO
> ][test-runner-#1%binary.DegradationReproducer%][root] marshalling started
> [2022-05-26 21:02:03,588][INFO
> ][test-runner-#1%binary.DegradationReproducer%][root] marshalling finished in
> 215819 ms
> [2022-05-26 21:02:03,593][ERROR][main][root] Test failed
> [test=DegradationReproducer#reproduce[useBinaryArrays = true],
> duration=218641]
> java.lang.AssertionError:
> Expected: a value less than <1000L>
> but: <*215819L*> was greater than <1000L>
> at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20)
> at org.junit.Assert.assertThat(Assert.java:956)
> at org.junit.Assert.assertThat(Assert.java:923)
> at
> org.apache.ignite.internal.binary.DegradationReproducer.reproduce(DegradationReproducer.java:27)
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (IGNITE-16103) Failed to create index for table "table" with some options
[ https://issues.apache.org/jira/browse/IGNITE-16103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542811#comment-17542811 ] Luchnikov Alexander commented on IGNITE-16103: -- [~timonin.maksim] As agreed earlier - assign a ticket to you, for evaluation its implementation as suggested in https://github.com/apache/ignite/pull/9837 based on switch to calcite, defect priority and fix cost. > Failed to create index for table "table" with some options > -- > > Key: IGNITE-16103 > URL: https://issues.apache.org/jira/browse/IGNITE-16103 > Project: Ignite > Issue Type: Bug > Components: sql >Reporter: Maksim Timonin >Assignee: Maksim Timonin >Priority: Minor > Labels: good-first-issue, newbie > Time Spent: 2h 40m > Remaining Estimate: 0h > > 1. How to reproduce - all options CACHE_NAME, VALUE_TYPE, INLINE_SIZE should > be in the queries to reproduce failure: > ``` > create table table(id int PRIMARY KEY, fld1 int, fld2 int) with > "CACHE_NAME=TEST_CACHE_NAME,VALUE_TYPE=TEST_VALUE_TYPE"; > create index idx_0 on table(fld1, fld2) INLINE_SIZE 0; > ``` > Creation of index fails with exception: > Syntax error in SQL statement "CREATE INDEX IDX_0 ON TABLE(FLD1, FLD2) > INLINE_SIZE[*] 0 "; SQL statement: > create index IDX_0 on table(fld1, fld2) INLINE_SIZE 0 [42000-197] > at > > 2. How to fix: need to debug why parameters matters, looks like appearance of > this options triggers some checks that doesn't run while no options > specified. Then this checks should be triggers independently on specified > options or should be removed (depends on). > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Assigned] (IGNITE-16103) Failed to create index for table "table" with some options
[ https://issues.apache.org/jira/browse/IGNITE-16103?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Luchnikov Alexander reassigned IGNITE-16103: Assignee: Maksim Timonin (was: Luchnikov Alexander) > Failed to create index for table "table" with some options > -- > > Key: IGNITE-16103 > URL: https://issues.apache.org/jira/browse/IGNITE-16103 > Project: Ignite > Issue Type: Bug > Components: sql >Reporter: Maksim Timonin >Assignee: Maksim Timonin >Priority: Minor > Labels: good-first-issue, newbie > Time Spent: 2h 40m > Remaining Estimate: 0h > > 1. How to reproduce - all options CACHE_NAME, VALUE_TYPE, INLINE_SIZE should > be in the queries to reproduce failure: > ``` > create table table(id int PRIMARY KEY, fld1 int, fld2 int) with > "CACHE_NAME=TEST_CACHE_NAME,VALUE_TYPE=TEST_VALUE_TYPE"; > create index idx_0 on table(fld1, fld2) INLINE_SIZE 0; > ``` > Creation of index fails with exception: > Syntax error in SQL statement "CREATE INDEX IDX_0 ON TABLE(FLD1, FLD2) > INLINE_SIZE[*] 0 "; SQL statement: > create index IDX_0 on table(fld1, fld2) INLINE_SIZE 0 [42000-197] > at > > 2. How to fix: need to debug why parameters matters, looks like appearance of > this options triggers some checks that doesn't run while no options > specified. Then this checks should be triggers independently on specified > options or should be removed (depends on). > -- This message was sent by Atlassian Jira (v8.20.7#820007)
