[jira] [Comment Edited] (STORM-3553) Upgrade JQuery to 3.4.x
[ https://issues.apache.org/jira/browse/STORM-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16992692#comment-16992692 ] Franco Luong edited comment on STORM-3553 at 12/10/19 5:00 PM: --- [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] * https://snyk.io/vuln/npm:jquery * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358] was (Author: sfdcfranco): [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] * [https://snyk.io/vuln/npm:jquery ] * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358] > Upgrade JQuery to 3.4.x > --- > > Key: STORM-3553 > URL: https://issues.apache.org/jira/browse/STORM-3553 > Project: Apache Storm > Issue Type: Bug > Components: storm-core >Affects Versions: 2.0.0, 1.2.3, 2.1.0 >Reporter: Ahmed Mahfouz >Priority: Major > > JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)] > JQuery 1.11.1 that currently being used is having this security issue: > - Prototype Pollution -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (STORM-3553) Upgrade JQuery to 3.4.x
[ https://issues.apache.org/jira/browse/STORM-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16992692#comment-16992692 ] Franco Luong edited comment on STORM-3553 at 12/10/19 4:17 PM: --- [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] * [https://snyk.io/vuln/npm:jquery ] * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358] was (Author: sfdcfranco): [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] * [https://snyk.io/vuln/npm:jquery] > Upgrade JQuery to 3.4.x > --- > > Key: STORM-3553 > URL: https://issues.apache.org/jira/browse/STORM-3553 > Project: Apache Storm > Issue Type: Bug > Components: storm-core >Affects Versions: 2.0.0, 1.2.3, 2.1.0 >Reporter: Ahmed Mahfouz >Priority: Major > > JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)] > JQuery 1.11.1 that currently being used is having this security issue: > - Prototype Pollution -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (STORM-3553) Upgrade JQuery to 3.4.x
[ https://issues.apache.org/jira/browse/STORM-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16992692#comment-16992692 ] Franco Luong edited comment on STORM-3553 at 12/10/19 4:15 PM: --- [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] * [https://snyk.io/vuln/npm:jquery] was (Author: sfdcfranco): [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] > Upgrade JQuery to 3.4.x > --- > > Key: STORM-3553 > URL: https://issues.apache.org/jira/browse/STORM-3553 > Project: Apache Storm > Issue Type: Bug > Components: storm-core >Affects Versions: 2.0.0, 1.2.3, 2.1.0 >Reporter: Ahmed Mahfouz >Priority: Major > > JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)] > JQuery 1.11.1 that currently being used is having this security issue: > - Prototype Pollution -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (STORM-3553) Upgrade JQuery to 3.4.x
[ https://issues.apache.org/jira/browse/STORM-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16992692#comment-16992692 ] Franco Luong commented on STORM-3553: - [Supporting materials:|https://www.tenable.com/plugins/nessus/124719] * [https://www.tenable.com/plugins/nessus/124719] * [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/] > Upgrade JQuery to 3.4.x > --- > > Key: STORM-3553 > URL: https://issues.apache.org/jira/browse/STORM-3553 > Project: Apache Storm > Issue Type: Bug > Components: storm-core >Affects Versions: 2.0.0, 1.2.3, 2.1.0 >Reporter: Ahmed Mahfouz >Priority: Major > > JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)] > JQuery 1.11.1 that currently being used is having this security issue: > - Prototype Pollution -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (STORM-3553) Upgrade JQuery to 3.4.x
[ https://issues.apache.org/jira/browse/STORM-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ahmed Mahfouz updated STORM-3553: - Description: JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)] JQuery 1.11.1 that currently being used is having this security issue: - Prototype Pollution was: JQuery < 3.4.0 has two security issues ([https://snyk.io/vuln/npm:jquery)] : - Cross-site Scripting (XSS) - Prototype Pollution > Upgrade JQuery to 3.4.x > --- > > Key: STORM-3553 > URL: https://issues.apache.org/jira/browse/STORM-3553 > Project: Apache Storm > Issue Type: Bug > Components: storm-core >Affects Versions: 2.0.0, 1.2.3, 2.1.0 >Reporter: Ahmed Mahfouz >Priority: Major > > JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)] > JQuery 1.11.1 that currently being used is having this security issue: > - Prototype Pollution -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (STORM-3553) Upgrade JQuery to 3.4.x
Ahmed Mahfouz created STORM-3553: Summary: Upgrade JQuery to 3.4.x Key: STORM-3553 URL: https://issues.apache.org/jira/browse/STORM-3553 Project: Apache Storm Issue Type: Bug Components: storm-core Affects Versions: 2.1.0, 1.2.3, 2.0.0 Reporter: Ahmed Mahfouz JQuery < 3.4.0 has two security issues ([https://snyk.io/vuln/npm:jquery)] : - Cross-site Scripting (XSS) - Prototype Pollution -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (STORM-3552) Storm CLI set_log_level no longer updates the log level
[ https://issues.apache.org/jira/browse/STORM-3552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated STORM-3552: -- Labels: pull-request-available (was: ) > Storm CLI set_log_level no longer updates the log level > --- > > Key: STORM-3552 > URL: https://issues.apache.org/jira/browse/STORM-3552 > Project: Apache Storm > Issue Type: Bug > Components: storm-core >Affects Versions: 2.0.0, 2.1.0 >Reporter: Luke Marjoram >Priority: Major > Labels: pull-request-available > > Using the example StatefulWindowingTopology, when trying to update the log > level via command line with the following command a NullPointer is thrown in > the worker log and the log level is not updated. > {code:java} > storm set_log_level -l ROOT=DEBUG:0 test{code} > {code:java} > 2019-12-09 17:16:02.600+0100 o.a.s.s.o.a.c.f.i.CuratorFrameworkImpl > main-EventThread [ERROR] Event listener threw exception > java.lang.NullPointerException: null > at > java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:936) > ~[?:1.8.0_131] > at org.apache.logging.log4j.Level.getLevel(Level.java:261) > ~[log4j-api-2.11.2.jar:2.11.2] > at > org.apache.storm.daemon.worker.LogConfigManager.setLoggerLevel(LogConfigManager.java:145) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.daemon.worker.LogConfigManager.processLogConfigChange(LogConfigManager.java:98) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.daemon.worker.Worker.checkLogConfigChanged(Worker.java:422) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.cluster.StormClusterStateImpl.issueMapCallback(StormClusterStateImpl.java:177) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.cluster.StormClusterStateImpl$1.changed(StormClusterStateImpl.java:122) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.cluster.ZKStateStorage$ZkWatcherCallBack.execute(ZKStateStorage.java:243) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.zookeeper.ClientZookeeper.lambda$mkClientImpl$0(ClientZookeeper.java:314) > ~[storm-client-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.imps.CuratorFrameworkImpl$7.apply(CuratorFrameworkImpl.java:1048) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.imps.CuratorFrameworkImpl$7.apply(CuratorFrameworkImpl.java:1041) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.listen.ListenerContainer$1.run(ListenerContainer.java:100) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.shaded.com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:30) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.listen.ListenerContainer.forEach(ListenerContainer.java:92) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.imps.CuratorFrameworkImpl.processEvent(CuratorFrameworkImpl.java:1040) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.imps.CuratorFrameworkImpl.access$000(CuratorFrameworkImpl.java:66) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.framework.imps.CuratorFrameworkImpl$1.process(CuratorFrameworkImpl.java:126) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.curator.ConnectionState.process(ConnectionState.java:185) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.zookeeper.ClientCnxn$EventThread.processEvent(ClientCnxn.java:533) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT] > at > org.apache.storm.shade.org.apache.zookeeper.ClientCnxn$EventThread.run(ClientCnxn.java:508) > [storm-shaded-deps-2.1.0.jar:2.1.1-SNAPSHOT]{code} > This appears to be a regression from the migration from clojure to java in > STORM-1267 -- This message was sent by Atlassian Jira (v8.3.4#803005)