Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024459020 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [42 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.2% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] remove unused gocron dependency [dubbo-go]
AlexStocks merged PR #2645: URL: https://github.com/apache/dubbo-go/pull/2645 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] k8s mode [dubbo-kubernetes]
sjmshsh opened a new pull request, #233: URL: https://github.com/apache/dubbo-kubernetes/pull/233 ## What is the purpose of the change ## Brief changelog ## Verifying this change ## CheckList - [x] Make sure there is a [GitHub_issue](https://github.com/apache/dubbo-kubernetes/issues) field for the change (usually before you start working on it). Trivial changes like typos do not require a GitHub issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. - [ ] GitHub Actions works fine on your own branch. - [ ] If this contribution is large, please follow the [Software Donation Guide](https://github.com/apache/dubbo/wiki/Software-donation-guide). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] remove unused gocron dependency [dubbo-go]
sonarcloud[bot] commented on PR #2645: URL: https://github.com/apache/dubbo-go/pull/2645#issuecomment-2024391891 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2645) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2645=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2645=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2645=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2645) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] remove unused gocron dependency [dubbo-go]
FoghostCn opened a new pull request, #2645: URL: https://github.com/apache/dubbo-go/pull/2645 remove gocron dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] refactor/dubbo-security grpc dependency replace [dubbo]
sonarcloud[bot] commented on PR #14004: URL: https://github.com/apache/dubbo/pull/14004#issuecomment-2024374312 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo=14004) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [2 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo=14004=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo=14004=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo=14004=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=14004=new_coverage=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=14004=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo=14004) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] refactor/dubbo-security grpc dependency replace [dubbo]
sonarcloud[bot] commented on PR #14004: URL: https://github.com/apache/dubbo/pull/14004#issuecomment-2024374400 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo=14004) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [2 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo=14004=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo=14004=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo=14004=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=14004=new_coverage=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=14004=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo=14004) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
github-advanced-security[bot] commented on code in PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#discussion_r1542288357 ## tls/xds/xds_provider.go: ## @@ -0,0 +1,234 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package xds + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "sync" + + "dubbo.apache.org/dubbo-go/v3/common" + "dubbo.apache.org/dubbo-go/v3/common/constant" + "dubbo.apache.org/dubbo-go/v3/common/extension" + "dubbo.apache.org/dubbo-go/v3/istio" + "dubbo.apache.org/dubbo-go/v3/istio/resources" + tlsprovider "dubbo.apache.org/dubbo-go/v3/tls" + "github.com/dubbogo/gost/log/logger" +) + +var ( + oncesync.Once + tlsProvider *xdsTLSProvider +) + +func init() { + extension.SetTLSProvider(constant.TLSProviderXdsKey, newXdsTLSProvider) +} + +type xdsTLSProvider struct { + pilotAgent istio.XdsAgent +} + +func newXdsTLSProvider() tlsprovider.TLSProvider { + if tlsProvider == nil { + once.Do(func() { + logger.Infof("[xds tls] init pilot agent") + pilotAgent, err := istio.GetPilotAgent(istio.PilotAgentTypeServerWorkload) + if err != nil { + logger.Errorf("[xds tls] init pilot agent err:%", err) + } + tlsProvider = { + pilotAgent: pilotAgent, + } + }) + } + return tlsProvider +} + +func (x *xdsTLSProvider) GetServerWorkLoadTLSConfig(url *common.URL) (*tls.Config, error) { + cfg := { + GetCertificate: x.GetWorkloadCertificate, + ClientAuth: tls.VerifyClientCertIfGiven, // for test only + //ClientAuth: tls.RequireAndVerifyClientCert, // for prod + ClientCAs: x.GetCACertPool(), + VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + err := x.VerifyPeerCertByServer(rawCerts, verifiedChains) + if err != nil { + logger.Errorf("Could not verify client certificate: %v", err) + } + return err + }, + MinVersion: tls.VersionTLS12, + CipherSuites: tlsprovider.PreferredDefaultCipherSuites(), + NextProtos: []string{"h2", "http/1.1"}, + PreferServerCipherSuites: true, + } + + return cfg, nil +} + +func (x *xdsTLSProvider) VerifyPeerCertByServer(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + logger.Infof("[xds tls] server verifiy peer cert") + if len(rawCerts) == 0 { + // Peer doesn't present a certificate. Just skip. Other authn methods may be used. + return nil + } + var peerCert *x509.Certificate + intCertPool := x509.NewCertPool() + for id, rawCert := range rawCerts { + cert, err := x509.ParseCertificate(rawCert) + if err != nil { + return err + } + if id == 0 { + peerCert = cert + } else { + intCertPool.AddCert(cert) + } + } + if len(peerCert.URIs) != 1 { + return fmt.Errorf("peer certificate does not contain 1 URI type SAN, detected %d", len(peerCert.URIs)) + } + spiffe := peerCert.URIs[0].String() + _, err := resources.ParseIdentity(spiffe) + if err != nil { + return err + } + secretCache := x.pilotAgent.GetWorkloadCertificateProvider() + hostInboundListener := x.pilotAgent.GetHostInboundListener() + if hostInboundListener == nil { + return fmt.Errorf("can not get xds inbound listner info") + } + + spiffeMatch := hostInboundListener.TransportSocket.SubjectAltNamesMatch + spiffeValue := hostInboundListener.TransportSocket.SubjectAltNamesValue + ok :=
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024360025 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [42 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.2% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
2456868764 commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024356653 > We already have the target branch `dev-3.3` updated to date @2456868764 i have merged dev-3.3 , please check the PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024355343 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [42 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.2% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024319663 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] refactor/dubbo-security grpc dependency replace [dubbo]
Rawven closed pull request #14004: refactor/dubbo-security grpc dependency replace URL: https://github.com/apache/dubbo/pull/14004 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] client can't get attachments which is set from server [dubbo-go]
YarBor commented on issue #2641: URL: https://github.com/apache/dubbo-go/issues/2641#issuecomment-2024313284 plz assign to me -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] feat: Condition Rule [dubbo-kubernetes]
SDUWYS opened a new pull request, #232: URL: https://github.com/apache/dubbo-kubernetes/pull/232 ![image](https://github.com/apache/dubbo-kubernetes/assets/91682295/fbb61bc6-b28f-45e6-b77f-02f9798e137c) Resolve conficts, this pull request is same as #216 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] feat: Condition Rule [dubbo-kubernetes]
SDUWYS closed pull request #216: feat: Condition Rule URL: https://github.com/apache/dubbo-kubernetes/pull/216 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
chickenlj commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024307702 We already have the target branch `dev-3.3` updated to date @2456868764 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
2456868764 closed pull request #2643: Feat security URL: https://github.com/apache/dubbo-go/pull/2643 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024303494 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] triple request missed http header like scheme, host etc. [dubbo-go]
chickenlj commented on issue #2642: URL: https://github.com/apache/dubbo-go/issues/2642#issuecomment-2024297058 Solution by @2456868764 in https://github.com/apache/dubbo-go/pull/2643 ```go setHTTPSHeaders := func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Set http scheme header r.Header.Set(":x-scheme", "https") r.Header.Set(":x-host", r.Host) r.Header.Set(":x-path", r.RequestURI) r.Header.Set(":x-method", r.Method) certs := r.TLS.PeerCertificates if len(certs) > 0 { peerCert := certs[0] if len(peerCert.URIs) > 0 { spiffeURI := peerCert.URIs[0].String() // Set spiffe scheme header r.Header.Set(":x-spiffe", spiffeURI) } } h.ServeHTTP(w, r) }) } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Merge branch 'main' into dev-3.3 [dubbo-go]
chickenlj merged PR #2644: URL: https://github.com/apache/dubbo-go/pull/2644 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] ReferenceBean is not ready yet, please make sure to call reference interface method after dubbo is started. [dubbo]
escapekyg commented on issue #14003: URL: https://github.com/apache/dubbo/issues/14003#issuecomment-2024290100 > 1. this method will init referenceBean. > > ```java > @Bean > public ManagerService managerService() { > return this.managerService; > } > ``` > > 2. the aspect will intercept the process of init referenceBean and get it > > ```shell > com.company.project.common.advice.LoggingAspect.logAround(LoggingAspect.java:61) > ``` > > 3. dubbo found there is no referenceconfig, so exception coming > > you can change the aspect to modify pointcut or update dubbo version thanks,but why doesn't it always reproduce? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] 在配置 group 情况下,接口/应用同时注册,会导致 consumer 无法读取到 provide 的服务信息,导致启动失败 [dubbo]
stonelion commented on issue #12097: URL: https://github.com/apache/dubbo/issues/12097#issuecomment-2024266776 > @stonelion 请问这个问题有在哪个版本解决吗,我使用3.1.11版本也遇到了这个问题 用这个方法 -Ddubbo.registry.parameters.rootPath 规避,缺点是需要重启所有集群中的服务。 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2024219021 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] Fix Sonar issue s2293 The diamond operator ('<>') should be used [dubbo]
jlerbsc opened a new pull request, #14005: URL: https://github.com/apache/dubbo/pull/14005 We propose the fix to violation s2293 "The diamond operator ('<>') should be used" identified by SonarQube. Java uses angular brackets (< and >) to provide a specific type (the "type argument") to a generic type. For instance, List is a generic type, so a list containing strings can be declared with List. Prior to Java 7, the type argument had to be provided explicitly for every occurrence where generics were used. This often caused redundancy, as the type argument would have to be provided both when a field is declared and initialized. Java 7 introduced the diamond operator (<>) to reduce the code’s verbosity of generics code. The type argument between the angular brackets should be omitted if the compiler can infer it. For instance, instead of having to declare a List's type in both its declaration and its constructor, you can now simplify the constructor declaration with <>, and the compiler will infer the type. This patch has been automatically produced by our java code remediation solution, available free of charge for all open source projects (https://www.indepth.fr/). We believe that this PR can improve the quality of the Guava project code to a certain extent. Your feedback will also be very useful for us to know if our solution produces quality code or if we need to improve the way it works. Thank you for your feedback. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] docs: common errors & supported browsers and frameworks & getting-started (web aspect) [dubbo-js]
CoderSerio commented on PR #388: URL: https://github.com/apache/dubbo-js/pull/388#issuecomment-2023112376 add a new doc, getting-started(web aspect), which refers to lots of example files. partially finish #370 . -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] docs: common errors & supported browsers and frameworks [dubbo-js]
sonarcloud[bot] commented on PR #388: URL: https://github.com/apache/dubbo-js/pull/388#issuecomment-2023102287 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-js=388) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-js=388=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-js=388=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-js=388=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-js=388) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] refactor/dubbo-security grpc dependency replace [dubbo]
Rawven closed pull request #14004: refactor/dubbo-security grpc dependency replace URL: https://github.com/apache/dubbo/pull/14004 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] refactor/dubbo-security grpc dependency replace [dubbo]
Rawven closed pull request #14004: refactor/dubbo-security grpc dependency replace URL: https://github.com/apache/dubbo/pull/14004 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] refactor/dubbo-security grpc dependency replace [dubbo]
Rawven commented on PR #14004: URL: https://github.com/apache/dubbo/pull/14004#issuecomment-2023059649 @chickenlj PTAL -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] refactor/dubbo-security grpc dependency replace [dubbo]
Rawven opened a new pull request, #14004: URL: https://github.com/apache/dubbo/pull/14004 ## What is the purpose of the change Advanced tasks: Replace kernel grpc dependency ## Brief changelog replace dubbo-security module's grpc dependency ## Verifying this change ## Checklist - [x] Make sure there is a [GitHub_issue](https://github.com/apache/dubbo/issues) field for the change (usually before you start working on it). Trivial changes like typos do not require a GitHub issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Check if is necessary to patch to Dubbo 3 if you are work on Dubbo 2.7 - [ ] Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add sample in [dubbo samples](https://github.com/apache/dubbo-samples) project. - [ ] Add some description to [dubbo-website](https://github.com/apache/dubbo-website) project if you are requesting to add a feature. - [ ] GitHub Actions works fine on your own branch. - [ ] If this contribution is large, please follow the [Software Donation Guide](https://github.com/apache/dubbo/wiki/Software-donation-guide). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] For HTTP/1 unary mode, use Content-Length instead of chunk [dubbo]
sonarcloud[bot] commented on PR #13979: URL: https://github.com/apache/dubbo/pull/13979#issuecomment-2023033212 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo=13979) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo=13979=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo=13979=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo=13979=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=13979=new_coverage=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=13979=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo=13979) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] ReferenceBean is not ready yet, please make sure to call reference interface method after dubbo is started. [dubbo]
laywin commented on issue #14003: URL: https://github.com/apache/dubbo/issues/14003#issuecomment-2023026016 1. this method will init referenceBean. ```java @Bean public ManagerService managerService() { return this.managerService; } ``` 2. the aspect will intercept the process of init referenceBean and get it ```bash com.company.project.common.advice.LoggingAspect.logAround(LoggingAspect.java:61) ``` 3. dubbo found there is no referenceconfig, so exception coming you can change the aspect to modify pointcut or update dubbo version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] [Task] Some of the sample guidance conforms to business usage [dubbo]
yuluo-yx commented on issue #13859: URL: https://github.com/apache/dubbo/issues/13859#issuecomment-2022910846 ptal @CrazyHZM https://github.com/apache/dubbo-samples/pull/1115 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2022757452 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2022755888 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] For HTTP/1 unary mode, use Content-Length instead of chunk [dubbo]
sonarcloud[bot] commented on PR #13979: URL: https://github.com/apache/dubbo/pull/13979#issuecomment-2022650356 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo=13979) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo=13979=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo=13979=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo=13979=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=13979=new_coverage=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_dubbo=13979=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo=13979) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] add configcenter README [dubbo-spi-extensions]
codecov-commenter commented on PR #299: URL: https://github.com/apache/dubbo-spi-extensions/pull/299#issuecomment-2022625960 ## [Codecov](https://app.codecov.io/gh/apache/dubbo-spi-extensions/pull/299?dropdown=coverage=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) Report All modified and coverable lines are covered by tests :white_check_mark: > Project coverage is 0.27%. Comparing base [(`9b48975`)](https://app.codecov.io/gh/apache/dubbo-spi-extensions/commit/9b48975e2e8c5d996bc25319fe7c93f0e3582be0?dropdown=coverage=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache) to head [(`44fbd5b`)](https://app.codecov.io/gh/apache/dubbo-spi-extensions/pull/299?dropdown=coverage=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). Additional details and impacted files ```diff @@ Coverage Diff@@ ## master#299 +/- ## Coverage 0.27% 0.27% Complexity6 6 Files 299 299 Lines 13730 13723-7 Branches 17371736-1 Hits 38 38 + Misses13689 13682-7 Partials 3 3 ``` [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gh/apache/dubbo-spi-extensions/pull/299?dropdown=coverage=pr=continue_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). :loudspeaker: Have feedback on the report? [Share it here](https://about.codecov.io/codecov-pr-comment-feedback/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] add configcenter README [dubbo-spi-extensions]
wcy666103 closed pull request #299: add configcenter README URL: https://github.com/apache/dubbo-spi-extensions/pull/299 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] add configcenter README [dubbo-spi-extensions]
wcy666103 opened a new pull request, #299: URL: https://github.com/apache/dubbo-spi-extensions/pull/299 ## What is the purpose of the change X ## Brief changelog X ## Verifying this change X Follow this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [GITHUB_issue](https://github.com/apache/dubbo/issues) field for the change (usually before you start working on it). Trivial changes like typos do not require a GITHUB issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue. - [ ] Format the pull request title like `[Dubbo-XXX] Fix UnknownException when host config not exist #XXX`. Each commit in the pull request should have a meaningful subject line and body. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add sample in [dubbo samples](https://github.com/apache/dubbo-samples) project. - [ ] Run `mvn clean install -DskipTests=false` & `mvn clean test-compile failsafe:integration-test` to make sure unit-test and integration-test pass. - [ ] If this contribution is large, please follow the [Software Donation Guide](https://github.com/apache/dubbo/wiki/Software-donation-guide). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Merge branch 'main' into dev-3.3 [dubbo-go]
sonarcloud[bot] commented on PR #2644: URL: https://github.com/apache/dubbo-go/pull/2644#issuecomment-2022538382 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2644) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2644=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2644=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2644=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2644) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] Merge branch 'main' into dev-3.3 [dubbo-go]
FoghostCn opened a new pull request, #2644: URL: https://github.com/apache/dubbo-go/pull/2644 Merge branch 'main' into dev-3.3 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Feat security [dubbo-go]
sonarcloud[bot] commented on PR #2643: URL: https://github.com/apache/dubbo-go/pull/2643#issuecomment-2022328185 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-go=2643=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-go=2643=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-go=2643) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] ignore .iml file for idea and fix eslint error for single quote and semi [dubbo-js]
sonarcloud[bot] commented on PR #384: URL: https://github.com/apache/dubbo-js/pull/384#issuecomment-208008 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_dubbo-js=384) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=apache_dubbo-js=384=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/component_measures?id=apache_dubbo-js=384=new_accepted_issues=list) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_dubbo-js=384=false=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_dubbo-js=384) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[I] ReferenceBean is not ready yet, please make sure to call reference interface method after dubbo is started. [dubbo]
escapekyg opened a new issue, #14003: URL: https://github.com/apache/dubbo/issues/14003 ### Pre-check - [X] I am sure that all the content I provide is in English. ### Search before asking - [X] I had searched in the [issues](https://github.com/apache/dubbo/issues?q=is%3Aissue) and found no similar issues. ### Apache Dubbo Component Java SDK (apache/dubbo) ### Dubbo Version open jdk 1.8, dubbo 3.0.15 ### Steps to reproduce this issue the dubbo service is initial like this in DubboReferenceConfig ` @DubboReference( consumer = "consumerName", group = "groupName", version = "1.0.0", check = false ) private ProjectManagerService projectManagerService; @Bean public ProjectManagerService projectManagerService() { return this.managerService; } ` it's not always reproduced, and not sure how to reproduce, sometimes it reproduces when we start the spring boot application, it reported the following exception, and the log is printed by a LoggingAspect. I didn't see any init method try to access the dubbo reference, in the exception stack, it's cause by the starting of ProjectServerApplication, which is annotated by @SpringBootApplication 2024-03-26 17:54:47.215|ERROR |61810|main|c.c.p.c.a.LoggingAspect.(:)|Exception in method: com.company.project.config.DubboReferenceConfig$$EnhancerBySpringCGLIB$$fb675f3d.projectService with arguments: [] java.lang.IllegalStateException: ReferenceBean is not ready yet, please make sure to call reference interface method after dubbo is started. at org.apache.dubbo.config.spring.ReferenceBean.getCallProxy(ReferenceBean.java:343) ~[dubbo-3.0.15.jar:3.0.15] at org.apache.dubbo.config.spring.ReferenceBean.access$100(ReferenceBean.java:99) ~[dubbo-3.0.15.jar:3.0.15] at org.apache.dubbo.config.spring.ReferenceBean$DubboReferenceLazyInitTargetSource.createObject(ReferenceBean.java:353) ~[dubbo-3.0.15.jar:3.0.15] at org.springframework.aop.target.AbstractLazyCreationTargetSource.getTarget(AbstractLazyCreationTargetSource.java:89) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:221) ~[spring-aop-5.3.31.jar:5.3.31] at com.sun.proxy.$Proxy189.toString(Unknown Source) ~[?:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_201] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_201] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_201] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_201] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:241) ~[spring-aop-5.3.31.jar:5.3.31] at com.sun.proxy.$Proxy189.toString(Unknown Source) ~[?:?] at com.company.project.common.advice.LoggingAspect.serializeToJson(LoggingAspect.java:84) ~[project-common-0.0.5.jar:?] at com.company.project.common.advice.LoggingAspect.logAround(LoggingAspect.java:61) ~[project-common-0.0.5.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_201] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_201] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_201] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_201] at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) ~[spring-aop-5.3.31.jar:5.3.31] at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) ~[spring-aop-5.3.31.jar:5.3.31] at
[PR] Update/dubbo tri rest jaxrs samples [dubbo-samples]
fanlobu opened a new pull request, #1116: URL: https://github.com/apache/dubbo-samples/pull/1116 Based on the dubbo tri rest, added relevant examples, including part of the http request method, parameter types, request elaboration annotation types, etc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] bump go to 1.20 [dubbo-go-samples]
chickenlj opened a new pull request, #739: URL: https://github.com/apache/dubbo-go-samples/pull/739 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] chore(deps): bump com.google.protobuf:protobuf-java from 3.19.4 to 3.19.6 in /service_discovery/service/java-server [dubbo-go-samples]
dependabot[bot] opened a new pull request, #738: URL: https://github.com/apache/dubbo-go-samples/pull/738 Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.19.4 to 3.19.6. Release notes Sourced from https://github.com/protocolbuffers/protobuf/releases;>com.google.protobuf:protobuf-java's releases. Protocol Buffers v3.19.6 Java Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. Move proto wireformat parsing functionality from the private parsing constructor to the Builder class. Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2;>Security Advisory for Java users Protocol Buffers v3.19.5 C++ Reduce memory consumption of MessageSet parsing This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf;>Security Advisory for C++ and Python users Commits https://github.com/protocolbuffers/protobuf/commit/5cba162a5d93f8df786d828621019e03e50edb4f;>5cba162 Updating version.json and repo version numbers to: 19.6 https://github.com/protocolbuffers/protobuf/commit/b0e8e607dc1ace17c823276d3384eeda775bbd76;>b0e8e60 Refactoring Java parsing (3.19.x) (https://redirect.github.com/protocolbuffers/protobuf/issues/10667;>#10667) https://github.com/protocolbuffers/protobuf/commit/30b9f88f003f327822b3032a844cff1ad23ec487;>30b9f88 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10603;>#10603 from deannagarcia/3.19.x https://github.com/protocolbuffers/protobuf/commit/80dbdd7561b184a8231f4886e630b7221b0b;>80d Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10606;>#10606 from deannagarcia/buildZip19 https://github.com/protocolbuffers/protobuf/commit/0661cc41dc65545938515f7e3944e1b4ea4618e5;>0661cc4 Use local artifacts https://github.com/protocolbuffers/protobuf/commit/184f584b0a1d7c3c22757084c721f503214bbcbf;>184f584 Fix spelling https://github.com/protocolbuffers/protobuf/commit/9e8d5f10977397411dbe9bba9cb0c60c2c427b53;>9e8d5f1 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10574;>#10574 from deannagarcia/3.19.x https://github.com/protocolbuffers/protobuf/commit/8b17db185c09c0929a67f45adab9c1a50f285c1e;>8b17db1 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10578;>#10578 from protocolbuffers/3.19.x-202209141437 https://github.com/protocolbuffers/protobuf/commit/b1135aa41280dba9d61637e643ed97eab218acab;>b1135aa Update version.json to: 19.6-dev https://github.com/protocolbuffers/protobuf/commit/23865cde2f142eb286a079fb048d332aeea7056a;>23865cd Make release script executable Additional commits viewable in https://github.com/protocolbuffers/protobuf/compare/v3.19.4...v3.19.6;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.protobuf:protobuf-java=maven=3.19.4=3.19.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the
[PR] chore(deps-dev): bump junit:junit from 4.13 to 4.13.1 in /service_discovery/service/java-server [dubbo-go-samples]
dependabot[bot] opened a new pull request, #737: URL: https://github.com/apache/dubbo-go-samples/pull/737 Bumps [junit:junit](https://github.com/junit-team/junit4) from 4.13 to 4.13.1. Release notes Sourced from https://github.com/junit-team/junit4/releases;>junit:junit's releases. JUnit 4.13.1 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md;>release notes for details. Changelog Sourced from https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md;>junit:junit's changelog. Summary of changes in version 4.13.1 Rules Security fix: TemporaryFolder now limits access to temporary folders on Java 1.7 or later A local information disclosure vulnerability in TemporaryFolder has been fixed. See the published https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp;>security advisory for details. Test Runners [Pull request https://redirect.github.com/junit-team/junit4/issues/1669;>#1669:](https://redirect.github.com/junit-team/junit/pull/1669;>junit-team/junit#1669) Make FrameworkField constructor public Prior to this change, custom runners could make FrameworkMethod instances, but not FrameworkField instances. This small change allows for both now, because FrameworkField's constructor has been promoted from package-private to public. Commits https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66;>1b683f4 [maven-release-plugin] prepare release r4.13.1 https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2;>ce6ce3a Draft 4.13.1 release notes https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24;>c29dd82 Change version to 4.13.1-SNAPSHOT https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567;>1d17486 Add a link to assertThrows in exception testing https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9;>543905d Use separate line for annotation in Javadoc https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944;>510e906 Add sub headlines to class Javadoc https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae;>610155b Merge pull request from GHSA-269g-pwp5-87pp https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec;>b6cfd1e Explicitly wrap float parameter for consistency (https://redirect.github.com/junit-team/junit4/issues/1671;>#1671) https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646;>a5d205c Fix GitHub link in FAQ (https://redirect.github.com/junit-team/junit4/issues/1672;>#1672) https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8;>3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (https://redirect.github.com/junit-team/junit4/issues/1660;>#1660) Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.13...r4.13.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=junit:junit=maven=4.13=4.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] chore(deps-dev): bump junit:junit from 4.13 to 4.13.1 in /service_discovery/service/java-client [dubbo-go-samples]
dependabot[bot] opened a new pull request, #736: URL: https://github.com/apache/dubbo-go-samples/pull/736 Bumps [junit:junit](https://github.com/junit-team/junit4) from 4.13 to 4.13.1. Release notes Sourced from https://github.com/junit-team/junit4/releases;>junit:junit's releases. JUnit 4.13.1 Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md;>release notes for details. Changelog Sourced from https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md;>junit:junit's changelog. Summary of changes in version 4.13.1 Rules Security fix: TemporaryFolder now limits access to temporary folders on Java 1.7 or later A local information disclosure vulnerability in TemporaryFolder has been fixed. See the published https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp;>security advisory for details. Test Runners [Pull request https://redirect.github.com/junit-team/junit4/issues/1669;>#1669:](https://redirect.github.com/junit-team/junit/pull/1669;>junit-team/junit#1669) Make FrameworkField constructor public Prior to this change, custom runners could make FrameworkMethod instances, but not FrameworkField instances. This small change allows for both now, because FrameworkField's constructor has been promoted from package-private to public. Commits https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66;>1b683f4 [maven-release-plugin] prepare release r4.13.1 https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2;>ce6ce3a Draft 4.13.1 release notes https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24;>c29dd82 Change version to 4.13.1-SNAPSHOT https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567;>1d17486 Add a link to assertThrows in exception testing https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9;>543905d Use separate line for annotation in Javadoc https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944;>510e906 Add sub headlines to class Javadoc https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae;>610155b Merge pull request from GHSA-269g-pwp5-87pp https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec;>b6cfd1e Explicitly wrap float parameter for consistency (https://redirect.github.com/junit-team/junit4/issues/1671;>#1671) https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646;>a5d205c Fix GitHub link in FAQ (https://redirect.github.com/junit-team/junit4/issues/1672;>#1672) https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8;>3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (https://redirect.github.com/junit-team/junit4/issues/1660;>#1660) Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.13...r4.13.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=junit:junit=maven=4.13=4.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot
[PR] chore(deps): bump com.google.protobuf:protobuf-java from 3.19.4 to 3.19.6 in /service_discovery/interface/java-server [dubbo-go-samples]
dependabot[bot] opened a new pull request, #734: URL: https://github.com/apache/dubbo-go-samples/pull/734 Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.19.4 to 3.19.6. Release notes Sourced from https://github.com/protocolbuffers/protobuf/releases;>com.google.protobuf:protobuf-java's releases. Protocol Buffers v3.19.6 Java Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. Move proto wireformat parsing functionality from the private parsing constructor to the Builder class. Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2;>Security Advisory for Java users Protocol Buffers v3.19.5 C++ Reduce memory consumption of MessageSet parsing This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf;>Security Advisory for C++ and Python users Commits https://github.com/protocolbuffers/protobuf/commit/5cba162a5d93f8df786d828621019e03e50edb4f;>5cba162 Updating version.json and repo version numbers to: 19.6 https://github.com/protocolbuffers/protobuf/commit/b0e8e607dc1ace17c823276d3384eeda775bbd76;>b0e8e60 Refactoring Java parsing (3.19.x) (https://redirect.github.com/protocolbuffers/protobuf/issues/10667;>#10667) https://github.com/protocolbuffers/protobuf/commit/30b9f88f003f327822b3032a844cff1ad23ec487;>30b9f88 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10603;>#10603 from deannagarcia/3.19.x https://github.com/protocolbuffers/protobuf/commit/80dbdd7561b184a8231f4886e630b7221b0b;>80d Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10606;>#10606 from deannagarcia/buildZip19 https://github.com/protocolbuffers/protobuf/commit/0661cc41dc65545938515f7e3944e1b4ea4618e5;>0661cc4 Use local artifacts https://github.com/protocolbuffers/protobuf/commit/184f584b0a1d7c3c22757084c721f503214bbcbf;>184f584 Fix spelling https://github.com/protocolbuffers/protobuf/commit/9e8d5f10977397411dbe9bba9cb0c60c2c427b53;>9e8d5f1 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10574;>#10574 from deannagarcia/3.19.x https://github.com/protocolbuffers/protobuf/commit/8b17db185c09c0929a67f45adab9c1a50f285c1e;>8b17db1 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10578;>#10578 from protocolbuffers/3.19.x-202209141437 https://github.com/protocolbuffers/protobuf/commit/b1135aa41280dba9d61637e643ed97eab218acab;>b1135aa Update version.json to: 19.6-dev https://github.com/protocolbuffers/protobuf/commit/23865cde2f142eb286a079fb048d332aeea7056a;>23865cd Make release script executable Additional commits viewable in https://github.com/protocolbuffers/protobuf/compare/v3.19.4...v3.19.6;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.protobuf:protobuf-java=maven=3.19.4=3.19.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the
Re: [PR] [feat]: add new samples java interop - service discovery [dubbo-go-samples]
chickenlj merged PR #727: URL: https://github.com/apache/dubbo-go-samples/pull/727 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
[PR] chore(deps): bump com.google.protobuf:protobuf-java from 3.19.4 to 3.19.6 in /service_discovery/service/java-client [dubbo-go-samples]
dependabot[bot] opened a new pull request, #735: URL: https://github.com/apache/dubbo-go-samples/pull/735 Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.19.4 to 3.19.6. Release notes Sourced from https://github.com/protocolbuffers/protobuf/releases;>com.google.protobuf:protobuf-java's releases. Protocol Buffers v3.19.6 Java Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. Move proto wireformat parsing functionality from the private parsing constructor to the Builder class. Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2;>Security Advisory for Java users Protocol Buffers v3.19.5 C++ Reduce memory consumption of MessageSet parsing This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf;>Security Advisory for C++ and Python users Commits https://github.com/protocolbuffers/protobuf/commit/5cba162a5d93f8df786d828621019e03e50edb4f;>5cba162 Updating version.json and repo version numbers to: 19.6 https://github.com/protocolbuffers/protobuf/commit/b0e8e607dc1ace17c823276d3384eeda775bbd76;>b0e8e60 Refactoring Java parsing (3.19.x) (https://redirect.github.com/protocolbuffers/protobuf/issues/10667;>#10667) https://github.com/protocolbuffers/protobuf/commit/30b9f88f003f327822b3032a844cff1ad23ec487;>30b9f88 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10603;>#10603 from deannagarcia/3.19.x https://github.com/protocolbuffers/protobuf/commit/80dbdd7561b184a8231f4886e630b7221b0b;>80d Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10606;>#10606 from deannagarcia/buildZip19 https://github.com/protocolbuffers/protobuf/commit/0661cc41dc65545938515f7e3944e1b4ea4618e5;>0661cc4 Use local artifacts https://github.com/protocolbuffers/protobuf/commit/184f584b0a1d7c3c22757084c721f503214bbcbf;>184f584 Fix spelling https://github.com/protocolbuffers/protobuf/commit/9e8d5f10977397411dbe9bba9cb0c60c2c427b53;>9e8d5f1 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10574;>#10574 from deannagarcia/3.19.x https://github.com/protocolbuffers/protobuf/commit/8b17db185c09c0929a67f45adab9c1a50f285c1e;>8b17db1 Merge pull request https://redirect.github.com/protocolbuffers/protobuf/issues/10578;>#10578 from protocolbuffers/3.19.x-202209141437 https://github.com/protocolbuffers/protobuf/commit/b1135aa41280dba9d61637e643ed97eab218acab;>b1135aa Update version.json to: 19.6-dev https://github.com/protocolbuffers/protobuf/commit/23865cde2f142eb286a079fb048d332aeea7056a;>23865cd Make release script executable Additional commits viewable in https://github.com/protocolbuffers/protobuf/compare/v3.19.4...v3.19.6;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.protobuf:protobuf-java=maven=3.19.4=3.19.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the
[PR] xDS security init commit [dubbo]
namele opened a new pull request, #14002: URL: https://github.com/apache/dubbo/pull/14002 ## What is the purpose of the change This is a draft commit of xDS security support. Mainly including: * Role based Authorization framework * mTLS support in istio mesh ## Brief changelog ## Verifying this change ## Checklist - [x] Make sure there is a [GitHub_issue](https://github.com/apache/dubbo/issues) field for the change (usually before you start working on it). Trivial changes like typos do not require a GitHub issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Check if is necessary to patch to Dubbo 3 if you are work on Dubbo 2.7 - [ ] Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add sample in [dubbo samples](https://github.com/apache/dubbo-samples) project. - [ ] Add some description to [dubbo-website](https://github.com/apache/dubbo-website) project if you are requesting to add a feature. - [ ] GitHub Actions works fine on your own branch. - [ ] If this contribution is large, please follow the [Software Donation Guide](https://github.com/apache/dubbo/wiki/Software-donation-guide). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [I] If --add-opens=java.base/java.net=ALL-UNNAMED added to native-maven-plugin's buildArgs, Exception will be found in Dubbo ExtensionLoader [dubbo]
imgoby commented on issue #13802: URL: https://github.com/apache/dubbo/issues/13802#issuecomment-2022065148 @CrazyHZM Hello,This issue exists indeed. I am sure it is dubbo 's bug.If I remove org.apache.dubbo.common.utils.ClassLoaderResourceLoader code between line 86 to line 89,anything will be well. ![image](https://github.com/apache/dubbo/assets/27885492/4fdc1e5d-323e-42fb-8718-80a4be7a4f7b) demo for reproducing it is here : (1) pom.xml https://github.com/imgoby/spring-cloud-alibaba-dubbo-native/blob/main/pom.xml (2)sub project: https://github.com/imgoby/spring-cloud-alibaba-dubbo-native/tree/main/dubbo-samples-native-image-registry-provider first step: start zookeeper,second step: build native image dubbo-samples-native-image-registry-provider,third step: start up. the failure message will be saw. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Bump apache parent to 31, jdk to 17 and springboot to 3.2.3 [dubbo-samples]
walklown commented on code in PR #1110: URL: https://github.com/apache/dubbo-samples/pull/1110#discussion_r1540516941 ## 1-basic/dubbo-samples-spring-boot-idl/pom.xml: ## @@ -53,6 +53,13 @@ + +org.apache +apache +31 +pom +import + Review Comment: I think I've said it more clearly, and I have no idea why I didn't get a follow-up reply. Then I decided to give up this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
Re: [PR] Bump apache parent to 31, jdk to 17 and springboot to 3.2.3 [dubbo-samples]
walklown closed pull request #1110: Bump apache parent to 31, jdk to 17 and springboot to 3.2.3 URL: https://github.com/apache/dubbo-samples/pull/1110 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org