[Dependency upgrade] Fix jdom2 CVE violation #3509

dreamer-89 · 2022-06-05T03:33:34Z

Signed-off-by: Suraj Singh [email protected]

Description

Fix jdom2 CVE violation

+--- com.github.jengelman.gradle.plugins:shadow:6.0.0
|    +--- org.jdom:jdom2:2.0.6 -> 2.0.6.1
|    +--- org.ow2.asm:asm:8.0.1
|    +--- org.ow2.asm:asm-commons:8.0.1
|    |    +--- org.ow2.asm:asm:8.0.1
|    |    +--- org.ow2.asm:asm-tree:8.0.1
|    |    |    \--- org.ow2.asm:asm:8.0.1
|    |    \--- org.ow2.asm:asm-analysis:8.0.1
|    |         \--- org.ow2.asm:asm-tree:8.0.1 (*)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

opensearch-ci-bot · 2022-06-05T04:04:43Z

✅ Gradle Check success bf1d8637a5435f6674c590145a18c52836c85bc8
Log 5780

Reports 5780

VachaShah · 2022-06-06T18:59:26Z

Is this supposed to be done in other branches as well?

dreamer-89 · 2022-06-06T20:22:58Z

Is this supposed to be done in other branches as well?

These are already fixed on other branches via gradle upgrade to 7.x

Signed-off-by: Suraj Singh <[email protected]>

opensearch-ci-bot · 2022-06-07T18:32:05Z

❌ Gradle Check failure fd8ff33
Log 5827

Reports 5827

dreamer-89 · 2022-06-07T18:34:04Z

REPRODUCE WITH: ./gradlew ':qa:remote-clusters:integTest' --tests "org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks" -Dtests.seed=672399BE890613A5 -Dtests.security.manager=true -Dtests.jvm.argline="-XX:TieredStopAtLevel=1 -XX:ReservedCodeCacheSize=64m" -Dtests.locale=nn-NO -Dtests.timezone=Pacific/Port_Moresby -Druntime.java=11

Suite: Test class org.opensearch.cluster.remote.test.RemoteClustersIT
  1> [2022-06-08T04:14:19,295][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] before test
  1> [2022-06-08T04:14:19,384][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] initializing REST clients against [http://localhost:49203]
  1> [2022-06-08T04:14:21,166][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] Configuring remote cluster [opensearch-2:9300]
  1> [2022-06-08T04:14:21,298][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] Connection info: org.opensearch.client.cluster.RemoteConnectionInfo@688b190
  1> [2022-06-08T04:14:21,505][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] after test
  1> [2022-06-08T04:14:21,681][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] before test
  1> [2022-06-08T04:14:22,193][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] Configuring remote cluster [opensearch-2:9300]
  1> [2022-06-08T04:14:22,292][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] Connection info: org.opensearch.client.cluster.RemoteConnectionInfo@5aef8603
  1> [2022-06-08T04:14:22,441][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] after test
  1> [2022-06-08T04:14:22,591][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] before test
  1> [2022-06-08T04:14:23,047][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] Configuring remote cluster [haproxy:9600]
  1> [2022-06-08T04:14:23,103][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] Connection info: org.opensearch.client.cluster.RemoteConnectionInfo@d33d7fce
  1> [2022-06-08T04:14:23,236][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] after test
  2> REPRODUCE WITH: ./gradlew ':qa:remote-clusters:integTest' --tests "org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks" -Dtests.seed=672399BE890613A5 -Dtests.security.manager=true -Dtests.jvm.argline="-XX:TieredStopAtLevel=1 -XX:ReservedCodeCacheSize=64m" -Dtests.locale=nn-NO -Dtests.timezone=Pacific/Port_Moresby -Druntime.java=11
  2> java.lang.AssertionError
        at __randomizedtesting.SeedInfo.seed([672399BE890613A5:60554C75B28065F8]:0)
        at org.junit.Assert.fail(Assert.java:87)
        at org.junit.Assert.assertTrue(Assert.java:42)
        at org.junit.Assert.assertTrue(Assert.java:53)
        at org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks(RemoteClustersIT.java:125)
  2> NOTE: leaving temporary files on disk at: /var/CITOOL/workflow/OpenSearch_CI/PR_Checks/Gradle_Check/search/qa/remote-clusters/build/testrun/integTest/temp/org.opensearch.cluster.remote.test.RemoteClustersIT_672399BE890613A5-001
  2> NOTE: test params are: codec=Asserting(Lucene87): {}, docValues:{}, maxPointsInLeafNode=1102, maxMBSortInHeap=6.357480129818628, sim=Asserting(RandomSimilarity(queryNorm=false): {}), locale=nn-NO, timezone=Pacific/Port_Moresby
  2> NOTE: Linux 5.13.0-1014-aws amd64/Eclipse Adoptium 11.0.15 (64-bit)/cpus=72,threads=1,free=460940888,total=536870912
  2> NOTE: All tests run in this JVM: [RemoteClustersIT]

dreamer-89 · 2022-06-07T18:34:21Z

This is the second time this issue failed and cause gradle check failure.

dreamer-89 · 2022-06-07T18:34:28Z

start gradle check

opensearch-ci-bot · 2022-06-07T18:55:35Z

❌ Gradle Check failure fd8ff33
Log 5828

Reports 5828

dreamer-89 · 2022-06-07T18:57:48Z

testHAProxyModeConnectionWorks failed again

org.opensearch.cluster.remote.test.RemoteClustersIT > testHAProxyModeConnectionWorks FAILED
    java.lang.AssertionError
        at __randomizedtesting.SeedInfo.seed([D10687E8575775D2:D67052236CD1038F]:0)
        at org.junit.Assert.fail(Assert.java:87)
        at org.junit.Assert.assertTrue(Assert.java:42)
        at org.junit.Assert.assertTrue(Assert.java:53)
        at org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks(RemoteClustersIT.java:125)
REPRODUCE WITH: ./gradlew ':qa:remote-clusters:integTest' --tests "org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks" -Dtests.seed=D10687E8575775D2 -Dtests.security.manager=true -Dtests.jvm.argline="-XX:TieredStopAtLevel=1 -XX:ReservedCodeCacheSize=64m" -Dtests.locale=es-CL -Dtests.timezone=America/Barbados -Druntime.java=11

Suite: Test class org.opensearch.cluster.remote.test.RemoteClustersIT
  1> [2022-06-07T14:46:06,301][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] before test
  1> [2022-06-07T14:46:06,396][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] initializing REST clients against [http://localhost:49180]
  1> [2022-06-07T14:46:08,190][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] Configuring remote cluster [haproxy:9600]
  1> [2022-06-07T14:46:08,907][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] Connection info: org.opensearch.client.cluster.RemoteConnectionInfo@d33d7fce
  1> [2022-06-07T14:46:09,077][INFO ][o.o.c.r.t.RemoteClustersIT] [testHAProxyModeConnectionWorks] after test
  2> REPRODUCE WITH: ./gradlew ':qa:remote-clusters:integTest' --tests "org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks" -Dtests.seed=D10687E8575775D2 -Dtests.security.manager=true -Dtests.jvm.argline="-XX:TieredStopAtLevel=1 -XX:ReservedCodeCacheSize=64m" -Dtests.locale=es-CL -Dtests.timezone=America/Barbados -Druntime.java=11
  2> java.lang.AssertionError
        at __randomizedtesting.SeedInfo.seed([D10687E8575775D2:D67052236CD1038F]:0)
        at org.junit.Assert.fail(Assert.java:87)
        at org.junit.Assert.assertTrue(Assert.java:42)
        at org.junit.Assert.assertTrue(Assert.java:53)
        at org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks(RemoteClustersIT.java:125)
  1> [2022-06-07T14:46:09,267][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] before test
  1> [2022-06-07T14:46:09,704][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] Configuring remote cluster [opensearch-2:9300]
  1> [2022-06-07T14:46:09,811][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] Connection info: org.opensearch.client.cluster.RemoteConnectionInfo@5aef8603
  1> [2022-06-07T14:46:09,938][INFO ][o.o.c.r.t.RemoteClustersIT] [testSniffModeConnectionFails] after test
  1> [2022-06-07T14:46:10,045][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] before test
  1> [2022-06-07T14:46:10,476][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] Configuring remote cluster [opensearch-2:9300]
  1> [2022-06-07T14:46:10,558][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] Connection info: org.opensearch.client.cluster.RemoteConnectionInfo@688b190
  1> [2022-06-07T14:46:10,716][INFO ][o.o.c.r.t.RemoteClustersIT] [testProxyModeConnectionWorks] after test
  2> NOTE: leaving temporary files on disk at: /var/CITOOL/workflow/OpenSearch_CI/PR_Checks/Gradle_Check/search/qa/remote-clusters/build/testrun/integTest/temp/org.opensearch.cluster.remote.test.RemoteClustersIT_D10687E8575775D2-001
  2> NOTE: test params are: codec=Asserting(Lucene87): {}, docValues:{}, maxPointsInLeafNode=1189, maxMBSortInHeap=7.0611117939903165, sim=Asserting(RandomSimilarity(queryNorm=true): {}), locale=es-CL, timezone=America/Barbados
  2> NOTE: Linux 5.13.0-1014-aws amd64/Eclipse Adoptium 11.0.15 (64-bit)/cpus=72,threads=1,free=462885760,total=536870912
  2> NOTE: All tests run in this JVM: [RemoteClustersIT]

Tests with failures:
 - org.opensearch.cluster.remote.test.RemoteClustersIT.testHAProxyModeConnectionWorks

3 tests completed, 1 failed

dreamer-89 · 2022-06-07T18:59:16Z

There is already an issue to track this; #1703

dreamer-89 · 2022-06-07T18:59:24Z

start gradle check

opensearch-ci-bot · 2022-06-07T19:38:06Z

✅ Gradle Check success fd8ff33
Log 5830

Reports 5830

VachaShah approved these changes Jun 6, 2022

View reviewed changes

[Dependency upgrade] Fix jdom2 CVE violation

fd8ff33

Signed-off-by: Suraj Singh <[email protected]>

dreamer-89 force-pushed the upgrade_jdom2 branch from bf1d863 to fd8ff33 Compare June 7, 2022 18:02

VachaShah approved these changes Jun 7, 2022

View reviewed changes

VachaShah merged commit faba9f5 into opensearch-project:1.3 Jun 7, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Dependency upgrade] Fix jdom2 CVE violation #3509

[Dependency upgrade] Fix jdom2 CVE violation #3509

dreamer-89 commented Jun 5, 2022

opensearch-ci-bot commented Jun 5, 2022

VachaShah commented Jun 6, 2022

dreamer-89 commented Jun 6, 2022

opensearch-ci-bot commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

opensearch-ci-bot commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

opensearch-ci-bot commented Jun 7, 2022

[Dependency upgrade] Fix jdom2 CVE violation #3509

[Dependency upgrade] Fix jdom2 CVE violation #3509

Conversation

dreamer-89 commented Jun 5, 2022

Description

opensearch-ci-bot commented Jun 5, 2022

VachaShah commented Jun 6, 2022

dreamer-89 commented Jun 6, 2022

opensearch-ci-bot commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

opensearch-ci-bot commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

dreamer-89 commented Jun 7, 2022

opensearch-ci-bot commented Jun 7, 2022