Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Jaeger to align with opentracing version. #2366

Merged
merged 4 commits into from
Sep 22, 2020
Merged

Upgrade Jaeger to align with opentracing version. #2366

merged 4 commits into from
Sep 22, 2020

Conversation

tomas-langer
Copy link
Member

Signed-off-by: Tomas Langer [email protected]

Fixes #1315

@tomas-langer tomas-langer added bug Something isn't working tracing labels Sep 16, 2020
@tomas-langer tomas-langer self-assigned this Sep 16, 2020
@tomas-langer tomas-langer linked an issue Sep 16, 2020 that may be closed by this pull request
Jaeger opentracing version mismatch #1315
Closed
danielkec
danielkec previously approved these changes Sep 16, 2020
View reviewed changes
@tomas-langer tomas-langer added the dependencies Pull requests that update a dependency file label Sep 16, 2020
barchetta
barchetta reviewed Sep 16, 2020
View reviewed changes
dependencies/pom.xml Outdated Show resolved Hide resolved
danielkec
danielkec previously approved these changes Sep 17, 2020
View reviewed changes
barchetta
barchetta reviewed Sep 17, 2020
View reviewed changes
Copy link
Member

@barchetta barchetta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like 0.35.X pulls in Apache Thrift 0.12.0 which has a CVE (CVE-2019-0205). Can we manage the thrift dependency and force it to version 0.13.0 (has Java client fix for the CVE)? Note we don't have this issue in Helidon 2.X because later versions of Jaeger tracing client upgraded to Thrift 0.13.0.

@tomas-langer
Copy link
Member Author

Added dependency management for Apache Thrift to use a newer version with Jaeger than the default.

@tomas-langer
Comment why we added thrift.
d67a0c5 
Signed-off-by: Tomas Langer <[email protected]>
@tomas-langer tomas-langer merged commit ed8f765 into helidon-io:helidon-1.x Sep 22, 2020
@tomas-langer tomas-langer deleted the jaeger-version branch September 22, 2020 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@barchetta barchetta barchetta approved these changes

@danielkec danielkec danielkec left review comments

Assignees

@tomas-langer tomas-langer

Labels
bug Something isn't working dependencies Pull requests that update a dependency file tracing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Jaeger opentracing version mismatch
3 participants
@tomas-langer @danielkec @barchetta