| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More context here
https://issues.apache.org/jira/browse/ZOOKEEPER-4382
Author: Enrico Olivelli <eolivelli@apache.org>
Reviewers: Damien Diederen <ddiederen@apache.org>
Closes #1760 from eolivelli/fix/update-maven-bundle-plugin
(cherry picked from commit 156e682e3d4bb27338418602c1c3c530da6ff7bd)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our default build system is maven on branch-3.5. However, ant is still
supported (and in some cases, like zkpython, one can not even build on
branch-3.5 unless we built zookeeper-server with ant before).
Currently if one builds ZooKeeper with ant, she/he will end up having
different dependency versions compared to maven (including log4j instead
of reload4j).
After this patch, if one executs the following commands:
```
git clean -xdf
ant clean compile compile-native
cd zookeeper-contrib/zookeeper-contrib-zkpython/
ant compile
ant test
```
then:
- zkpython built / tested successfully
- the zookeeper server related 3pp libs in build/libs folder
are up-to-date and should not contain CVEs
- reload4j jar file is present in build/libs/ instead of log4j
Author: Mate Szalay-Beko <symat@apache.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1879 from symat/ZOOKEEPER-4544
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
due to CVE problems, I updated:
- netty
- jetty
- jackson
I also renamed (or added missing) license files and updated notice files.
Author: Mate Szalay-Beko <symat@apache.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1878 from symat/ZOOKEEPER-4543
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moved channel object null check to sendPkt method to cover all calling scenarios
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Mate Szalay-Beko <symat@apache.org>
Closes #1854 from arshadmohammad/ZOOKEEPER-4514-npe
(cherry picked from commit d5876e88d6bab3cc1cee04f996b9804ff21581cb)
Signed-off-by: Mohammad Arshad <arshad@apache.org>
(cherry picked from commit cb79fb97a8972250190cf9f4fc1937e137cadd53)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
version client requests the high version server
- When low version client accessed the high version server which has some new added error code, the client will get a NPE:
```
java.lang.NullPointerException
at org.apache.zookeeper.KeeperException.create(KeeperException.java:94)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:1538)
```
- How to reproduce this issue?For example:
```
the client version we using is 3.6.0, and server version we using is 3.7.0 which has a new added error code QUOTAEXCEEDED(-125),
we set quota at server side and use the client to create znodes which exceeds the quota,
the client will get a NPE
```
- Apply this patch, we will get the following:
```
java.lang.IllegalArgumentException: The current client version cannot lookup this code:-125
at org.apache.zookeeper.KeeperException$Code.get(KeeperException.java:449)
at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:1347)
```
- we should backport this PR to all branches, making the client has upward compatibility
- more details in the [ZOOKEEPER-4377](https://issues.apache.org/jira/browse/ZOOKEEPER-4377)
Author: maoling <maoling@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, ruanwenjun <wenjun@apache.org>
Closes #1764 from maoling/ZOOKEEPER-4377
(cherry picked from commit 9f355f5a57f35d3760f8e669696622135c457938)
Signed-off-by: maoling <maoling@apache.org>
(cherry picked from commit 86c12634d22bbfee8cf9f5434c49eebe3ffa84c0)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Configure to use FENCED_CODE_BLOCKS.
* Note: TABLES is the default setting. See https://github.com/walokra/markdown-page-generator-plugin for details on default `pegdownExtensions` setting
Author: Nihal Jain <nihaljain.cs@gmail.com>
Reviewers: maoling <maoling@apache.org>, Damien Diederen <ddiederen@apache.org>
Closes #1741 from NihalJain/ZOOKEEPER-4356
(cherry picked from commit 2797116b33a505c8b36b396216c26afd7f7ba28c)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Author: Bo <cuibo0108@163.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1736 from cuibo01/zookeeper-4345 and squashes the following commits:
3965f2e8d [Bo] [ZOOKEEPER-4345]Avoid NoSunchMethodException caused by shaded
970972971 [Bo] [ZOOKEEPER-4345]Avoid NoSunchMethodException caused by shaded
(cherry picked from commit f658cdced8a417d7969c4a72b7732ae32db0b266)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moved ReconfigTest in test suites in the last to avoid the ReconfigTest test impacts on other test classes
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1647 from arshadmohammad/ZOOKEEPER-4251-branch-3.6
(cherry picked from commit 8625c363aa23ac0c14447ce6291bea17bda3293f)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test case is expecting node3 to be leader but node2 sometimes becomes leader. This happens because leader election completes between node1 and node2 which is valid.
Changed the expectations when node2 is leader otherwise kept the same expectations
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1665 from arshadmohammad/ZOOKEEPER-4270-branch-3.6
(cherry picked from commit 72facc3b54ddcaedc4693c01fb74474f26f262cb)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using accepted epoch from acceptedEpoch.tmp if it is available
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>,Damien Diederen <dd@crosstwine.com>
Closes #1668 from arshadmohammad/ZOOKEEPER-4269-branch-3.6
(cherry picked from commit 54e563bfe13508fc3707d45e47d37e0c201f19ed)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
functions to base class
Move the following methods to QuorumPeerTestBase.java:
- tearDown()
- LaunchServers()
- waitForOne(), waitForAll()
- logStates()
Author: Andor Molnar <andor@apache.org>
Reviewers: andor@apache.org
Closes #659 from anmolnar/ZOOKEEPER-3161
(cherry picked from commit ee250f141678f79e9517bfc8913956199fad55bb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
…ork is broken
- add unit test to verify the bug
- bypass the SendThread.startConnect() by throw RuntimeExcepth if state.isAlive is false
Author: Fangxi Yin <yinfangxikuaishou.com>
Author: yinfangxi <yinfangxi@kuaishou.com>
Reviewers: Michael Han <hanm@apache.org>, Enrico Olivelli <eolivelli@gmail.com>, maoling
Closes #1235 from yfxhust/ZOOKEEPER-3706
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
secureClientPortAddress instead of clientPortAddress
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Mate Szalay-Beko <symat@apache.org>
Closes #1654 from arshadmohammad/ZOOKEEPER-3887-master
(cherry picked from commit 51be692523b65afc21cfb0edaa4a5e60ab996aa2)
Signed-off-by: Mohammad Arshad <arshad@apache.org>
(cherry picked from commit 4946c582fa002803075bf32d0c2fec638c8f9a45)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bracket same as LocalPeerBean
…quare bracket same as LocalPeerBean
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1493 from arshadmohammad/ZOOKEEPER-3877-master
(cherry picked from commit 425ee189dcf952fd7a2a38df375ec245dcdfbfc6)
Signed-off-by: Mohammad Arshad <arshad@apache.org>
(cherry picked from commit a51b222de42fd0d0591dd8eda39a9045324a11fc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified host and IP parsing logic for IPV6
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1395 from arshadmohammad/ZOOKEEPER-3876
(cherry picked from commit c9f15213663fc9b86809adcbc27a4dbe1232c31a)
Signed-off-by: Enrico Olivelli <eolivelli@apache.org>
(cherry picked from commit f6b7b1b35be13a2bb35f44f58773ba87f5b40b50)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
partial SNAP sync.
Based on https://github.com/apache/zookeeper/pull/1224 ; fixed unit test build issue.
Author: Fangmin Lyu <fangmin@apache.org>
Author: Michael Han <hanm@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Originally developed by Fangmin Lyu <fangmin@apache.org>
Closes #1515 from hanm/ZOOKEEPER-3642
(cherry picked from commit a53cfeb26e1e1b9b6b1e29fe7bd9f0277b8fff9a)
|
|
|
|
|
|
|
|
|
|
| |
Author: Brian Nixon <nixon@fb.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>
Closes #1012 from enixon/cmd-sync-state
(cherry picked from commit cc900a3b05bc31a237753680c8b00dc5866df4b2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
snapshot.trust.empty is an escape hatch for users upgrading from 3.4.x to later Zookeeper
versions, allowing nodes to start with a non-empty transaction log but no snapshot.
The intent is for this setting to be enabled for a short while during the upgrade,
and then disabled again, as the check it disables is a safety feature.
Prior to this PR, a node would only write a snapshot locally if it became leader,
or if it had fallen so far behind the leader that the leader sent a SNAP message instead
of a DIFF. This made the upgrade process inconvenient, as not all nodes would create
a snapshot when snapshot.trust.empty was true, meaning that the safety check could
not be flipped back on.
This PR makes follower nodes write a local snapshot when they receive NEWLEADER,
if they have no local snapshot and snapshot.trust.empty is true.
Author: Stig Rohde Døssing <stig@humio.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Damien Diederen <ddiederen@apache.org>
Closes #1581 from srdo/zookeeper-3781
(cherry picked from commit 1214d3bf611d153ae8c3987523da01d3d6c82686)
Signed-off-by: Damien Diederen <ddiederen@apache.org>
(cherry picked from commit 679cc2b1015db6a0b41cf9223c826a4b565387e9)
|
|
|
|
|
|
|
|
|
|
| |
Author: Brian Nixon <nixon@fb.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>
Closes #947 from enixon/cmd-last-snap
(cherry picked from commit ea8536982c39fd1127a4e6e7a8229b64a5798447)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Drop Apache Log4j1
- Replace with https://reload4j.qos.ch/, that is 100% compatible (same package names, it is actually a fork)
- Remove logging implementation dependency from zookeeper server module (that is also used by clients)
Client applications that upgrade to 3.6.4 or 3.7.1 won't have surprises regarding Maven exclusions, they were used to exclude log4j1, this is no more needed, but even if they forget to drop that exclusion it will be harmless, and they will never find reload4j as transitive dependency
Author: Enrico Olivelli <eolivelli@apache.org>
Reviewers: Mate Szalay-Beko <symat@apache.org>, Christopher Tubbs <ctubbsii@apache.org>, Tamas Penzes <tamaas@cloudera.com>, Mohammad Arshad <arshad@apache.org>
Closes #1802 from eolivelli/impl/reload4j and squashes the following commits:
54415368f [Enrico Olivelli] update reload4j to 1.2.19
f80c08948 [Enrico Olivelli] Move to slf4j-reload4j
0399bffe7 [Enrico Olivelli] Update SLF4J
0e99b8070 [Enrico Olivelli] add slf4j-log4j12 to the tarball
3d8ce939a [Enrico Olivelli] move slf4j impl to test scope
4be74c4f5 [Enrico Olivelli] Do not report reload4j as transitive dependency for dependant projects
9c6a12823 [Enrico Olivelli] add LICENSE stuff
3bbcd95d3 [Enrico Olivelli] Fix contrib rest
b27844f31 [Enrico Olivelli] fix build
f26533599 [Enrico Olivelli] fix loggraph
dbf29df20 [Enrico Olivelli] fix fatjar
37a55cc0f [Enrico Olivelli] fix contrib
e78792951 [Enrico Olivelli] ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
(cherry picked from commit efe333e7f8c1894d3c985cefcf1bf24d857c1b4e)
(cherry picked from commit 654dc5bc5dc7567722003b76f9338a9f594b2483)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-9493, CVE-2022-23307
Upgraded dependency-check-maven plugin from 6.5.3 to 7.1.0
Author: Mohammad Arshad <arshad@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mate Szalay-Beko <symat@apache.org>, ZhangJian He <shoothzj@apache.org>
Closes #1872 from arshadmohammad/ZOOKEEPER-4510-upgrade
(cherry picked from commit 24073884e114c6d6a14d559dd74d219bc259792b)
Signed-off-by: Enrico Olivelli <eolivelli@apache.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
internal value
When packets are added to ClientCnxn's outgoing packet queue we ensure there's no conflict with an ongoing flush of that queue because of connection loss.
Synchronization used to be on the state field's value. This value is both not stable (its value changes over time), possibly causing improper synchronization, and global, which can cause contention in applications that run several ZooKeeper clients.
We now synchronize on outgoingQueue which is both local to a ClientCnxn's instance and stable.
Author: Sylvain Wallez <sylvainbluxte.net>
Reviewers: maoling <maolingapache.org>, Mohammad Arshad <arshadapache.org>
Closes #1257 from swallez/ZOOKEEPER-3652 and squashes the following commits:
82e2cad2c [Sylvain Wallez] Instruct SpotBugs that we know what we're doing when synchronizing on outgoingQueue
b0bc03d6f [Sylvain Wallez] ZOOKEEPER-3652: Synchronize ClientCnxn outgoing queue flush on a stable internal value
(cherry picked from commit 91e0520133b82acb87ab60962fce5eae992d87e8)
Author: Sylvain Wallez <sylvain@bluxte.net>
Author: Mate Szalay-Beko <symat@apache.org>
Reviewers: Sylvain Wallez <sylvain@bluxte.net>, Mohammad Arshad <arshad@apache.org>, maoling <maoling@apache.org>
Closes #1850 from symat/ZOOKEEPER-3652-branch-3.5 and squashes the following commits:
5cd29db5f [Mate Szalay-Beko] remove formatting changes
e925265e0 [Sylvain Wallez] ZOOKEEPER-3652: Synchronize ClientCnxn outgoing queue flush on a stable internal value
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
future renewals since Java 9
This is the ZOOKEEPER-4477 patch for branch-3.5. Similar to the same fix on newer branches
but using junit 4 in the tests (the junit upgrade happened in ZooKeeper 3.6).
This bug is similar to the one fixed in https://issues.apache.org/jira/browse/KAFKA-12730.
Our Kerberos ticket refresh thread performs re-login by logging out and then logging in again. If
login fails, we retry after some sleep. Every reLogin() operation performs loginContext.logout()
and loginContext.login(). If login fails, we end up with two consecutive logouts. This used to
work in older Java versions, but from Java 9 onwards, this results in a NullPointerException due
to https://bugs.openjdk.java.net/browse/JDK-8173069. We should check if logout is required before
attempting logout.
I fixed the issue and added a new unit test to test some ticket renewal scenarios. I managed to
reproduce the problem in KerberosTicketRenewalTest.shouldRecoverIfKerberosNotAvailableForSomeTime()
which (before the fix) failed with Java13 but succeeded with Java8.
Author: Mate Szalay-Beko <mszalay@cloudera.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1830 from symat/ZOOKEEPER-4477-branch-3.5
|
|
|
|
|
|
|
|
| |
Author: Ananya Singh <purpul90@gmail.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1791 from AnanyaSingh2121/ZOOKEEPER-4434
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backporting ZOOKEEPER-3950 to branch-3.5.
This is a cherry-pick from #1482, also included checkstyle fix from #1516. This PR is basically the same as #1480 on the master branch, only the unit tests needed to be changed back from junit5 to junit4.
The BCFKS key store format is widely used in the industry, as it provides an open source alternative if someone has to use FIPS compliant key stores due to some regulatory constraints.
Currently in the ZooKeeper java client, only PEM, JKS and PEM12 is supported. I extend the list of supported key store formats with BCFKS.
I also tested this patch on a real FIPS compliant cluster, having the appropriate java security configs, security providers and also running a RedHat-based Linux distro (Centos 7.8) with FIPS mode enabled.
I tested both the client and the quorum SSL too. If someone wants to test this patch, and the keystore/truststore file names are not ending with ".bckfs", then (beside the usual SSL configs) make sure to also set the following parameters in the zoo.cfg:
```
ssl.keyStore.type=bcfks
ssl.trustStore.type=bcfks
ssl.quorum.keyStore.type=bcfks
ssl.quorum.trustStore.type=bcfks
```
and also provide the following parameters for the command line java client:
```
-Dzookeeper.ssl.keyStore.type=bcfks -Dzookeeper.ssl.trustStore.type=bcfks
```
This patch doesn't contain any modification for the c-client (that can be handled with a separate Jira, but I don't plan to work on that part right now).
Author: Mate Szalay-Beko <symat@apache.org>
Reviewers: Norbert Kalmar <nkalmar@apache.org>, Andor Molnar <andor@apache.org>
Closes #1815 from symat/ZOOKEEPER-4468
|
|
|
|
|
|
|
|
| |
Author: Ananya Singh <purpul90@gmail.com>
Reviewers: Brahma Reddy Battula <brahma@apache.org>, Norbert Kalmar <nkalmar@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1790 from AnanyaSingh2121/ZOOKEEPER-4433
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit d45d5df963cc3f7641d6dec2920bb22cfe8d0a76)
Author: Enrico Olivelli <eolivelli@apache.org>
Reviewers: Mate Szalay-Beko <symat@apache.org>
Closes #1809 from eolivelli/ZOOKEEPER-4454-branch-35
|
|
|
|
|
|
|
|
|
|
| |
This PR updates jackson-databind to 2.13.1 to address a raised vulnerability that could possible DoS attack certain versions of Jackson. Please refer to GH issue #3328 for further info. On top of that, it also fixes now deprecated `PropertyNamingStrategy` class initialization issue #2715.
Author: Frederiko Costa <frederiko@gmail.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Shoothzj <shoothzj@gmail.com>, maoling <maoling@apache.org>
Closes #1786 from frederiko/ZOOKEEPER-4429_update_jackson_databind
|
|
|
|
|
|
|
|
|
|
|
| |
Author: Frederiko Costa <frederiko.costa@workday.com>
Reviewers: maoling <maoling@apache.org>
Closes #1776 from frederiko/zookeeper-4414_netty_4.1.70_branch_3.5 and squashes the following commits:
7108f81d3 [Frederiko Costa] Rename license files
04234e757 [Frederiko Costa] Backport ZOOKEEPER-4414 to branch-3.5
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update Jetty: 9.4.39.v20210325 → 9.4.43.v20210629 due to CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428
Backport ZOOKEEPER-4337 for branch-3.5
Author: Ananya Singh <purpul90@gmail.com>
Author: Brahma Reddy Battula <brahma@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>
Closes #1768 from AnanyaSingh2121/zookeeper-4390
|
|
|
|
|
|
|
|
|
|
| |
Backport of https://github.com/apache/zookeeper/pull/1755
Author: Rushabh Shah <rushabh.shah@rushabh-ltmflld.internal.salesforce.com>
Reviewers: Norbert Kalmar <nkalmar@apache.org>
Closes #1767 from shahrs87/ZOOKEEPER-4367-branch-3.5
|
|
|
|
|
|
|
|
|
|
| |
…2021-21409.
Author: Brahma Reddy Battula <brahma@apache.org>
Reviewers: Mohammad Arshad <arshad@apache.org>
Closes #1762 from brahmareddybattula/branch-3.5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following up https://github.com/apache/zookeeper/pull/1722, I'm applying the change on master instead of 3.5.x as advised.
As an alternative to https://github.com/apache/zookeeper/pull/1726, this change employs bundle plugin to build another artifact of classifier "osgi".
The advantage would be bundle plugin remains employed to maintain the topology of versioned packages, and the original artifact without classifier is left untouched.
The disadvantage would be we've one more artifact delivered in this project.
```
$ ls zookeeper-server/target/ | grep jar$
zookeeper-3.5.9.jar
zookeeper-3.5.9-javadoc.jar
zookeeper-3.5.9-osgi.jar
zookeeper-3.5.9-sources.jar
zookeeper-3.5.9-tests.jar
```
Author: Wu, Xiaokai (Marvin) <marvinwu@ea.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>
Closes #1727 from bigmarvin/ZOOKEEPER-4331/add-new-osgi-artifact
(cherry picked from commit 9a5da5f9a023e53bf339748b5b7b17278ae36475)
Signed-off-by: Norbert Kalmar <nkalmar@apache.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ZOOKEEPER-3911 - Data inconsistency caused by DIFF sync uncommitted log](https://issues.apache.org/jira/browse/ZOOKEEPER-3911)
[ZOOKEEPER-3240 - Close socket on Learner shutdown to avoid dangling socket](https://issues.apache.org/jira/browse/ZOOKEEPER-3240)
ZOOKEEPER-3911 requires ZOOKEEPER-3240 to pass the unit test.
Author: fanyang <fanyang@smartx.com>
Author: Brian Nixon <nixon@fb.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Damien Diederen <ddiederen@apache.org>
Closes #1657 from fanyang89/ZOOKEEPER-4262 and squashes the following commits:
aaba063c6 [fanyang] ZOOKEEPER-4262: Backport ZOOKEEPER-3911 to branch-3.5
c2f22164b [Brian Nixon] ZOOKEEPER-3240: Close socket on Learner shutdown to avoid dangling so…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SASL login
Slowness in sasl login or subject.doAs() causes zk client to falsely assume that the server did not respond, closes connection and goes to unnecessary retries.
Raising the PR for master - approved for 3.5 branch already.
Author: Ravi Kishore Valeti <v.ravikishore@gmail.com>
Reviewers: Mate Szalay-Beko <symat@apache.org>, Norbert Kalmar <nkalmar@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1685 from rvaleti/ZOOKEEPER-4275_master
(cherry picked from commit c583a6e79654359b5daad5093d1730e370d3b75b)
|
|
|
|
|
|
|
|
| |
Author: Norbert Kalmar <nkalmar@apache.org>
Reviewers: Mohammad Arshad <arshad@apache.org>
Closes #1676 from nkalmar/branch-3.5
|
|
|
|
|
|
|
|
|
|
| |
security vulnerability CVE-2021-21295
Author: Ayush Mantri <aayushmantri@gmail.com>
Reviewers: Mohammad Arshad <arshad@apache.org>
Closes #1671 from ayushmantri/ZK-4272-3.5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`InvalidSnapshotTest.testSnapshot` starts an instance of
`ZooKeeperServer` on the version-controlled `resources/data/invalidsnap`
directory, which, as a side-effect, \"fixes\" the following
snapshot—which was broken on purpose (see ZOOKEEPER-367):
`zookeeper-server/src/test/resources/data/invalidsnap/version-2/snapshot.83f`
This status quo creates a number of problems:
1. It makes the test ineffective after the first run;
2. The file shows as modified in version control tools, which can be
annoying;
3. The \"fixed\" snapshot can end up being committed by mistake,
invalidating the test.
(\#3 is not theoretical; that \"fixed\" snapshot frequently shows up in
pull requests, and was recently merged into `master`.)
Author: Damien Diederen <dd@crosstwine.com>
Reviewers: Mohammad Arshad <arshad@apache.org>
Closes #1629 from ztzg/ZOOKEEPER-4232-invalid-snapshot-is-invalid-x-3.5 and squashes the following commits:
528640504 [Damien Diederen] ZOOKEEPER-4232: Ensure that ZOOKEEPER-367 test data fails to parse
680c57ad2 [Damien Diederen] ZOOKEEPER-4232: Run InvalidSnapshotTest on a copy of test data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a logic in the server code, that would try to connect to an other quorum member, based
on its server ID. We identify the address assigned to this ID first based on the last committed
quorum configuration. If the connection attempt fails (or the server is not known in the
committed configuration) then we try to find the address based on the last proposed quorum
configuration. But we should do the second connection attempt, only if the address in the
last proposed configuration differs from the address in the last committed configuration.
Otherwise we would just retry to connect to the same address that failed just right before.
In the current code we have a bug, because we compare the address object references (use "!=")
instead of comparing the objects themselves (using "not equals"). In certain edge cases (e.g.
when the last proposed and last committed addresses are the same, but the address is unreachable)
this bug can lead to unnecessary retry of connection attempts. The normal behaviour would be to
mark this connection attempt to be failed and wait for e.g. the next election round or wait for
the other server to come online and initiate a connection to us.
Author: Mate Szalay-Beko <symat@apache.org>
Reviewers: Andor Molnar <andor@apache.org>, Damien Diederen <dd@crosstwine.com>
Closes #1631 from symat/ZOOKEEPER-4220-branch-3.5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-27223
The OWASP checker reports that the version of Jetty currently
referenced by this branch is vulnerable to a CVE:
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.0:check (default-cli) on project zookeeper:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] jetty-server-9.4.35.v20201120.jar: CVE-2020-27223
[ERROR] jetty-http-9.4.35.v20201120.jar: CVE-2020-27223
https://nvd.nist.gov/vuln/detail/CVE-2020-27223 describes it as:
> In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive),
> 10.0.0, and 11.0.0 when Jetty handles a request containing multiple
> Accept headers with a large number of "quality" (i.e. q) parameters,
> the server may enter a denial of service (DoS) state due to high CPU
> usage processing those quality values, resulting in minutes of CPU
> time exhausted processing those quality values.
This changeset bumps Jetty to 9.4.38.v20210224, which is the latest
as of the commit date.
Author: Damien Diederen <dd@crosstwine.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1625 from ztzg/ZOOKEEPER-4023-jetty-CVE-2020-27223-x-3.5
|
|
|
|
|
|
|
|
|
|
| |
On PR #1605 eolivelli requested to also update the Ivy dependency file. This PR address the comment on https://github.com/apache/zookeeper/pull/1605#issuecomment-780793136
Author: Frederiko Costa <frederiko.costa@workday.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Damien Diederen <ddiederen@apache.org>
Closes #1607 from frederiko/ivy-update
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update Netty to 4.1.59.Final on to address the vulnerability described at https://snyk.io/vuln/SNYK-JAVA-IONETTY-1020439
Author: Frederiko Costa <frederiko@gmail.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Damien Diederen <ddiederen@apache.org>
Closes #1605 from frederiko/netty-4.1.59-update
(cherry picked from commit 884fc38db166617e03d03f793ef917febcc131be)
Signed-off-by: Damien Diederen <ddiederen@apache.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I believe we don't need to add the git checkout to the "Steps" section. I cannot see it neither in owasp nor the PR jenkinsfiles. Also I see that master branch gets also checked out during our normal builds, so I hope this will fix it.
Target branches: master, branch-3.7, branch-3.6, branch-3.5
Author: Andor Molnar <andor@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1600 from anmolnar/ZOOKEEPER-4207
(cherry picked from commit 8c68933226595b839ba3694dacd39cd2b2a21878)
Signed-off-by: Enrico Olivelli <eolivelli@datastax.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backporting https://issues.apache.org/jira/browse/ZOOKEEPER-3037 from branch-3.6 to branch-3.5.
Author: Norbert Kalmar <nkalmaryahoo.com>
Reviewers: andorapache.org
Closes #904 from nkalmar/ZOOKEEPER-3037 and squashes the following commits:
a6105324b [Norbert Kalmar] ZOOKEEPER-3037 - add serviceStop() and improve unit tests
7d0baaa46 [Norbert Kalmar] ZOOKEEPER-3037 - refactor unit tests
97d2c6103 [Norbert Kalmar] ZOOKEEPER-3037 - cite hadoop-common as source
3661389e4 [Norbert Kalmar] ZOOKEEPER-3037 - Add unit test and various improvements
f30975765 [Norbert Kalmar] ZOOKEEPER-3037 - Add JvmPauseMonitor
(cherry picked from commit e9adf6ee09ef18258653d65c851fa84c3cd1a51d)
Author: Norbert Kalmar <nkalmar@yahoo.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mate Szalay-Beko <symat@apache.org>, Andor Molnar <andor@apache.org>
Closes #1594 from symat/ZOOKEEPER-3037-branch-3.5
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Jackson reported a vulnerability under CVE-2020-25649. Upgrading to 2.10.5.1 will resolve the problem. See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches for more details.
Author: Edwin Hobor <edwin.hobor@microfocus.com>
Reviewers: Mate Szalay-Beko <symat@apache.org>, Norbert Kalmar <nkalmar@apache.org>
Closes #1572 from edwin092/ZOOKEEPER-4045
(cherry picked from commit 676d10b2fad97c69e4083619cb1db223ed1896a4)
Signed-off-by: Norbert Kalmar <nkalmar@apache.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-27218
Bump jetty.version to 9.4.35.v20201120.
The [release notes](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.35.v20201120)
mention [issues 5605](https://github.com/eclipse/jetty.project/issues/5605):
> java.io.IOException: unconsumed input during http request parsing
which seems to match the description of
[CVE-2020-27218](http://cve.circl.lu/cve/CVE-2020-27218)
Author: Damien Diederen <dd@crosstwine.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>
Closes #1554 from ztzg/jetty-upgrade-CVE-2020-27218-branch-3.5
|