Guys, I created two pull requests [1] [2] for 2.8 release. First of them [1] is a patch with ticket [3] for ignite-2.8 branch. Second [2] is a revert of ticket [4] from 2.8 release.
I'm waiting TC run all nightly results for both PRs. I'll write update when TC runs will be ok. I'm okay with both proposals (add ticket [1] to release, remove read-only feature from 2.8 release scope). But I'm not okay with @IgniteExperemental annotation. [1] https://github.com/apache/ignite/pull/7239 [2] https://github.com/apache/ignite/pull/7238 [3] https://issues.apache.org/jira/browse/IGNITE-12225 [4] https://issues.apache.org/jira/browse/IGNITE-11256 пт, 10 янв. 2020 г. в 14:21, Zhenya Stanilovsky <arzamas...@mail.ru.invalid >: > > Ivan, if i correctly understand, you suggest additional «expiremental» > stuff only for hiding already leaked RO interface ? > poor approach as for me. > > >Folks, > > > >Some thoughts: > >* Releasing an API with known fallacies sounds really bad thing to me. > >It can have a negative consequences for a whole project for years. My > >opinion here that we should resolve the problem with this API somehow > >before release. > >* We can mark cluster read-only API (without enum) as experimental and > >change the API in e.g. 2.8.1. > >* We can try to exclude read-only API from 2.8 at all. > > > >What do you think? > > > >пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < plehanov.a...@gmail.com >: > >> > >> Guys, > >> > >> There is also an issue with cluster activation by thin clients. This > >> feature (.NET thin client API change and protocol change) was added by > [1] > >> without any discussion on dev-list. Sergey's patch [2] deprecate methods > >> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but > didn't do > >> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also > >> should not forget about thin client changes, since it will be strange > if we > >> introduce some methods to thin client API and protocol and in the same > >> Ignite version deprecate these methods for servers and thick clients. > >> > >> [1]: https://issues.apache.org/jira/browse/IGNITE-11709 > >> [2]: https://issues.apache.org/jira/browse/IGNITE-12225 > >> > >> > >> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky < > arzamas...@mail.ru.invalid > >> >: > >> > >> > > >> > > >> > Agree with Nikolay, -1 from me, too. > >> > > >> > >Hello, Igniters. > >> > > > >> > >I’m -1 to include the read-only patch to 2.8. > >> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for > >> > blockers and major issues. > >> > > > >> > >Guys, we don’t release Apache Ignite for 13 months! > >> > >We should focus on the release and make it ASAP. > >> > > > >> > >We can’t extend the scope anymore. > >> > > > >> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov < > antonovserge...@gmail.com > > >> > написал(а): > >> > >> > >> > >> Hello, Maxim! > >> > >> > >> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files > >> > >> changed. > >> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked > already > >> > >> presented. Changes in product code are minimal - only 30 changed > files > >> > in > >> > >> /src/main/ part. And most of them are new control.sh commands and > >> > >> configuration. > >> > >> > >> > >>> Do we have customer requests for this feature or maybe users who > are > >> > >> waiting for exactly that ENUM values exactly in 2.8 release (not > the > >> > 2.8.1 > >> > >> for instance)? > >> > >> Can we introduce in new features in maintanance release (2.8.1)? > Cluster > >> > >> read-only mode will be new feature, if we remove > IgniteCluster#readOnly > >> > in > >> > >> 2.8 release. If all ok with that, lets remove > IgniteCluster#readOnly and > >> > >> move ticket [1] to 2.8.1 release. > >> > >> > >> > >>> Do we have extended test results report (on just only TC.Bot green > >> > visa) > >> > >> on this feature to be sure that we will not add any blocker issues > to > >> > the > >> > >> release? > >> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa > vs > >> > >> release branch. > >> > >> > >> > >> [1] https://issues.apache.org/jira/browse/IGNITE-12225 > >> > >> > >> > >> > >> > >> > >> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < mmu...@apache.org > >: > >> > >> > >> > >>> Folks, > >> > >>> > >> > >>> > >> > >>> Let me remind you that we are working on the 2.8 release branch > >> > >>> stabilization currently (please, keep it in mind). > >> > >>> > >> > >>> > >> > >>> Do we have a really STRONG reason for adding such a change [1] to > the > >> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517 > >> > >>> −2,038, 111 files changed. > >> > >>> Do we have customer requests for this feature or maybe users who > are > >> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not > the > >> > >>> 2.8.1 for instance)? > >> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any > >> > >>> backward compatibility issues between 2.8 and 2.9 releases? > >> > >>> Do we have extended test results report (on just only TC.Bot green > >> > >>> visa) on this feature to be sure that we will not add any blocker > >> > >>> issues to the release? For instance, on pre-production > environment. > >> > >>> > >> > >>> I'd like to notice that we also have more than enough the release > >> > >>> blocker issues [3] which are still `in progress` and such a > release > >> > >>> run becomes endless. Such changes without strong reasons looks too > >> > >>> scary for me a special after scope and code freeze dates. > >> > >>> > >> > >>> Please, dispel my doubts. > >> > >>> > >> > >>> [1] https://issues.apache.org/jira/browse/IGNITE-12225 > >> > >>> [2] https://github.com/apache/ignite/pull/7194 > >> > >>> [3] > >> > >>> > >> > > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation > >> > ) > >> > >>> > >> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev < > zaleslaw....@gmail.com > >> > > > >> > >>> wrote: > >> > >>>> > >> > >>>> +1 > >> > >>>> > >> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov < > >> > antonovserge...@gmail.com >: > >> > >>>> > >> > >>>>> +1 > >> > >>>>> > >> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 > branch > >> > >>> will be > >> > >>>>> at 13 Jan > >> > >>>>> > >> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < vololo...@gmail.com > >: > >> > >>>>> > >> > >>>>>> +1 > >> > >>>>>> > >> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < > ivan.glu...@gmail.com >: > >> > >>>>>>> > >> > >>>>>>> Maxim M. and anyone who is interested, > >> > >>>>>>> > >> > >>>>>>> I suggest to include this fix to 2.8 release: > >> > >>>>>>> https://issues.apache.org/jira/browse/IGNITE-12225 > >> > >>>>>>> Basically, it's a result of the following discussion: > >> > >>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html > >> > >>>>>>> > >> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods > that > >> > >>> work > >> > >>>>> with > >> > >>>>>>> boolean are replaced with ones that work with enum. > >> > >>>>>>> If we include it, we won't be obliged to keep deprecated > boolean > >> > >>>>> version > >> > >>>>>> of > >> > >>>>>>> API in the code (which is currently present in 2.8 branch) as > it > >> > >>> wasn't > >> > >>>>>>> published in any release. > >> > >>>>>>> > >> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev < > >> > >>>>>> ilya.kasnach...@gmail.com > > >> > >>>>>>> wrote: > >> > >>>>>>> > >> > >>>>>>>> Hello! > >> > >>>>>>>> > >> > >>>>>>>> I have ran dependency checker plugin and quote the following: > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-urideploy: > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-spring: > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-spring-data: > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-aop: > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-visor-console: > >> > >>>>>>>> > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE, > >> > >>>>>>>> > >> > >>>>>> > >> > >>> > >> > > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*, > >> > >>>>>>>> > >> > >>> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*, > >> > >>>>>>>> > >> > >>> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) > >> > >>>>> : > >> > >>>>>>>> CVE-2018-15756 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-spring-data_2.0: > >> > >>>>>>>> > >> > >>>>>>>> spring-core-5.0.8.RELEASE.jar > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@5.0.8.RELEASE, > >> > >>>>>>>> > >> > >>>>>> > >> > >>> > >> > > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*, > >> > >>>>>>>> > >> > >>> > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*, > >> > >>>>>>>> > >> > >>> > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2018-15756 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-rest-http: > >> > >>>>>>>> > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605, > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247 > >> > >>>>>>>> jackson-databind-2.9.6.jar > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6 > , > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, > CVE-2018-14720, > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, > CVE-2018-19362, > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, > CVE-2019-14379, > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, > CVE-2019-16942, > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-kubernetes: > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-aws: > >> > >>>>>>>> > >> > >>>>>>>> jackson-databind-2.9.6.jar > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6 > , > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, > CVE-2018-14720, > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, > CVE-2018-19362, > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, > CVE-2019-14379, > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, > CVE-2019-16942, > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531 > >> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) : > >> > >>>>> CVE-2015-6644, > >> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, > >> > >>>>> CVE-2016-1000341, > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, > >> > >>>>> CVE-2016-1000345, > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, > >> > >>> CVE-2017-13098, > >> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-gce: > >> > >>>>>>>> > >> > >>>>>>>> httpclient-4.0.1.jar > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1 > >> > >>>>>>>> , > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : > CVE-2011-1498, > >> > >>>>>>>> CVE-2014-3577, CVE-2015-5262 > >> > >>>>>>>> guava-jdk5-17.0.jar > (pkg:maven/com.google.guava/guava-jdk5@17.0, > >> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-cloud: > >> > >>>>>>>> > >> > >>>>>>>> openstack-keystone-2.0.0.jar > >> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0, > >> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) : > >> > >>> CVE-2013-2014, > >> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476, > >> > >>>>>> CVE-2014-3520, > >> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432, > >> > >>>>>> CVE-2018-20170 > >> > >>>>>>>> cloudstack-2.0.0.jar > >> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0 > >> > >>>>>> , > >> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : > CVE-2013-2136, > >> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252 > >> > >>>>>>>> docker-2.0.0.jar > (pkg:maven/org.apache.jclouds.api/docker@2.0.0, > >> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : > CVE-2018-10892, > >> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, > CVE-2019-16884, > >> > >>>>>>>> CVE-2019-5736 > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1, > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> docker-1.9.3.jar > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3 > >> > >>> , > >> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697, > >> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, > CVE-2019-15752, > >> > >>>>>>>> CVE-2019-16884, CVE-2019-5736 > >> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar > >> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8, > >> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725 > >> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar > >> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) : > >> > >>>>> CVE-2015-6644, > >> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339, > >> > >>> CVE-2016-1000341, > >> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, > >> > >>>>> CVE-2016-1000345, > >> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098, > >> > >>> CVE-2018-1000613 > >> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0 > , > >> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : > CVE-2016-2402 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-mesos: > >> > >>>>>>>> > >> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0, > >> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793, > >> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736 > >> > >>>>>>>> jetty-server-9.4.11.v20180605.jar > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605, > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247 > >> > >>>>>>>> jackson-databind-2.9.6.jar > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6 > , > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, > CVE-2018-14720, > >> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, > CVE-2018-19362, > >> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, > CVE-2019-14379, > >> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, > CVE-2019-16942, > >> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-kafka: > >> > >>>>>>>> > >> > >>>>>>>> kafka-clients-2.0.1.jar > >> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1 > >> > >>>>>> , > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196 > >> > >>>>>>>> connect-api-2.0.1.jar > >> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1, > >> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-flume: > >> > >>>>>>>> > >> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2, > >> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> jackson-core-asl-1.8.8.jar > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) : > >> > >>> CVE-2017-15095, > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525 > >> > >>>>>>>> jackson-mapper-asl-1.8.8.jar > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, > CVE-2018-1000873, > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540, > >> > >>>>>>>> CVE-2019-16335, CVE-2019-17267 > >> > >>>>>>>> commons-collections-3.2.1.jar > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1, > >> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2015-6420, > >> > >>>>>>>> CVE-2017-15708, Remote code execution > >> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/netty@3.9.4.Final, > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156, > >> > >>>>>> CVE-2019-16869, > >> > >>>>>>>> POODLE vulnerability in SSLv3.0 support > >> > >>>>>>>> servlet-api-2.5-20110124.jar > >> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2005-3747, > >> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048, > >> > >>>>>> CVE-2009-5049, > >> > >>>>>>>> CVE-2011-4461 > >> > >>>>>>>> jetty-util-6.1.26.jar > >> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 > >> > >>>>> , > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : > >> > >>> CVE-2009-1523, > >> > >>>>>>>> CVE-2011-4461 > >> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) : > >> > >>> CVE-2009-1523, > >> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, > >> > >>>>>> CVE-2017-9735, > >> > >>>>>>>> CVE-2019-10241, CVE-2019-10247 > >> > >>>>>>>> libthrift-0.9.0.jar > (pkg:maven/org.apache.thrift/libthrift@0.9.0) > >> > >>> : > >> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205 > >> > >>>>>>>> httpclient-4.1.3.jar > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3 > >> > >>>>>>>> , > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : > CVE-2014-3577, > >> > >>>>>>>> CVE-2015-5262 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-twitter: > >> > >>>>>>>> > >> > >>>>>>>> httpclient-4.2.5.jar > >> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5 > >> > >>>>>>>> , > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : > CVE-2014-3577, > >> > >>>>>>>> CVE-2015-5262 > >> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1, > >> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-zookeeper: > >> > >>>>>>>> > >> > >>>>>>>> jackson-databind-2.9.8.jar > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8 > , > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2019-12086, > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, > CVE-2019-14439, > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, > CVE-2019-16943, > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531 > >> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1, > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> jackson-mapper-asl-1.9.13.jar > >> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) > : > >> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, > CVE-2018-1000873, > >> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172, > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267 > >> > >>>>>>>> netty-all-4.1.29.Final.jar > >> > >>> (pkg:maven/io.netty/netty-all@4.1.29.Final > >> > >>>>> , > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-camel: > >> > >>>>>>>> > >> > >>>>>>>> camel-core-2.22.0.jar > >> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0, > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041, > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194 > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml > >> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0, > >> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041, > >> > >>>>>>>> CVE-2019-0188, CVE-2019-0194 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-storm: > >> > >>>>>>>> > >> > >>>>>>>> storm-core-1.1.1.jar > (pkg:maven/org.apache.storm/storm-core@1.1.1 > >> > >>> , > >> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779, > >> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202 > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916, > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : > >> > >>>>> CVE-2019-10247 > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml > >> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3, > >> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : > CVE-2014-3577, > >> > >>>>>>>> CVE-2015-5262 > >> > >>>>>>>> > >> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1, > >> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml > >> > >>>>>>>> (pkg:maven/io.netty/netty@3.9.0.Final, > >> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193, > >> > >>>>>> CVE-2014-3488, > >> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in > SSLv3.0 > >> > >>>>> support > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916, > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : > >> > >>>>> CVE-2011-4461, > >> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735, > >> > >>>>>> CVE-2019-10241, > >> > >>>>>>>> CVE-2019-10247 > >> > >>>>>>>> > >> > >>>>>> > >> > >>> > >> > > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml > >> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916, > >> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) : > >> > >>>>> CVE-2011-4461, > >> > >>>>>>>> CVE-2019-10247 > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml > >> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2, > >> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2016-1000031 > >> > >>>>>>>> > >> > >>>>>> > >> > >>> > >> > > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml > >> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1, > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776, > >> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811, > >> > >>>>>> CVE-2017-15713, > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768, > >> > >>>>>> CVE-2018-1296, > >> > >>>>>>>> CVE-2018-8009, CVE-2018-8029 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-cassandra-store: > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-cassandra-serializers: > >> > >>>>>>>> > >> > >>>>>>>> commons-beanutils-1.9.2.jar > >> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2, > >> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2019-10086 > >> > >>>>>>>> commons-collections-3.2.1.jar > >> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1, > >> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2015-6420, > >> > >>>>>>>> CVE-2017-15708, Remote code execution > >> > >>>>>>>> spring-core-4.3.18.RELEASE.jar > >> > >>>>>>>> (pkg:maven/org.springframework/spring-core@4.3.18.RELEASE, > >> > >>>>>>>> > >> > >>>>>> > >> > >>> > >> > > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*, > >> > >>>>>>>> > >> > >>> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*, > >> > >>>>>>>> > >> > >>> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*) > >> > >>>>> : > >> > >>>>>>>> CVE-2018-15756 > >> > >>>>>>>> netty-transport-4.1.27.Final.jar > >> > >>>>>>>> (pkg:maven/io.netty/netty-transport@4.1.27.Final, > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-flink: > >> > >>>>>>>> > >> > >>>>>>>> flink-hadoop-fs-1.5.0.jar > >> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0 > >> > >>>>>>>> , > >> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001, > >> > >>>>>>>> CVE-2017-3161, CVE-2017-3162 > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml > >> > >>>>>>>> (pkg:maven/io.netty/netty-all@4.0.27.Final, > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156, > >> > >>>>>> CVE-2016-4970, > >> > >>>>>>>> CVE-2019-16869 > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml > >> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9 > , > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) : > >> > >>>>>> CVE-2017-15095, > >> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, > CVE-2018-11307, > >> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, > CVE-2018-14719, > >> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, > CVE-2018-19361, > >> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086, > >> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, > CVE-2019-14439, > >> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, > CVE-2019-16943, > >> > >>>>>>>> CVE-2019-17267, CVE-2019-17531 > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml > >> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0, > >> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237 > >> > >>>>>>>> > >> > >>>>>>>> One or more dependencies were identified with known > >> > >>> vulnerabilities > >> > >>>>> in > >> > >>>>>>>> ignite-rocketmq: > >> > >>>>>>>> > >> > >>>>>>>> netty-all-4.0.42.Final.jar > >> > >>> (pkg:maven/io.netty/netty-all@4.0.42.Final > >> > >>>>> , > >> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869 > >> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar > >> > >>>>>>>> > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26 > >> > >>> , > >> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*, > >> > >>>>>>>> > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*, > >> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) : > >> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838, > >> > >>>>>> CVE-2006-7196, > >> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696, > >> > >>>>>> CVE-2012-5568, > >> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444, > >> > >>>>>> CVE-2013-4590, > >> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, > >> > >>>>>> CVE-2014-0119, > >> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020 > >> > >>>>>>>> > >> > >>>>>>>> Main offenders seem to be "jackson-databind" and old > maintenance > >> > >>>>>> releases > >> > >>>>>>>> of Spring. I think we can bump most of that. > >> > >>>>>>>> > >> > >>>>>>>> Some integrations also clearly suffer, through it's a > problem of > >> > >>>>> their > >> > >>>>>>>> users, since they need to declare their own libraries' > versions > >> > >>> by > >> > >>>>>>>> convention. > >> > >>>>>>>> > >> > >>>>>>>> Regards, > >> > >>>>>>>> -- > >> > >>>>>>>> Ilya Kasnacheev > >> > >>>>>>>> > >> > >>>>>>>> > >> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < > dma...@apache.org >: > >> > >>>>>>>> > >> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you, > >> > >>> let's > >> > >>>>>> update > >> > >>>>>>>>> the versions of the dependencies to the latest. > >> > >>>>>>>>> > >> > >>>>>>>>> - > >> > >>>>>>>>> Denis > >> > >>>>>>>>> > >> > >>>>>>>>> > >> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev < > >> > >>>>>>>>> ilya.kasnach...@gmail.com > > >> > >>>>>>>>> wrote: > >> > >>>>>>>>> > >> > >>>>>>>>>> Hello! > >> > >>>>>>>>>> > >> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8. > >> > >>>>>>>>>> > >> > >>>>>>>>>> By bumping versisons I mean the following: > >> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version> > >> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version> > >> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version> > >> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version> > >> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version> > >> > >>>>>>>>>> > >> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version> > >> > >>>>>>>> <!-- > >> > >>>>>>>>>> don't forget to update spring version --> > >> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!-- > >> > >>>>> don't > >> > >>>>>>>>> forget > >> > >>>>>>>>>> to update spring-data version --> > >> > >>>>>>>>>> > >> > >>>>>>>>> > >> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version> > >> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version --> > >> > >>>>>>>>>> > >> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!-- > >> > >>>>>>>>> don't > >> > >>>>>>>>>> forget to update spring-data-2.0 version --> > >> > >>>>>>>>>> > >> > >>>>>>>>>> All these libraries have maintenance release (such as our > >> > >>>>> 2.7.*6*) > >> > >>>>>> and > >> > >>>>>>>> I > >> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies > >> > >>> to the > >> > >>>>>>>> latest > >> > >>>>>>>>>> maintenance version found in Maven Central. > >> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE. > >> > >>>>>>>>>> > >> > >>>>>>>>>> Regards, > >> > >>>>>>>>>> -- > >> > >>>>>>>>>> Ilya Kasnacheev > >> > >>>>>>>>>> > >> > >>>>>>>>>> > >> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda < > dma...@apache.org > >> > >>>> : > >> > >>>>>>>>>> > >> > >>>>>>>>>>> A huge +1 for adding Spring Data related > >> > >>> fixes/improvements. > >> > >>>>>> Ilya is > >> > >>>>>>>>>> right > >> > >>>>>>>>>>> that Spring Data related questions sparked last time due > to > >> > >>>>>> missing > >> > >>>>>>>>>> support > >> > >>>>>>>>>>> of 2.2 version. > >> > >>>>>>>>>>> > >> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping > >> > >>> the > >> > >>>>>>>>> versions"? > >> > >>>>>>>>>> Do > >> > >>>>>>>>>>> you suggest performing a straightforward upgrade of > >> > >>>>>>>>> "ignite-spring-data" > >> > >>>>>>>>>> to > >> > >>>>>>>>>>> version 2.2 and introducing > >> > >>> "ignite-spring-data-{old-version"} > >> > >>>>>> for > >> > >>>>>>>> the > >> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the > >> > >>> proposal. > >> > >>>>>>>>>>> > >> > >>>>>>>>>>> - > >> > >>>>>>>>>>> Denis > >> > >>>>>>>>>>> > >> > >>>>>>>>>>> > >> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev < > >> > >>>>>>>>>> ilya.kasnach...@gmail.com > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>> wrote: > >> > >>>>>>>>>>> > >> > >>>>>>>>>>>> Hello! > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> I propose to add the following ticket to the scope: > >> > >>>>>>>>>>>> https://issues.apache.org/jira/browse/IGNITE-12259 (3 > >> > >>>>>> commits, be > >> > >>>>>>>>>>> careful > >> > >>>>>>>>>>>> with release version) > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I > >> > >>> will > >> > >>>>>> provide > >> > >>>>>>>>> the > >> > >>>>>>>>>>>> following considerations: > >> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we > >> > >>> currently do > >> > >>>>>> not > >> > >>>>>>>>> have, > >> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow > >> > >>> and > >> > >>>>>> mailing > >> > >>>>>>>>>> list. > >> > >>>>>>>>>>>> Spring Data is important to our public image since many > >> > >>>>> people > >> > >>>>>> may > >> > >>>>>>>>>> learn > >> > >>>>>>>>>>>> about out project by starting with Spring Data. > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> * It has zero code impact outside of its own module > >> > >>> (just 2 > >> > >>>>> POM > >> > >>>>>>>> file > >> > >>>>>>>>>>>> touched and that's all). > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> * The core was ready since early November but, due to > >> > >>> gmail > >> > >>>>>> quirk, > >> > >>>>>>>> we > >> > >>>>>>>>>> did > >> > >>>>>>>>>>>> not react to it in time. > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> WDYT? > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> Another semi-related question. *Should we bump our > >> > >>>>>> dependencies' > >> > >>>>>>>>>> versions > >> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and > >> > >>>>> hibernate > >> > >>>>>>>>>>>> dependencies. We could switch them to their latest > >> > >>>>> maintenance > >> > >>>>>>>>> versions > >> > >>>>>>>>>>> to > >> > >>>>>>>>>>>> avoid shipping default links to outdated packages. > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> I think this is one of things that are very hard to do > >> > >>>>> between > >> > >>>>>>>>>> releases, > >> > >>>>>>>>>>> so > >> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a > >> > >>>>> formal > >> > >>>>>>>>>>>> release/testing cycle, and then be backported to master. > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge > >> > >>>>> these > >> > >>>>>>>>> version > >> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test. > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> Regards, > >> > >>>>>>>>>>>> -- > >> > >>>>>>>>>>>> Ilya Kasnacheev > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky > >> > >>>>>>>>>>> < arzamas...@mail.ru.invalid > >> > >>>>>>>>>>>>> : > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs > >> > >>>>> 2.7.6, > >> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a > >> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x > >> > >>> Xeon > >> > >>>>>> X5570 > >> > >>>>>>>>> 96Gb > >> > >>>>>>>>>>>> 512GB > >> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s > >> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers. > >> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests: > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark > >> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark > >> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark > >> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark > >> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark > >> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark > >> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> cacheMode — partitioned > >> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC > >> > >>>>>>>>>>>>> 1 backup > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence > >> > >>> disabled. > >> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1] > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> [1] > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>> > >> > >>>>>>>>>> > >> > >>>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> do we need some bisect or other work here ? > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> ------- Forwarded message ------- > >> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" < mmu...@apache.org > > >> > >>>>>>>>>>>>>> To: dev@ignite.apache.org > >> > >>>>>>>>>>>>>> Cc: > >> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope, > >> > >>> Manager] > >> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300 > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> Igniters, > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> It's almost a year has passed since the last major > >> > >>> Apache > >> > >>>>>> Ignite > >> > >>>>>>>>> 2.7 > >> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of > >> > >>> performance > >> > >>>>>>>>>> improvements > >> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their > >> > >>>>>> release > >> > >>>>>>>>> date. > >> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my > >> > >>>>> point > >> > >>>>>>>> since > >> > >>>>>>>>>> the > >> > >>>>>>>>>>>>>> last major release: > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> Service Grid, > >> > >>>>>>>>>>>>>> Monitoring, > >> > >>>>>>>>>>>>>> Recovery Read > >> > >>>>>>>>>>>>>> BLT auto-adjust, > >> > >>>>>>>>>>>>>> PDS compression, > >> > >>>>>>>>>>>>>> WAL page compression, > >> > >>>>>>>>>>>>>> Thin client: best effort affinity, > >> > >>>>>>>>>>>>>> Thin client: transactions support (not yet) > >> > >>>>>>>>>>>>>> SQL query history > >> > >>>>>>>>>>>>>> SQL statistics > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master > >> > >>>>>> branch > >> > >>>>>>>>>> anymore > >> > >>>>>>>>>>>>>> and prepare the next major release by the end of the > >> > >>> year. > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8 > >> > >>>>>> release > >> > >>>>>>>> and > >> > >>>>>>>>>> also > >> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of > >> > >>> the > >> > >>>>>>>> planning > >> > >>>>>>>>>>>>>> release. > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019 > >> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019 > >> > >>>>>>>>>>>>>> Voting Date: December 10, 2019 > >> > >>>>>>>>>>>>>> Release Date: December 17, 2019 > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> > >> > >>>>>>>>>>>>>> WDYT? > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>>> > >> > >>>>>>>>>>>> > >> > >>>>>>>>>>> > >> > >>>>>>>>>> > >> > >>>>>>>>> > >> > >>>>>>>> > >> > >>>>>> > >> > >>>>>> > >> > >>>>>> > >> > >>>>>> -- > >> > >>>>>> Best regards, > >> > >>>>>> Ivan Pavlukhin > >> > >>>>>> > >> > >>>>> > >> > >>> > >> > >> > >> > >> > >> > >> -- > >> > >> BR, Sergey Antonov > >> > > > >> > > >> > > >> > > >> > > > > > > >-- > >Best regards, > >Ivan Pavlukhin > > > > > > -- BR, Sergey Antonov
