notebook search fails

2021-09-02 Thread Lior Chaga 
Hi,
I'm facing the same issue as Axel reported in
https://issues.apache.org/jira/browse/ZEPPELIN-5437 (but without the
preceding NullPointerExceptions)

To be honest, when I first tried remote debug to understand why I don't see
results, I managed to debug into the SearchService, to make sure it's not
the NoSearchService implementation.
After restarting the pod, I got the exception:

*LuceneSearch.java[query]:135) - Failed to open index dir
MMapDirectory@/tmp/zeppelin-index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@5270*
*8e8d, make sure indexing finished OK*
*org.apache.lucene.index.IndexNotFoundException: no segments* file found in
MMapDirectory@/tmp/zeppelin-index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@52708e8d: files:
[write.lock]*


I'm running 0.10, using FileSystemNotebookRepo, and notes are stored on
HDFS.

Working perfectly with zeppelin 0.8.2...

Any clue why?
Thanks

Re: notebook search fails

2021-09-02 Thread Philipp Dallig 

Hi Lior,

I encountered the same problem in my test environment and at first I was 
not sure if I destroyed the LuceneSearch with the Lucene update during 
the following commit. 
(https://github.com/apache/zeppelin/commit/7288702a53d9c246bd6e7194e03e00f9b64fe61a)


While debugging the code, I found the configuration option 
ZEPPELIN_SEARCH_INDEX_REBUILD. The default value is false, so I changed 
it to true. Since I don't persist the LuceneIndex in my K8s cluster in 
the Zeppelin Server Pod, this option rebuilds the index on every startup.


Of course, rebuilding can take a long time and consumes resources during 
rebuilding, depending on how many notes you have.


I hope you can solve the problem like me.

Best regards
Philipp


Am 02.09.21 um 13:31 schrieb Lior Chaga:

Hi,
I'm facing the same issue as Axel reported in 
https://issues.apache.org/jira/browse/ZEPPELIN-5437 
 (but without the 
preceding NullPointerExceptions)


To be honest, when I first tried remote debug to understand why I 
don't see results, I managed to debug into the SearchService, to make 
sure it's not the NoSearchService implementation.

After restarting the pod, I got the exception:

/LuceneSearch.java[query]:135) - Failed to open index dir
MMapDirectory@/tmp/zeppelin-index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@5270/
/8e8d, make sure indexing finished OK/
/org.apache.lucene.index.IndexNotFoundException: no segments* file
found in MMapDirectory@/tmp/zeppelin-index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@52708e8d:
files: [write.lock]/


I'm running 0.10, using FileSystemNotebookRepo, and notes are stored 
on HDFS.


Working perfectly with zeppelin 0.8.2...

Any clue why?
Thanks

Re: notebook search fails

2021-09-02 Thread Lior Chaga 
Thanks Philipp!

On Thu, Sep 2, 2021, 15:55 Philipp Dallig  wrote:

> Hi Lior,
>
> I encountered the same problem in my test environment and at first I was
> not sure if I destroyed the LuceneSearch with the Lucene update during the
> following commit. (
> https://github.com/apache/zeppelin/commit/7288702a53d9c246bd6e7194e03e00f9b64fe61a
> )
>
> While debugging the code, I found the configuration option
> ZEPPELIN_SEARCH_INDEX_REBUILD. The default value is false, so I changed it
> to true. Since I don't persist the LuceneIndex in my K8s cluster in the
> Zeppelin Server Pod, this option rebuilds the index on every startup.
>
> Of course, rebuilding can take a long time and consumes resources during
> rebuilding, depending on how many notes you have.
>
> I hope you can solve the problem like me.
>
> Best regards
> Philipp
>
>
> Am 02.09.21 um 13:31 schrieb Lior Chaga:
>
> Hi,
> I'm facing the same issue as Axel reported in
> https://issues.apache.org/jira/browse/ZEPPELIN-5437 (but without the
> preceding NullPointerExceptions)
>
> To be honest, when I first tried remote debug to understand why I don't
> see results, I managed to debug into the SearchService, to make sure it's
> not the NoSearchService implementation.
> After restarting the pod, I got the exception:
>
> *LuceneSearch.java[query]:135) - Failed to open index dir
> MMapDirectory@/tmp/zeppelin-index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@5270*
> *8e8d, make sure indexing finished OK*
> *org.apache.lucene.index.IndexNotFoundException: no segments* file found
> in MMapDirectory@/tmp/zeppelin-index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@52708e8d: files:
> [write.lock]*
>
>
> I'm running 0.10, using FileSystemNotebookRepo, and notes are stored on
> HDFS.
>
> Working perfectly with zeppelin 0.8.2...
>
> Any clue why?
> Thanks
>
>

CVE-2019-10095: Apache Zeppelin: bash command injection in spark interpreter

2021-09-02 Thread Jeff Zhang 
Description:

bash command injection vulnerability in Apache Zeppelin allows an attacker to 
inject system commands into Spark interpreter settings.  This issue affects 
Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Credit:

Apache Zeppelin would like to thank HERE Security team for reporting this issue

CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass

2021-09-02 Thread Jeff Zhang 
Severity: critical

Description:

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to 
bypass Zeppelin authentication mechanism to act as another user.  This issue 
affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Credit:

Apache Zeppelin would like to thank David Woodhouse for reporting this issue

CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter

2021-09-02 Thread Jeff Zhang 
Description:

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin 
allows an attacker to inject malicious scripts.  This issue affects Apache 
Zeppelin Apache Zeppelin versions prior to 0.9.0.

Credit:

Apache Zeppelin would like to thank Paulo Pacheco for reporting this issue