[GitHub] [pulsar-test-infra] mangoGoForward opened a new pull request, #74: feat: add action of check-pr-title to ensure PR title matches Naming Convention Guide

2022-09-22 Thread GitBox
mangoGoForward opened a new pull request, #74: URL: https://github.com/apache/pulsar-test-infra/pull/74 Signed-off-by: mango This PR add action of check-pr-title to ensure your PR title matches the Pulsar Pull Request Naming Convention Guide. And more test scenes, please see the man

[GitHub] [pulsar-test-infra] mangoGoForward closed pull request #74: feat: add action of check-pr-title to ensure PR title matches Naming Convention Guide

2022-09-22 Thread GitBox
mangoGoForward closed pull request #74: feat: add action of check-pr-title to ensure PR title matches Naming Convention Guide URL: https://github.com/apache/pulsar-test-infra/pull/74 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHu

[GitHub] [pulsar-test-infra] mangoGoForward opened a new pull request, #75: feat: add action of check-pr-title to ensure PR title matches Naming Convention Guide

2022-09-22 Thread GitBox
mangoGoForward opened a new pull request, #75: URL: https://github.com/apache/pulsar-test-infra/pull/75 Signed-off-by: mango [xu.weiky...@foxmail.com](mailto:xu.weiky...@foxmail.com) This PR add action of check-pr-title to ensure your PR title matches the Pulsar Pull Request Naming C

[GitHub] [pulsar-helm-chart] tisonkun opened a new issue, #290: Release Pulsar Helm Chart in GitHub Pages flavor

2022-09-22 Thread GitBox
tisonkun opened a new issue, #290: URL: https://github.com/apache/pulsar-helm-chart/issues/290 Currently, we host Pulsar Helm Chart's metadata (`index.yaml`) on https://pulsar.apache.org/charts/index.yaml. Users encountered an issue today (https://github.com/apache/pulsar/issues/17799) due

CVE-2022-24280: Apache Pulsar Proxy target broker address isn't validated

2022-09-22 Thread Lari Hotari
Severity: important Description: Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to op

CVE-2022-33681: Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

2022-09-22 Thread Michael Marshall
Severity: high Description: Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker

CVE-2022-33682: Apache Pulsar: Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack

2022-09-22 Thread Michael Marshall
Severity: high Description: TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulner

CVE-2022-33683: Apache Pulsar: Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack

2022-09-22 Thread Michael Marshall
Severity: high Description: Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are

Re: [DISCUSS] PIP-209: Separate C++/Python clients to own repositories

2022-09-22 Thread Matteo Merli
-- Matteo Merli On Tue, Sep 20, 2022 at 8:14 PM Michael Marshall wrote: > > Great proposal, thanks Matteo. > > I think I agree with splitting out the client into two repos. One > issue is that new C++ features will lag in the python client because > the C++ client will first need to be released.

[GitHub] [pulsar-helm-chart] tisonkun commented on issue #290: Release Pulsar Helm Chart in GitHub Pages flavor

2022-09-22 Thread GitBox
tisonkun commented on issue #290: URL: https://github.com/apache/pulsar-helm-chart/issues/290#issuecomment-1255725476 cc @lhotari @mattisonchao @yaalsn @ericsyh -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL

Re: BookieId is broken on 2.10+

2022-09-22 Thread mattison chao
Nice! Best, Mattison On Thu, 22 Sept 2022 at 11:21, Michael Marshall wrote: > Great catch, Enrico. I saw the returned `null` in > `BookieServiceInfoSerde#deserialize`, but I didn't know its impact. > > Thanks, > Michael > > On Wed, Sep 21, 2022 at 8:30 AM Haiting Jiang > wrote: > > > > Sure, I

[GitHub] [pulsar] shibd added a comment to the discussion: python pulsar-clinet create_reader causes "OperationNotSupported" exception

2022-09-22 Thread GitBox
GitHub user shibd added a comment to the discussion: python pulsar-clinet create_reader causes "OperationNotSupported" exception I will look at it. GitHub link: https://github.com/apache/pulsar/discussions/17800#discussioncomment-3713673 This is an automatically sent email for dev@pulsa

[GitHub] [pulsar-test-infra] mangoGoForward commented on pull request #75: feat: add action of check-pr-title to ensure PR title matches Naming Convention Guide

2022-09-22 Thread GitBox
mangoGoForward commented on PR #75: URL: https://github.com/apache/pulsar-test-infra/pull/75#issuecomment-1255744688 @maxsxu Please to a review when you have free time, thanks -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub an

[GitHub] [pulsar-helm-chart] michaeljmarshall commented on issue #290: Release Pulsar Helm Chart in GitHub Pages flavor

2022-09-22 Thread GitBox
michaeljmarshall commented on issue #290: URL: https://github.com/apache/pulsar-helm-chart/issues/290#issuecomment-1255748884 Thanks for your proposal @tisonkun. Here is a relevant mailing list discussion https://lists.apache.org/thread/2xmks3zzkh5cm4ghrqt4ys6zwh4c3gbj. I think we sh

[GitHub] [pulsar-helm-chart] ericsyh commented on issue #290: Release Pulsar Helm Chart in GitHub Pages flavor

2022-09-22 Thread GitBox
ericsyh commented on issue #290: URL: https://github.com/apache/pulsar-helm-chart/issues/290#issuecomment-1255750210 It makes sense to maintain the chart release in its own repo. If possible, I think ASF Infra can consider maintaining a https://github.com/helm/chartmuseum server and al

[GitHub] [pulsar-helm-chart] michaeljmarshall commented on issue #287: Error while executing prepare_helm_release.sh: tar: Error opening archive: Unrecognized archive format

2022-09-22 Thread GitBox
michaeljmarshall commented on issue #287: URL: https://github.com/apache/pulsar-helm-chart/issues/287#issuecomment-1255751004 @codelipenghui @wolfstudy @zymap - looks like the Helm Chart script `scripts/pulsar/prepare_helm_release.sh ` depends on `pulsarctl`, and the current one is an old

[GitHub] [pulsar] michaeljmarshall added a comment to the discussion: python pulsar-clinet create_reader causes "OperationNotSupported" exception

2022-09-22 Thread GitBox
GitHub user michaeljmarshall added a comment to the discussion: python pulsar-clinet create_reader causes "OperationNotSupported" exception @kyky19831214 - would you consider editing your question so that it has text instead of screen shots? Text is much easier to find when searching for resul

[GitHub] [pulsar] tisonkun edited a discussion: Lightweight Documentation Translation Solution

2022-09-22 Thread GitBox
GitHub user tisonkun edited a discussion: Lightweight Documentation Translation Solution ## Motivation Three years ago we created the [pulsar-translation](https://github.com/apache/pulsar-translation) repository to try to handle documentation translation with Crowdin. However, after three y

[DISCUSS] Archive Crowdin based translation initiative

2022-09-22 Thread tison
Hi, I start a discussion "Lightweight Documentation Translation Solution" which is effectively "archive Crowdin based translation initiative" on GitHub Discussion forum[1] and also post the link here for more visibility. Best, tison. [1] https://github.com/apache/pulsar/discussions/17810

Re: [DISCUSS] Archive Crowdin based translation initiative

2022-09-22 Thread Dave Fisher
+1. English only. We need to have multiple volunteers for each language. And we need someone to assure the framework is functional. This should be consider a call to action to those who want translations! Change my mind! Best, Dave Sent from my iPhone > On Sep 22, 2022, at 8:35 PM, tison wr

[GitHub] [pulsar] raunakagrawal47 added a comment to the discussion: Need max redelivery count at message level.

2022-09-22 Thread GitBox
GitHub user raunakagrawal47 added a comment to the discussion: Need max redelivery count at message level. Do we need to acknowledge the current message everytime before we send a new message to the retry queue, using reconsumelater()? Else, how will current message get acked and removed from

[GitHub] [pulsar] tisonkun edited a discussion: Lightweight Documentation Translation Solution

2022-09-22 Thread GitBox
GitHub user tisonkun edited a discussion: Lightweight Documentation Translation Solution ## Motivation Three years ago we created the [pulsar-translation](https://github.com/apache/pulsar-translation) repository to try to handle documentation translation with Crowdin. However, after three y