-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Vulnerability in elasticsearch 7.17.13 CVE [HZ-3988] [5.3.z] #26131
Conversation
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] -------------------------- [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce (enforce-tools) on project hazelcast-distribution: -------------------------- [ERROR] Rule 2: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message: -------------------------- [ERROR] Failed while enforcing releasability. See above detailed error message. -------------------------- [ERROR] -> [Help 1] -------------------------- [ERROR] -------------------------- [ERROR] Re-run Maven using the -X switch to enable full debug logging. -------------------------- [ERROR] -------------------------- [ERROR] For more information about the errors and possible solutions, please read the following articles: -------------------------- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -------------------------- [ERROR] -------------------------- [ERROR] After correcting the problems, you can resume the build with the command -------------------------- [ERROR] mvn -rf :hazelcast-distribution -------------------------- |
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] -------------------------- [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce (enforce-tools) on project hazelcast-distribution: -------------------------- [ERROR] Rule 2: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message: -------------------------- [ERROR] Failed while enforcing releasability. See above detailed error message. -------------------------- [ERROR] -> [Help 1] -------------------------- [ERROR] -------------------------- [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. -------------------------- [ERROR] Re-run Maven using the -X switch to enable full debug logging. -------------------------- [ERROR] -------------------------- [ERROR] For more information about the errors and possible solutions, please read the following articles: -------------------------- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -------------------------- [ERROR] -------------------------- [ERROR] After correcting the problems, you can resume the build with the command -------------------------- [ERROR] mvn -rf :hazelcast-distribution -------------------------- |
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] -------------------------- [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce (enforce-tools) on project hazelcast-distribution: -------------------------- [ERROR] Rule 2: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message: -------------------------- [ERROR] Failed while enforcing releasability. See above detailed error message. -------------------------- [ERROR] -> [Help 1] -------------------------- [ERROR] -------------------------- [ERROR] Re-run Maven using the -X switch to enable full debug logging. -------------------------- [ERROR] -------------------------- [ERROR] For more information about the errors and possible solutions, please read the following articles: -------------------------- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -------------------------- [ERROR] -------------------------- [ERROR] After correcting the problems, you can resume the build with the command -------------------------- [ERROR] mvn -rf :hazelcast-distribution -------------------------- |
run-lab-run |
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] -------------------------- [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce (enforce-tools) on project hazelcast-distribution: -------------------------- [ERROR] Rule 2: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message: -------------------------- [ERROR] Failed while enforcing releasability. See above detailed error message. -------------------------- [ERROR] -> [Help 1] -------------------------- [ERROR] -------------------------- [ERROR] Re-run Maven using the -X switch to enable full debug logging. -------------------------- [ERROR] -------------------------- [ERROR] For more information about the errors and possible solutions, please read the following articles: -------------------------- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -------------------------- [ERROR] -------------------------- [ERROR] After correcting the problems, you can resume the build with the command -------------------------- [ERROR] mvn -rf :hazelcast-distribution -------------------------- |
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] Surefire is going to kill self fork JVM. The exit has elapsed 30 seconds after System.exit(0). -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] Tests run: 28, Failures: 1, Errors: 0, Skipped: 1, Time elapsed: 117.598 s <<< FAILURE! - in com.hazelcast.jet.kafka.impl.StreamKafkaPTest -------------------------- [ERROR] com.hazelcast.jet.kafka.impl.StreamKafkaPTest.when_processingGuaranteeNoneWithConsumerGroup_then_continueFromLastReadMessageAfterJobRestart Time elapsed: 14.623 s <<< FAILURE! -------------------------- [ERROR] Failures: -------------------------- [ERROR] StreamKafkaPTest.when_processingGuaranteeNoneWithConsumerGroup_then_continueFromLastReadMessageAfterJobRestart:265->testWithJobRestart:347->HazelcastTestSupport.assertTrueEventually:1304->HazelcastTestSupport.assertTrueEventually:1285->lambda$testWithJobRestart$4:347 expected:<200> but was:<198> -------------------------- [ERROR] Tests run: 51, Failures: 1, Errors: 0, Skipped: 1 -------------------------- [ERROR] There are test failures. -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- -------------------------- -------TEST FAILURE------- -------------------------- [INFO] Results: [INFO] [ERROR] Failures: [ERROR] StreamKafkaPTest.when_processingGuaranteeNoneWithConsumerGroup_then_continueFromLastReadMessageAfterJobRestart:265->testWithJobRestart:347->HazelcastTestSupport.assertTrueEventually:1304->HazelcastTestSupport.assertTrueEventually:1285->lambda$testWithJobRestart$4:347 expected:<200> but was:<198> [INFO] [ERROR] Tests run: 51, Failures: 1, Errors: 0, Skipped: 1 [INFO] |
run-lab-run |
Upgrade elastic client to 7.17.15.
Use Log4j BOM because of Dependency convergence error coming from new elastic client
Fixes : #26117
See : https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
In the
HZ 5.4 is using 7.17.15. So I have upgraded 5.3.x to 7.17.15
Checklist:
Team:
,Type:
,Source:
,Module:
) and Milestone setAdd to Release Notes
label if changes should be mentioned in release notes orNot Release Notes content
if changes are not relevant for release notes