[jira] [Commented] (SOLR-14286) Upgrade Jaegar to 1.1.0

Thu, 27 Feb 2020 04:50:28 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-14286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17046580#comment-17046580
 ] 

Jan Høydahl commented on SOLR-14286:
------------------------------------

Another PR I have failed gradle build now due to some of this: 
https://github.com/apache/lucene-solr/pull/1288/checks?check_run_id=472329702
{code}
> Task :solr:contrib:jaegertracer-configurator:collectJarInfos
3893
FAILURE: Build failed with an exception.
3894
> Task :solr:contrib:jaegertracer-configurator:validateJarChecksums FAILED
3895

3896

3897
* Where:
3898
Script 
'/home/runner/work/lucene-solr/lucene-solr/gradle/validation/jar-checks.gradle' 
line: 195
3899

3900
* What went wrong:
3901
Execution failed for task 
':solr:contrib:jaegertracer-configurator:validateJarChecksums'.
3902
> Dependency checksum validation failed:
3903
    - Dependency checksum missing ('io.jaegertracing:jaeger-core:0.35.5'), 
expected it at: 
/home/runner/work/lucene-solr/lucene-solr/solr/licenses/jaeger-core-0.35.5.jar.sha1
3904
    - Dependency checksum missing ('io.jaegertracing:jaeger-thrift:0.35.5'), 
expected it at: 
/home/runner/work/lucene-solr/lucene-solr/solr/licenses/jaeger-thrift-0.35.5.jar.sha1
3905
    - Dependency checksum missing ('org.apache.thrift:libthrift:0.12.0'), 
expected it at: 
/home/runner/work/lucene-solr/lucene-solr/solr/licenses/libthrift-0.12.0.jar.sha1
3906
{code}

Have not tried to reproduce - could it be that the GitHub checks just lags 
behind on its git checkout?

> Upgrade Jaegar to 1.1.0
> -----------------------
>
>                 Key: SOLR-14286
>                 URL: https://issues.apache.org/jira/browse/SOLR-14286
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Cao Manh Dat
>            Assignee: Cao Manh Dat
>            Priority: Major
>             Fix For: master (9.0), 8.5
>
>
> Rohit Singh pointed to me that we are using thrift 0.12.0 (in 
> JaegarTracer-Configurator module) which has several security issues. We 
> should upgrade to Jaegar 1.1.0 which compatible which the current version we 
> are using. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to