Changes default version to 2.0.0-alpha1 and fixes CVE-2020-36518 #478
Conversation
opensearch-trigger-bot
bot
added
backport 1.x
infra
|
Since this PR is editing the workflow, want to remove JDK 14 from test matrix per #479 as well? |
Removed :) |
| opensearch_version = System.getProperty("opensearch.version", "2.0.0-SNAPSHOT") | ||
| // 1.2.0 -> 1.2.0.0, and 1.2.0-SNAPSHOT -> 1.2.0.0-SNAPSHOT | ||
| opensearch_build = opensearch_version.replaceAll(/(\.\d)([^\d]*)$/, '$1.0$2') | ||
| opensearch_version = System.getProperty("opensearch.version", "2.0.0-alpha1-SNAPSHOT") |
There was a problem hiding this comment.
Infra team fixed this part, you can refer to this PR https://github.com/opensearch-project/ml-commons/pull/262/files
| opensearch_version = System.getProperty("opensearch.version", "2.0.0-SNAPSHOT") | ||
| // 1.2.0 -> 1.2.0.0, and 1.2.0-SNAPSHOT -> 1.2.0.0-SNAPSHOT | ||
| opensearch_build = opensearch_version.replaceAll(/(\.\d)([^\d]*)$/, '$1.0$2') | ||
| opensearch_version = System.getProperty("opensearch.version", "2.0.0-alpha1-SNAPSHOT") |
There was a problem hiding this comment.
Infra team fixed this part, you can refer to this PR https://github.com/opensearch-project/ml-commons/pull/262/files
There was a problem hiding this comment.
Changed it to be the same as ml-commons
There was a problem hiding this comment.
Thanks, btw, make sure the built AD artifact name is opensearch-anomaly-detection-2.0.0.0-alpha1-SNAPSHOT. I see line 633
version = "${project.version}" - "-SNAPSHOT"
Not sure what project.version is
There was a problem hiding this comment.
It actually gives a zip of opensearch-anomaly-detection-2.0.0.0-SNAPSHOT. Same case for ml-commons built zip (just tried on latest code) -> will investigate this, changing line 633 seems to have no effect
There was a problem hiding this comment.
oh,I guess infra team's fix break this part for ml-commons, will take a look
There was a problem hiding this comment.
For ml-commons, this one can generate artifact with alpha1, ./gradlew clean;./gradlew build -Dbuild.version_qualifier=alpha1. But artifact generated by ./gradlew build has no alpha1 in name even we set opensearch_version = System.getProperty("opensearch.version", "2.0.0-alpha1-SNAPSHOT"). @peterzhuamazon is this what we expected?
There was a problem hiding this comment.
From @peterzhuamazon , we are going to move to rc1 soon. So just keep this code, we can change to rc1 later.
Codecov Report
@@ Coverage Diff @@
## main #478 +/- ##
============================================
- Coverage 78.14% 77.95% -0.20%
+ Complexity 4159 4147 -12
============================================
Files 296 296
Lines 17659 17652 -7
Branches 1879 1877 -2
============================================
- Hits 13800 13760 -40
- Misses 2964 2999 +35
+ Partials 895 893 -2
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Signed-off-by: Amit Galitzky <[email protected]>
Signed-off-by: Amit Galitzky <[email protected]>
Signed-off-by: Amit Galitzky <[email protected]>
Signed-off-by: Amit Galitzky <[email protected]>
Signed-off-by: Amit Galitzky <[email protected]>
Signed-off-by: Amit Galitzky <[email protected]>
Signed-off-by: Amit Galitzky <[email protected]>
amitgalitz
force-pushed
the
alpha1-abstractAD-fixes
branch
from
6cb6d3d
to
6129713
Compare
aksingh-es
removed
the
infra
Description
Changes in this PR:
Jackson databind 2.13.2.2fixes this issue CVE-2020-36518 (High) detected in jackson-databind-2.12.6.jar #436Issues Resolved
resolves #436
resolves #479
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.