Apache Ignite 2.8 RELEASE [Time, Scope, Manager]

>
>
> Agree with Nikolay, -1 from me, too.
>
> >Hello, Igniters.
> >
> >I’m -1 to include the read-only patch to 2.8.
> >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> blockers and major issues.
> >
> >Guys, we don’t release Apache Ignite for 13 months!
> >We should focus on the release and make it ASAP.
> >
> >We can’t extend the scope anymore.
> >
> >> 10 янв. 2020 г., в 04:29, Sergey Antonov < [hidden email] >
> написал(а):
> >>
> >> Hello, Maxim!
> >>
> >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> >> changed.
> >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> >> presented. Changes in product code are minimal - only 30 changed files
> in
> >> /src/main/ part. And most of them are new control.sh commands and
> >> configuration.
> >>
> >>> Do we have customer requests for this feature or maybe users who are
> >> waiting for exactly that ENUM values exactly in 2.8 release (not the
> 2.8.1
> >> for instance)?
> >> Can we introduce in new features in maintanance release (2.8.1)? Cluster
> >> read-only mode will be new feature, if we remove IgniteCluster#readOnly
> in
> >> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
> >> move ticket [1] to 2.8.1 release.
> >>
> >>> Do we have extended test results report (on just only TC.Bot green
> visa)
> >> on this feature to be sure that we will not add any blocker issues to
> the
> >> release?
> >> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
> >> release branch.
> >>
> >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> >>
> >>
> >>
> >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < [hidden email] >:
> >>
> >>> Folks,
> >>>
> >>>
> >>> Let me remind you that we are working on the 2.8 release branch
> >>> stabilization currently (please, keep it in mind).
> >>>
> >>>
> >>> Do we have a really STRONG reason for adding such a change [1] to the
> >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> >>> −2,038, 111 files changed.
> >>> Do we have customer requests for this feature or maybe users who are
> >>> waiting for exactly that ENUM values exactly in 2.8 release (not the
> >>> 2.8.1 for instance)?
> >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> >>> backward compatibility issues between 2.8 and 2.9 releases?
> >>> Do we have extended test results report (on just only TC.Bot green
> >>> visa) on this feature to be sure that we will not add any blocker
> >>> issues to the release? For instance, on pre-production environment.
> >>>
> >>> I'd like to notice that we also have more than enough the release
> >>> blocker issues [3] which are still `in progress` and such a release
> >>> run becomes endless. Such changes without strong reasons looks too
> >>> scary for me a special after scope and code freeze dates.
> >>>
> >>> Please, dispel my doubts.
> >>>
> >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> >>> [2]  https://github.com/apache/ignite/pull/7194
> >>> [3]
> >>>
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> )
> >>>
> >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev < [hidden email]
> >
> >>> wrote:
> >>>>
> >>>> +1
> >>>>
> >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> [hidden email] >:
> >>>>
> >>>>> +1
> >>>>>
> >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
> >>> will be
> >>>>> at 13 Jan
> >>>>>
> >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < [hidden email] >:
> >>>>>
> >>>>>> +1
> >>>>>>
> >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < [hidden email] >:
> >>>>>>>
> >>>>>>> Maxim M. and anyone who is interested,
> >>>>>>>
> >>>>>>> I suggest to include this fix to 2.8 release:
> >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> >>>>>>> Basically, it's a result of the following discussion:
> >>>>>>>
> >>>>>>
> >>>>>
> >>>
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> >>>>>>>
> >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
> >>> work
> >>>>> with
> >>>>>>> boolean are replaced with ones that work with enum.
> >>>>>>> If we include it, we won't be obliged to keep deprecated boolean
> >>>>> version
> >>>>>> of
> >>>>>>> API in the code (which is currently present in 2.8 branch) as it
> >>> wasn't
> >>>>>>> published in any release.
> >>>>>>>
> >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> >>>>>>  [hidden email] >
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> Hello!
> >>>>>>>>
> >>>>>>>> I have ran dependency checker plugin and quote the following:
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-urideploy:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-spring:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-spring-data:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-aop:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-visor-console:
> >>>>>>>>
> >>>>>>>> spring-core-4.3.18.RELEASE.jar
> >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> >>>>>>>>
> >>>>>>
> >>>
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> >>>>> :
> >>>>>>>> CVE-2018-15756
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-spring-data_2.0:
> >>>>>>>>
> >>>>>>>> spring-core-5.0.8.RELEASE.jar
> >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> >>>>>>>>
> >>>>>>
> >>>
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-15756
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-rest-http:
> >>>>>>>>
> >>>>>>>> jetty-server-9.4.11.v20180605.jar
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> >>>>>>>> jackson-databind-2.9.6.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-kubernetes:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-aws:
> >>>>>>>>
> >>>>>>>> jackson-databind-2.9.6.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> >>>>> CVE-2015-6644,
> >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> >>>>> CVE-2016-1000341,
> >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> >>>>> CVE-2016-1000345,
> >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> >>> CVE-2017-13098,
> >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-gce:
> >>>>>>>>
> >>>>>>>> httpclient-4.0.1.jar
> >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> >>>>>>>> CVE-2014-3577, CVE-2015-5262
> >>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-cloud:
> >>>>>>>>
> >>>>>>>> openstack-keystone-2.0.0.jar
> >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> >>> CVE-2013-2014,
> >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> >>>>>> CVE-2014-3520,
> >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> >>>>>> CVE-2018-20170
> >>>>>>>> cloudstack-2.0.0.jar
> >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> >>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> >>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> >>>>>>>> CVE-2019-5736
> >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> >>> ,
> >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> >>>>>>>> CVE-2019-16884, CVE-2019-5736
> >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> >>>>> CVE-2015-6644,
> >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> >>> CVE-2016-1000341,
> >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> >>>>> CVE-2016-1000345,
> >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> >>> CVE-2018-1000613
> >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-mesos:
> >>>>>>>>
> >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> >>>>>>>> jetty-server-9.4.11.v20180605.jar
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> >>>>>>>> jackson-databind-2.9.6.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-kafka:
> >>>>>>>>
> >>>>>>>> kafka-clients-2.0.1.jar
> >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> >>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >>>>>>>> connect-api-2.0.1.jar
> >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-flume:
> >>>>>>>>
> >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> jackson-core-asl-1.8.8.jar
> >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> >>> CVE-2017-15095,
> >>>>>>>> CVE-2017-17485, CVE-2017-7525
> >>>>>>>> jackson-mapper-asl-1.8.8.jar
> >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> >>>>>>>> CVE-2019-16335, CVE-2019-17267
> >>>>>>>> commons-collections-3.2.1.jar
> >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> >>>>>> CVE-2015-6420,
> >>>>>>>> CVE-2017-15708, Remote code execution
> >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/[hidden email],
> >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> >>>>>> CVE-2019-16869,
> >>>>>>>> POODLE vulnerability in SSLv3.0 support
> >>>>>>>> servlet-api-2.5-20110124.jar
> >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> >>>>>> CVE-2005-3747,
> >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> >>>>>> CVE-2009-5049,
> >>>>>>>> CVE-2011-4461
> >>>>>>>> jetty-util-6.1.26.jar
> >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> >>>>> ,
> >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> >>> CVE-2009-1523,
> >>>>>>>> CVE-2011-4461
> >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> >>> CVE-2009-1523,
> >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> >>>>>> CVE-2017-9735,
> >>>>>>>> CVE-2019-10241, CVE-2019-10247
> >>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> >>> :
> >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> >>>>>>>> httpclient-4.1.3.jar
> >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> >>>>>>>> CVE-2015-5262
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-twitter:
> >>>>>>>>
> >>>>>>>> httpclient-4.2.5.jar
> >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> >>>>>>>> CVE-2015-5262
> >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-zookeeper:
> >>>>>>>>
> >>>>>>>> jackson-databind-2.9.8.jar
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> >>>>>> CVE-2019-12086,
> >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> >>>>>>>> CVE-2019-17267, CVE-2019-17531
> >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> jackson-mapper-asl-1.9.13.jar
> >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> >>>>>>>> netty-all-4.1.29.Final.jar
> >>> (pkg:maven/io.netty/[hidden email]
> >>>>> ,
> >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-camel:
> >>>>>>>>
> >>>>>>>> camel-core-2.22.0.jar
> >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> >>>>>>>> CVE-2019-0188, CVE-2019-0194
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> >>>>>>>> CVE-2019-0188, CVE-2019-0194
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-storm:
> >>>>>>>>
> >>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
> >>> ,
> >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >>>>> CVE-2019-10247
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> >>>>>>>> CVE-2015-5262
> >>>>>>>>
> >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> >>>>>>>> (pkg:maven/io.netty/[hidden email],
> >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> >>>>>> CVE-2014-3488,
> >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> >>>>> support
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >>>>> CVE-2011-4461,
> >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> >>>>>> CVE-2019-10241,
> >>>>>>>> CVE-2019-10247
> >>>>>>>>
> >>>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> >>>>> CVE-2011-4461,
> >>>>>>>> CVE-2019-10247
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> >>>>>> CVE-2016-1000031
> >>>>>>>>
> >>>>>>
> >>>
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> >>>>>> CVE-2017-15713,
> >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> >>>>>> CVE-2018-1296,
> >>>>>>>> CVE-2018-8009, CVE-2018-8029
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-cassandra-store:
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-cassandra-serializers:
> >>>>>>>>
> >>>>>>>> commons-beanutils-1.9.2.jar
> >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> >>>>>> CVE-2019-10086
> >>>>>>>> commons-collections-3.2.1.jar
> >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> >>>>>> CVE-2015-6420,
> >>>>>>>> CVE-2017-15708, Remote code execution
> >>>>>>>> spring-core-4.3.18.RELEASE.jar
> >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> >>>>>>>>
> >>>>>>
> >>>
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> >>>>>>>>
> >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> >>>>> :
> >>>>>>>> CVE-2018-15756
> >>>>>>>> netty-transport-4.1.27.Final.jar
> >>>>>>>> (pkg:maven/io.netty/[hidden email],
> >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-flink:
> >>>>>>>>
> >>>>>>>> flink-hadoop-fs-1.5.0.jar
> >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> >>>>>>>> ,
> >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> >>>>>>>> CVE-2017-3161, CVE-2017-3162
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> >>>>>>>> (pkg:maven/io.netty/[hidden email],
> >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> >>>>>> CVE-2016-4970,
> >>>>>>>> CVE-2019-16869
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> >>>>>> CVE-2017-15095,
> >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> >>>>>>>> CVE-2019-17267, CVE-2019-17531
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> >>>>>>>>
> >>>>>>>> One or more dependencies were identified with known
> >>> vulnerabilities
> >>>>> in
> >>>>>>>> ignite-rocketmq:
> >>>>>>>>
> >>>>>>>> netty-all-4.0.42.Final.jar
> >>> (pkg:maven/io.netty/[hidden email]
> >>>>> ,
> >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> >>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> >>> ,
> >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> >>>>>> CVE-2006-7196,
> >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> >>>>>> CVE-2012-5568,
> >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> >>>>>> CVE-2013-4590,
> >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> >>>>>> CVE-2014-0119,
> >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> >>>>>>>>
> >>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
> >>>>>> releases
> >>>>>>>> of Spring. I think we can bump most of that.
> >>>>>>>>
> >>>>>>>> Some integrations also clearly suffer, through it's a problem of
> >>>>> their
> >>>>>>>> users, since they need to declare their own libraries' versions
> >>> by
> >>>>>>>> convention.
> >>>>>>>>
> >>>>>>>> Regards,
> >>>>>>>> --
> >>>>>>>> Ilya Kasnacheev
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < [hidden email] >:
> >>>>>>>>
> >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> >>> let's
> >>>>>> update
> >>>>>>>>> the versions of the dependencies to the latest.
> >>>>>>>>>
> >>>>>>>>> -
> >>>>>>>>> Denis
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> >>>>>>>>>  [hidden email] >
> >>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>> Hello!
> >>>>>>>>>>
> >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> >>>>>>>>>>
> >>>>>>>>>> By bumping versisons I mean the following:
> >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> >>>>>>>>>>
> >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> >>>>>>>> <!--
> >>>>>>>>>> don't forget to update spring version -->
> >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> >>>>> don't
> >>>>>>>>> forget
> >>>>>>>>>> to update spring-data version -->
> >>>>>>>>>>
> >>>>>>>>>
> >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> >>>>>>>>>>
> >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> >>>>>>>>> don't
> >>>>>>>>>> forget to update spring-data-2.0 version -->
> >>>>>>>>>>
> >>>>>>>>>> All these libraries have maintenance release (such as our
> >>>>> 2.7.*6*)
> >>>>>> and
> >>>>>>>> I
> >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> >>> to the
> >>>>>>>> latest
> >>>>>>>>>> maintenance version found in Maven Central.
> >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> >>>>>>>>>>
> >>>>>>>>>> Regards,
> >>>>>>>>>> --
> >>>>>>>>>> Ilya Kasnacheev
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda < [hidden email]
> >>>> :
> >>>>>>>>>>
> >>>>>>>>>>> A huge +1 for adding Spring Data related
> >>> fixes/improvements.
> >>>>>> Ilya is
> >>>>>>>>>> right
> >>>>>>>>>>> that Spring Data related questions sparked last time due to
> >>>>>> missing
> >>>>>>>>>> support
> >>>>>>>>>>> of 2.2 version.
> >>>>>>>>>>>
> >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> >>> the
> >>>>>>>>> versions"?
> >>>>>>>>>> Do
> >>>>>>>>>>> you suggest performing a straightforward upgrade of
> >>>>>>>>> "ignite-spring-data"
> >>>>>>>>>> to
> >>>>>>>>>>> version 2.2 and introducing
> >>> "ignite-spring-data-{old-version"}
> >>>>>> for
> >>>>>>>> the
> >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> >>> proposal.
> >>>>>>>>>>>
> >>>>>>>>>>> -
> >>>>>>>>>>> Denis
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> >>>>>>>>>>  [hidden email]
> >>>>>>>>>>>>
> >>>>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Hello!
> >>>>>>>>>>>>
> >>>>>>>>>>>> I propose to add the following ticket to the scope:
> >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> >>>>>> commits, be
> >>>>>>>>>>> careful
> >>>>>>>>>>>> with release version)
> >>>>>>>>>>>>
> >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> >>> will
> >>>>>> provide
> >>>>>>>>> the
> >>>>>>>>>>>> following considerations:
> >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> >>> currently do
> >>>>>> not
> >>>>>>>>> have,
> >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> >>> and
> >>>>>> mailing
> >>>>>>>>>> list.
> >>>>>>>>>>>> Spring Data is important to our public image since many
> >>>>> people
> >>>>>> may
> >>>>>>>>>> learn
> >>>>>>>>>>>> about out project by starting with Spring Data.
> >>>>>>>>>>>>
> >>>>>>>>>>>> * It has zero code impact outside of its own module
> >>> (just 2
> >>>>> POM
> >>>>>>>> file
> >>>>>>>>>>>> touched and that's all).
> >>>>>>>>>>>>
> >>>>>>>>>>>> * The core was ready since early November but, due to
> >>> gmail
> >>>>>> quirk,
> >>>>>>>> we
> >>>>>>>>>> did
> >>>>>>>>>>>> not react to it in time.
> >>>>>>>>>>>>
> >>>>>>>>>>>> WDYT?
> >>>>>>>>>>>>
> >>>>>>>>>>>> Another semi-related question. *Should we bump our
> >>>>>> dependencies'
> >>>>>>>>>> versions
> >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> >>>>> hibernate
> >>>>>>>>>>>> dependencies. We could switch them to their latest
> >>>>> maintenance
> >>>>>>>>> versions
> >>>>>>>>>>> to
> >>>>>>>>>>>> avoid shipping default links to outdated packages.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I think this is one of things that are very hard to do
> >>>>> between
> >>>>>>>>>> releases,
> >>>>>>>>>>> so
> >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> >>>>> formal
> >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> >>>>> these
> >>>>>>>>> version
> >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Regards,
> >>>>>>>>>>>> --
> >>>>>>>>>>>> Ilya Kasnacheev
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> >>>>>>>>>>> < [hidden email]
> >>>>>>>>>>>>> :
> >>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> >>>>> 2.7.6,
> >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> >>> Xeon
> >>>>>> X5570
> >>>>>>>>> 96Gb
> >>>>>>>>>>>> 512GB
> >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> cacheMode — partitioned
> >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> >>>>>>>>>>>>> 1 backup
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> >>> disabled.
> >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> [1]
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>
> >>>
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> do we need some bisect or other work here ?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> ------- Forwarded message -------
> >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
> >>>>>>>>>>>>>> To:  [hidden email]
> >>>>>>>>>>>>>> Cc:
> >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> >>> Manager]
> >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Igniters,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> It's almost a year has passed since the last major
> >>> Apache
> >>>>>> Ignite
> >>>>>>>>> 2.7
> >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> >>> performance
> >>>>>>>>>> improvements
> >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> >>>>>> release
> >>>>>>>>> date.
> >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> >>>>> point
> >>>>>>>> since
> >>>>>>>>>> the
> >>>>>>>>>>>>>> last major release:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Service Grid,
> >>>>>>>>>>>>>> Monitoring,
> >>>>>>>>>>>>>> Recovery Read
> >>>>>>>>>>>>>> BLT auto-adjust,
> >>>>>>>>>>>>>> PDS compression,
> >>>>>>>>>>>>>> WAL page compression,
> >>>>>>>>>>>>>> Thin client: best effort affinity,
> >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> >>>>>>>>>>>>>> SQL query history
> >>>>>>>>>>>>>> SQL statistics
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> >>>>>> branch
> >>>>>>>>>> anymore
> >>>>>>>>>>>>>> and prepare the next major release by the end of the
> >>> year.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> >>>>>> release
> >>>>>>>> and
> >>>>>>>>>> also
> >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> >>> the
> >>>>>>>> planning
> >>>>>>>>>>>>>> release.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> >>>>>>>>>>>>>> Voting Date: December 10, 2019
> >>>>>>>>>>>>>> Release Date: December 17, 2019
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> WDYT?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Best regards,
> >>>>>> Ivan Pavlukhin
> >>>>>>
> >>>>>
> >>>
> >>
> >>
> >> --
> >> BR, Sergey Antonov
> >
>
>
>
>

>
> Guys,
>
> There is also an issue with cluster activation by thin clients. This
> feature (.NET thin client API change and protocol change) was added by [1]
> without any discussion on dev-list. Sergey's patch [2] deprecate methods
> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't do
> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
> should not forget about thin client changes, since it will be strange if we
> introduce some methods to thin client API and protocol and in the same
> Ignite version deprecate these methods for servers and thick clients.
>
> [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> [2]: https://issues.apache.org/jira/browse/IGNITE-12225
>
>
> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky <[hidden email]
> >:
>
> >
> >
> > Agree with Nikolay, -1 from me, too.
> >
> > >Hello, Igniters.
> > >
> > >I’m -1 to include the read-only patch to 2.8.
> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > blockers and major issues.
> > >
> > >Guys, we don’t release Apache Ignite for 13 months!
> > >We should focus on the release and make it ASAP.
> > >
> > >We can’t extend the scope anymore.
> > >
> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov < [hidden email] >
> > написал(а):
> > >>
> > >> Hello, Maxim!
> > >>
> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > >> changed.
> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> > >> presented. Changes in product code are minimal - only 30 changed files
> > in
> > >> /src/main/ part. And most of them are new control.sh commands and
> > >> configuration.
> > >>
> > >>> Do we have customer requests for this feature or maybe users who are
> > >> waiting for exactly that ENUM values exactly in 2.8 release (not the
> > 2.8.1
> > >> for instance)?
> > >> Can we introduce in new features in maintanance release (2.8.1)? Cluster
> > >> read-only mode will be new feature, if we remove IgniteCluster#readOnly
> > in
> > >> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
> > >> move ticket [1] to 2.8.1 release.
> > >>
> > >>> Do we have extended test results report (on just only TC.Bot green
> > visa)
> > >> on this feature to be sure that we will not add any blocker issues to
> > the
> > >> release?
> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
> > >> release branch.
> > >>
> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>
> > >>
> > >>
> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < [hidden email] >:
> > >>
> > >>> Folks,
> > >>>
> > >>>
> > >>> Let me remind you that we are working on the 2.8 release branch
> > >>> stabilization currently (please, keep it in mind).
> > >>>
> > >>>
> > >>> Do we have a really STRONG reason for adding such a change [1] to the
> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > >>> −2,038, 111 files changed.
> > >>> Do we have customer requests for this feature or maybe users who are
> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not the
> > >>> 2.8.1 for instance)?
> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > >>> Do we have extended test results report (on just only TC.Bot green
> > >>> visa) on this feature to be sure that we will not add any blocker
> > >>> issues to the release? For instance, on pre-production environment.
> > >>>
> > >>> I'd like to notice that we also have more than enough the release
> > >>> blocker issues [3] which are still `in progress` and such a release
> > >>> run becomes endless. Such changes without strong reasons looks too
> > >>> scary for me a special after scope and code freeze dates.
> > >>>
> > >>> Please, dispel my doubts.
> > >>>
> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>> [2]  https://github.com/apache/ignite/pull/7194
> > >>> [3]
> > >>>
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > )
> > >>>
> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev < [hidden email]
> > >
> > >>> wrote:
> > >>>>
> > >>>> +1
> > >>>>
> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > [hidden email] >:
> > >>>>
> > >>>>> +1
> > >>>>>
> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
> > >>> will be
> > >>>>> at 13 Jan
> > >>>>>
> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < [hidden email] >:
> > >>>>>
> > >>>>>> +1
> > >>>>>>
> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < [hidden email] >:
> > >>>>>>>
> > >>>>>>> Maxim M. and anyone who is interested,
> > >>>>>>>
> > >>>>>>> I suggest to include this fix to 2.8 release:
> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > >>>>>>> Basically, it's a result of the following discussion:
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > >>>>>>>
> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
> > >>> work
> > >>>>> with
> > >>>>>>> boolean are replaced with ones that work with enum.
> > >>>>>>> If we include it, we won't be obliged to keep deprecated boolean
> > >>>>> version
> > >>>>>> of
> > >>>>>>> API in the code (which is currently present in 2.8 branch) as it
> > >>> wasn't
> > >>>>>>> published in any release.
> > >>>>>>>
> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > >>>>>>  [hidden email] >
> > >>>>>>> wrote:
> > >>>>>>>
> > >>>>>>>> Hello!
> > >>>>>>>>
> > >>>>>>>> I have ran dependency checker plugin and quote the following:
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-urideploy:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-spring:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-spring-data:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-aop:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-visor-console:
> > >>>>>>>>
> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > >>>>>>>>
> > >>>>>>
> > >>>
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > >>>>> :
> > >>>>>>>> CVE-2018-15756
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-spring-data_2.0:
> > >>>>>>>>
> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > >>>>>>>>
> > >>>>>>
> > >>>
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-15756
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-rest-http:
> > >>>>>>>>
> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > >>>>>>>> jackson-databind-2.9.6.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-kubernetes:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-aws:
> > >>>>>>>>
> > >>>>>>>> jackson-databind-2.9.6.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > >>>>> CVE-2015-6644,
> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > >>>>> CVE-2016-1000341,
> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > >>>>> CVE-2016-1000345,
> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > >>> CVE-2017-13098,
> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-gce:
> > >>>>>>>>
> > >>>>>>>> httpclient-4.0.1.jar
> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > >>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-cloud:
> > >>>>>>>>
> > >>>>>>>> openstack-keystone-2.0.0.jar
> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > >>> CVE-2013-2014,
> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > >>>>>> CVE-2014-3520,
> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > >>>>>> CVE-2018-20170
> > >>>>>>>> cloudstack-2.0.0.jar
> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > >>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > >>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
> > >>>>>>>> CVE-2019-5736
> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > >>> ,
> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > >>>>> CVE-2015-6644,
> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > >>> CVE-2016-1000341,
> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > >>>>> CVE-2016-1000345,
> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > >>> CVE-2018-1000613
> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-mesos:
> > >>>>>>>>
> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > >>>>>>>> jackson-databind-2.9.6.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-kafka:
> > >>>>>>>>
> > >>>>>>>> kafka-clients-2.0.1.jar
> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > >>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >>>>>>>> connect-api-2.0.1.jar
> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-flume:
> > >>>>>>>>
> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> jackson-core-asl-1.8.8.jar
> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > >>> CVE-2017-15095,
> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > >>>>>>>> commons-collections-3.2.1.jar
> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2015-6420,
> > >>>>>>>> CVE-2017-15708, Remote code execution
> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/[hidden email],
> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > >>>>>> CVE-2019-16869,
> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > >>>>>>>> servlet-api-2.5-20110124.jar
> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2005-3747,
> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > >>>>>> CVE-2009-5049,
> > >>>>>>>> CVE-2011-4461
> > >>>>>>>> jetty-util-6.1.26.jar
> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > >>>>> ,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > >>> CVE-2009-1523,
> > >>>>>>>> CVE-2011-4461
> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > >>> CVE-2009-1523,
> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > >>>>>> CVE-2017-9735,
> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > >>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > >>> :
> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > >>>>>>>> httpclient-4.1.3.jar
> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > >>>>>>>> CVE-2015-5262
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-twitter:
> > >>>>>>>>
> > >>>>>>>> httpclient-4.2.5.jar
> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
> > >>>>>>>> CVE-2015-5262
> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-zookeeper:
> > >>>>>>>>
> > >>>>>>>> jackson-databind-2.9.8.jar
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2019-12086,
> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > >>>>>>>> netty-all-4.1.29.Final.jar
> > >>> (pkg:maven/io.netty/[hidden email]
> > >>>>> ,
> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-camel:
> > >>>>>>>>
> > >>>>>>>> camel-core-2.22.0.jar
> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-storm:
> > >>>>>>>>
> > >>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
> > >>> ,
> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >>>>> CVE-2019-10247
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
> > >>>>>>>> CVE-2015-5262
> > >>>>>>>>
> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > >>>>>> CVE-2014-3488,
> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > >>>>> support
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >>>>> CVE-2011-4461,
> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > >>>>>> CVE-2019-10241,
> > >>>>>>>> CVE-2019-10247
> > >>>>>>>>
> > >>>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > >>>>> CVE-2011-4461,
> > >>>>>>>> CVE-2019-10247
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2016-1000031
> > >>>>>>>>
> > >>>>>>
> > >>>
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > >>>>>> CVE-2017-15713,
> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > >>>>>> CVE-2018-1296,
> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-cassandra-store:
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-cassandra-serializers:
> > >>>>>>>>
> > >>>>>>>> commons-beanutils-1.9.2.jar
> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2019-10086
> > >>>>>>>> commons-collections-3.2.1.jar
> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2015-6420,
> > >>>>>>>> CVE-2017-15708, Remote code execution
> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > >>>>>>>>
> > >>>>>>
> > >>>
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > >>>>>>>>
> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > >>>>> :
> > >>>>>>>> CVE-2018-15756
> > >>>>>>>> netty-transport-4.1.27.Final.jar
> > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-flink:
> > >>>>>>>>
> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > >>>>>>>> ,
> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > >>>>>> CVE-2016-4970,
> > >>>>>>>> CVE-2019-16869
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > >>>>>> CVE-2017-15095,
> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > >>>>>>>>
> > >>>>>>>> One or more dependencies were identified with known
> > >>> vulnerabilities
> > >>>>> in
> > >>>>>>>> ignite-rocketmq:
> > >>>>>>>>
> > >>>>>>>> netty-all-4.0.42.Final.jar
> > >>> (pkg:maven/io.netty/[hidden email]
> > >>>>> ,
> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > >>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > >>> ,
> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > >>>>>> CVE-2006-7196,
> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > >>>>>> CVE-2012-5568,
> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > >>>>>> CVE-2013-4590,
> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > >>>>>> CVE-2014-0119,
> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > >>>>>>>>
> > >>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
> > >>>>>> releases
> > >>>>>>>> of Spring. I think we can bump most of that.
> > >>>>>>>>
> > >>>>>>>> Some integrations also clearly suffer, through it's a problem of
> > >>>>> their
> > >>>>>>>> users, since they need to declare their own libraries' versions
> > >>> by
> > >>>>>>>> convention.
> > >>>>>>>>
> > >>>>>>>> Regards,
> > >>>>>>>> --
> > >>>>>>>> Ilya Kasnacheev
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < [hidden email] >:
> > >>>>>>>>
> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > >>> let's
> > >>>>>> update
> > >>>>>>>>> the versions of the dependencies to the latest.
> > >>>>>>>>>
> > >>>>>>>>> -
> > >>>>>>>>> Denis
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > >>>>>>>>>  [hidden email] >
> > >>>>>>>>> wrote:
> > >>>>>>>>>
> > >>>>>>>>>> Hello!
> > >>>>>>>>>>
> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > >>>>>>>>>>
> > >>>>>>>>>> By bumping versisons I mean the following:
> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > >>>>>>>>>>
> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > >>>>>>>> <!--
> > >>>>>>>>>> don't forget to update spring version -->
> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > >>>>> don't
> > >>>>>>>>> forget
> > >>>>>>>>>> to update spring-data version -->
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > >>>>>>>>>>
> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > >>>>>>>>> don't
> > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > >>>>>>>>>>
> > >>>>>>>>>> All these libraries have maintenance release (such as our
> > >>>>> 2.7.*6*)
> > >>>>>> and
> > >>>>>>>> I
> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > >>> to the
> > >>>>>>>> latest
> > >>>>>>>>>> maintenance version found in Maven Central.
> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > >>>>>>>>>>
> > >>>>>>>>>> Regards,
> > >>>>>>>>>> --
> > >>>>>>>>>> Ilya Kasnacheev
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda < [hidden email]
> > >>>> :
> > >>>>>>>>>>
> > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > >>> fixes/improvements.
> > >>>>>> Ilya is
> > >>>>>>>>>> right
> > >>>>>>>>>>> that Spring Data related questions sparked last time due to
> > >>>>>> missing
> > >>>>>>>>>> support
> > >>>>>>>>>>> of 2.2 version.
> > >>>>>>>>>>>
> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > >>> the
> > >>>>>>>>> versions"?
> > >>>>>>>>>> Do
> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > >>>>>>>>> "ignite-spring-data"
> > >>>>>>>>>> to
> > >>>>>>>>>>> version 2.2 and introducing
> > >>> "ignite-spring-data-{old-version"}
> > >>>>>> for
> > >>>>>>>> the
> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > >>> proposal.
> > >>>>>>>>>>>
> > >>>>>>>>>>> -
> > >>>>>>>>>>> Denis
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > >>>>>>>>>>  [hidden email]
> > >>>>>>>>>>>>
> > >>>>>>>>>>> wrote:
> > >>>>>>>>>>>
> > >>>>>>>>>>>> Hello!
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > >>>>>> commits, be
> > >>>>>>>>>>> careful
> > >>>>>>>>>>>> with release version)
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > >>> will
> > >>>>>> provide
> > >>>>>>>>> the
> > >>>>>>>>>>>> following considerations:
> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > >>> currently do
> > >>>>>> not
> > >>>>>>>>> have,
> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > >>> and
> > >>>>>> mailing
> > >>>>>>>>>> list.
> > >>>>>>>>>>>> Spring Data is important to our public image since many
> > >>>>> people
> > >>>>>> may
> > >>>>>>>>>> learn
> > >>>>>>>>>>>> about out project by starting with Spring Data.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > >>> (just 2
> > >>>>> POM
> > >>>>>>>> file
> > >>>>>>>>>>>> touched and that's all).
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> * The core was ready since early November but, due to
> > >>> gmail
> > >>>>>> quirk,
> > >>>>>>>> we
> > >>>>>>>>>> did
> > >>>>>>>>>>>> not react to it in time.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> WDYT?
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > >>>>>> dependencies'
> > >>>>>>>>>> versions
> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > >>>>> hibernate
> > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > >>>>> maintenance
> > >>>>>>>>> versions
> > >>>>>>>>>>> to
> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > >>>>> between
> > >>>>>>>>>> releases,
> > >>>>>>>>>>> so
> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > >>>>> formal
> > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> > >>>>> these
> > >>>>>>>>> version
> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Regards,
> > >>>>>>>>>>>> --
> > >>>>>>>>>>>> Ilya Kasnacheev
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > >>>>>>>>>>> < [hidden email]
> > >>>>>>>>>>>>> :
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > >>>>> 2.7.6,
> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > >>> Xeon
> > >>>>>> X5570
> > >>>>>>>>> 96Gb
> > >>>>>>>>>>>> 512GB
> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> cacheMode — partitioned
> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > >>>>>>>>>>>>> 1 backup
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > >>> disabled.
> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> [1]
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>
> > >>>
> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> ------- Forwarded message -------
> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
> > >>>>>>>>>>>>>> To:  [hidden email]
> > >>>>>>>>>>>>>> Cc:
> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > >>> Manager]
> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Igniters,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > >>> Apache
> > >>>>>> Ignite
> > >>>>>>>>> 2.7
> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > >>> performance
> > >>>>>>>>>> improvements
> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > >>>>>> release
> > >>>>>>>>> date.
> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > >>>>> point
> > >>>>>>>> since
> > >>>>>>>>>> the
> > >>>>>>>>>>>>>> last major release:
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Service Grid,
> > >>>>>>>>>>>>>> Monitoring,
> > >>>>>>>>>>>>>> Recovery Read
> > >>>>>>>>>>>>>> BLT auto-adjust,
> > >>>>>>>>>>>>>> PDS compression,
> > >>>>>>>>>>>>>> WAL page compression,
> > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > >>>>>>>>>>>>>> SQL query history
> > >>>>>>>>>>>>>> SQL statistics
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > >>>>>> branch
> > >>>>>>>>>> anymore
> > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > >>> year.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > >>>>>> release
> > >>>>>>>> and
> > >>>>>>>>>> also
> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > >>> the
> > >>>>>>>> planning
> > >>>>>>>>>>>>>> release.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> WDYT?
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> --
> > >>>>>> Best regards,
> > >>>>>> Ivan Pavlukhin
> > >>>>>>
> > >>>>>
> > >>>
> > >>
> > >>
> > >> --
> > >> BR, Sergey Antonov
> > >
> >
> >
> >
> >

> Folks,
>
> Some thoughts:
> * Releasing an API with known fallacies sounds really bad thing to me.
> It can have a negative consequences for a whole project for years. My
> opinion here that we should resolve the problem with this API somehow
> before release.
> * We can mark cluster read-only API (without enum) as experimental and
> change the API in e.g. 2.8.1.
> * We can try to exclude read-only API from 2.8 at all.
>
> What do you think?
>
> пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <[hidden email]>:
> >
> > Guys,
> >
> > There is also an issue with cluster activation by thin clients. This
> > feature (.NET thin client API change and protocol change) was added by
> [1]
> > without any discussion on dev-list. Sergey's patch [2] deprecate methods
> > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't
> do
> > this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
> > should not forget about thin client changes, since it will be strange if
> we
> > introduce some methods to thin client API and protocol and in the same
> > Ignite version deprecate these methods for servers and thick clients.
> >
> > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> >
> >
> > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> <[hidden email]
> > >:
> >
> > >
> > >
> > > Agree with Nikolay, -1 from me, too.
> > >
> > > >Hello, Igniters.
> > > >
> > > >I’m -1 to include the read-only patch to 2.8.
> > > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > > blockers and major issues.
> > > >
> > > >Guys, we don’t release Apache Ignite for 13 months!
> > > >We should focus on the release and make it ASAP.
> > > >
> > > >We can’t extend the scope anymore.
> > > >
> > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> [hidden email] >
> > > написал(а):
> > > >>
> > > >> Hello, Maxim!
> > > >>
> > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > > >> changed.
> > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
> > > >> presented. Changes in product code are minimal - only 30 changed
> files
> > > in
> > > >> /src/main/ part. And most of them are new control.sh commands and
> > > >> configuration.
> > > >>
> > > >>> Do we have customer requests for this feature or maybe users who
> are
> > > >> waiting for exactly that ENUM values exactly in 2.8 release (not the
> > > 2.8.1
> > > >> for instance)?
> > > >> Can we introduce in new features in maintanance release (2.8.1)?
> Cluster
> > > >> read-only mode will be new feature, if we remove
> IgniteCluster#readOnly
> > > in
> > > >> 2.8 release. If all ok with that, lets remove
> IgniteCluster#readOnly and
> > > >> move ticket [1] to 2.8.1 release.
> > > >>
> > > >>> Do we have extended test results report (on just only TC.Bot green
> > > visa)
> > > >> on this feature to be sure that we will not add any blocker issues
> to
> > > the
> > > >> release?
> > > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa
> vs
> > > >> release branch.
> > > >>
> > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>
> > > >>
> > > >>
> > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < [hidden email] >:
> > > >>
> > > >>> Folks,
> > > >>>
> > > >>>
> > > >>> Let me remind you that we are working on the 2.8 release branch
> > > >>> stabilization currently (please, keep it in mind).
> > > >>>
> > > >>>
> > > >>> Do we have a really STRONG reason for adding such a change [1] to
> the
> > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > > >>> −2,038, 111 files changed.
> > > >>> Do we have customer requests for this feature or maybe users who
> are
> > > >>> waiting for exactly that ENUM values exactly in 2.8 release (not
> the
> > > >>> 2.8.1 for instance)?
> > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > >>> Do we have extended test results report (on just only TC.Bot green
> > > >>> visa) on this feature to be sure that we will not add any blocker
> > > >>> issues to the release? For instance, on pre-production environment.
> > > >>>
> > > >>> I'd like to notice that we also have more than enough the release
> > > >>> blocker issues [3] which are still `in progress` and such a release
> > > >>> run becomes endless. Such changes without strong reasons looks too
> > > >>> scary for me a special after scope and code freeze dates.
> > > >>>
> > > >>> Please, dispel my doubts.
> > > >>>
> > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > >>> [3]
> > > >>>
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > )
> > > >>>
> > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> [hidden email]
> > > >
> > > >>> wrote:
> > > >>>>
> > > >>>> +1
> > > >>>>
> > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > [hidden email] >:
> > > >>>>
> > > >>>>> +1
> > > >>>>>
> > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> branch
> > > >>> will be
> > > >>>>> at 13 Jan
> > > >>>>>
> > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < [hidden email]
> >:
> > > >>>>>
> > > >>>>>> +1
> > > >>>>>>
> > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov < [hidden email]
> >:
> > > >>>>>>>
> > > >>>>>>> Maxim M. and anyone who is interested,
> > > >>>>>>>
> > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > >>>>>>> Basically, it's a result of the following discussion:
> > > >>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > >>>>>>>
> > > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
> > > >>> work
> > > >>>>> with
> > > >>>>>>> boolean are replaced with ones that work with enum.
> > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> boolean
> > > >>>>> version
> > > >>>>>> of
> > > >>>>>>> API in the code (which is currently present in 2.8 branch) as
> it
> > > >>> wasn't
> > > >>>>>>> published in any release.
> > > >>>>>>>
> > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > >>>>>>  [hidden email] >
> > > >>>>>>> wrote:
> > > >>>>>>>
> > > >>>>>>>> Hello!
> > > >>>>>>>>
> > > >>>>>>>> I have ran dependency checker plugin and quote the following:
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-urideploy:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-spring:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-spring-data:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-aop:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-visor-console:
> > > >>>>>>>>
> > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >>>>> :
> > > >>>>>>>> CVE-2018-15756
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-spring-data_2.0:
> > > >>>>>>>>
> > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-15756
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-rest-http:
> > > >>>>>>>>
> > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >>>>>>>> jackson-databind-2.9.6.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-kubernetes:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-aws:
> > > >>>>>>>>
> > > >>>>>>>> jackson-databind-2.9.6.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > >>>>> CVE-2015-6644,
> > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > >>>>> CVE-2016-1000341,
> > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >>>>> CVE-2016-1000345,
> > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > >>> CVE-2017-13098,
> > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-gce:
> > > >>>>>>>>
> > > >>>>>>>> httpclient-4.0.1.jar
> > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> CVE-2011-1498,
> > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > >>>>>>>> guava-jdk5-17.0.jar
> (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-cloud:
> > > >>>>>>>>
> > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > >>> CVE-2013-2014,
> > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > >>>>>> CVE-2014-3520,
> > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > >>>>>> CVE-2018-20170
> > > >>>>>>>> cloudstack-2.0.0.jar
> > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > >>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> CVE-2013-2136,
> > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > >>>>>>>> docker-2.0.0.jar
> (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
> > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> CVE-2019-16884,
> > > >>>>>>>> CVE-2019-5736
> > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> docker-1.9.3.jar
> (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > >>> ,
> > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
> > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> CVE-2019-15752,
> > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > >>>>> CVE-2015-6644,
> > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > >>> CVE-2016-1000341,
> > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > >>>>> CVE-2016-1000345,
> > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > >>> CVE-2018-1000613
> > > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
> > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-mesos:
> > > >>>>>>>>
> > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
> > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > >>>>>>>> jackson-databind-2.9.6.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> CVE-2018-14720,
> > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> CVE-2018-19362,
> > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> CVE-2019-14379,
> > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> CVE-2019-16942,
> > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-kafka:
> > > >>>>>>>>
> > > >>>>>>>> kafka-clients-2.0.1.jar
> > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > >>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > >>>>>>>> connect-api-2.0.1.jar
> > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-flume:
> > > >>>>>>>>
> > > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > >>> CVE-2017-15095,
> > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> CVE-2018-1000873,
> > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
> > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > >>>>>>>> commons-collections-3.2.1.jar
> > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2015-6420,
> > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/[hidden email],
> > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > >>>>>> CVE-2019-16869,
> > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2005-3747,
> > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > >>>>>> CVE-2009-5049,
> > > >>>>>>>> CVE-2011-4461
> > > >>>>>>>> jetty-util-6.1.26.jar
> > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > >>>>> ,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >>> CVE-2009-1523,
> > > >>>>>>>> CVE-2011-4461
> > > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > >>> CVE-2009-1523,
> > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > >>>>>> CVE-2017-9735,
> > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > >>>>>>>> libthrift-0.9.0.jar
> (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > >>> :
> > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > >>>>>>>> httpclient-4.1.3.jar
> > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> > > >>>>>>>> CVE-2015-5262
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-twitter:
> > > >>>>>>>>
> > > >>>>>>>> httpclient-4.2.5.jar
> > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> > > >>>>>>>> CVE-2015-5262
> > > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-zookeeper:
> > > >>>>>>>>
> > > >>>>>>>> jackson-databind-2.9.8.jar
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2019-12086,
> > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439,
> > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943,
> > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> CVE-2018-1000873,
> > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
> > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > >>> (pkg:maven/io.netty/[hidden email]
> > > >>>>> ,
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-camel:
> > > >>>>>>>>
> > > >>>>>>>> camel-core-2.22.0.jar
> > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
> > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-storm:
> > > >>>>>>>>
> > > >>>>>>>> storm-core-1.1.1.jar
> (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > >>> ,
> > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
> > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >>>>> CVE-2019-10247
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> CVE-2014-3577,
> > > >>>>>>>> CVE-2015-5262
> > > >>>>>>>>
> > > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > >>>>>> CVE-2014-3488,
> > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
> > > >>>>> support
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >>>>> CVE-2011-4461,
> > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > >>>>>> CVE-2019-10241,
> > > >>>>>>>> CVE-2019-10247
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > >>>>> CVE-2011-4461,
> > > >>>>>>>> CVE-2019-10247
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2016-1000031
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
> > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > >>>>>> CVE-2017-15713,
> > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > >>>>>> CVE-2018-1296,
> > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-cassandra-store:
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-cassandra-serializers:
> > > >>>>>>>>
> > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2019-10086
> > > >>>>>>>> commons-collections-3.2.1.jar
> > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2015-6420,
> > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > >>>>>>>>
> > > >>>>>>
> > > >>>
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > >>>>>>>>
> > > >>>
> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > >>>>> :
> > > >>>>>>>> CVE-2018-15756
> > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-flink:
> > > >>>>>>>>
> > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > >>>>>>>> ,
> > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
> > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > >>>>>> CVE-2016-4970,
> > > >>>>>>>> CVE-2019-16869
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > >>>>>> CVE-2017-15095,
> > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> CVE-2018-11307,
> > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> CVE-2018-14719,
> > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> CVE-2018-19361,
> > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
> > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> CVE-2019-14439,
> > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> CVE-2019-16943,
> > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > >>>>>>>>
> > > >>>>>>>> One or more dependencies were identified with known
> > > >>> vulnerabilities
> > > >>>>> in
> > > >>>>>>>> ignite-rocketmq:
> > > >>>>>>>>
> > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > >>> (pkg:maven/io.netty/[hidden email]
> > > >>>>> ,
> > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > >>>>>>>>
> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > >>> ,
> > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > >>>>>>>>
> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
> > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > >>>>>> CVE-2006-7196,
> > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > >>>>>> CVE-2012-5568,
> > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > >>>>>> CVE-2013-4590,
> > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > >>>>>> CVE-2014-0119,
> > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > >>>>>>>>
> > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> maintenance
> > > >>>>>> releases
> > > >>>>>>>> of Spring. I think we can bump most of that.
> > > >>>>>>>>
> > > >>>>>>>> Some integrations also clearly suffer, through it's a problem
> of
> > > >>>>> their
> > > >>>>>>>> users, since they need to declare their own libraries'
> versions
> > > >>> by
> > > >>>>>>>> convention.
> > > >>>>>>>>
> > > >>>>>>>> Regards,
> > > >>>>>>>> --
> > > >>>>>>>> Ilya Kasnacheev
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda < [hidden email]
> >:
> > > >>>>>>>>
> > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > > >>> let's
> > > >>>>>> update
> > > >>>>>>>>> the versions of the dependencies to the latest.
> > > >>>>>>>>>
> > > >>>>>>>>> -
> > > >>>>>>>>> Denis
> > > >>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > >>>>>>>>>  [hidden email] >
> > > >>>>>>>>> wrote:
> > > >>>>>>>>>
> > > >>>>>>>>>> Hello!
> > > >>>>>>>>>>
> > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > >>>>>>>>>>
> > > >>>>>>>>>> By bumping versisons I mean the following:
> > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > >>>>>>>>>>
> > > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > >>>>>>>> <!--
> > > >>>>>>>>>> don't forget to update spring version -->
> > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > >>>>> don't
> > > >>>>>>>>> forget
> > > >>>>>>>>>> to update spring-data version -->
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > >>>>>>>>>>
> > > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > >>>>>>>>> don't
> > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > >>>>>>>>>>
> > > >>>>>>>>>> All these libraries have maintenance release (such as our
> > > >>>>> 2.7.*6*)
> > > >>>>>> and
> > > >>>>>>>> I
> > > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > > >>> to the
> > > >>>>>>>> latest
> > > >>>>>>>>>> maintenance version found in Maven Central.
> > > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > >>>>>>>>>>
> > > >>>>>>>>>> Regards,
> > > >>>>>>>>>> --
> > > >>>>>>>>>> Ilya Kasnacheev
> > > >>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> [hidden email]
> > > >>>> :
> > > >>>>>>>>>>
> > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > >>> fixes/improvements.
> > > >>>>>> Ilya is
> > > >>>>>>>>>> right
> > > >>>>>>>>>>> that Spring Data related questions sparked last time due to
> > > >>>>>> missing
> > > >>>>>>>>>> support
> > > >>>>>>>>>>> of 2.2 version.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > > >>> the
> > > >>>>>>>>> versions"?
> > > >>>>>>>>>> Do
> > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > >>>>>>>>> "ignite-spring-data"
> > > >>>>>>>>>> to
> > > >>>>>>>>>>> version 2.2 and introducing
> > > >>> "ignite-spring-data-{old-version"}
> > > >>>>>> for
> > > >>>>>>>> the
> > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > >>> proposal.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> -
> > > >>>>>>>>>>> Denis
> > > >>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > >>>>>>>>>>  [hidden email]
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>> wrote:
> > > >>>>>>>>>>>
> > > >>>>>>>>>>>> Hello!
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > >>>>>> commits, be
> > > >>>>>>>>>>> careful
> > > >>>>>>>>>>>> with release version)
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > >>> will
> > > >>>>>> provide
> > > >>>>>>>>> the
> > > >>>>>>>>>>>> following considerations:
> > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > >>> currently do
> > > >>>>>> not
> > > >>>>>>>>> have,
> > > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > > >>> and
> > > >>>>>> mailing
> > > >>>>>>>>>> list.
> > > >>>>>>>>>>>> Spring Data is important to our public image since many
> > > >>>>> people
> > > >>>>>> may
> > > >>>>>>>>>> learn
> > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > >>> (just 2
> > > >>>>> POM
> > > >>>>>>>> file
> > > >>>>>>>>>>>> touched and that's all).
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > >>> gmail
> > > >>>>>> quirk,
> > > >>>>>>>> we
> > > >>>>>>>>>> did
> > > >>>>>>>>>>>> not react to it in time.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> WDYT?
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > >>>>>> dependencies'
> > > >>>>>>>>>> versions
> > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > >>>>> hibernate
> > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > >>>>> maintenance
> > > >>>>>>>>> versions
> > > >>>>>>>>>>> to
> > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > > >>>>> between
> > > >>>>>>>>>> releases,
> > > >>>>>>>>>>> so
> > > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > > >>>>> formal
> > > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
> > > >>>>> these
> > > >>>>>>>>> version
> > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Regards,
> > > >>>>>>>>>>>> --
> > > >>>>>>>>>>>> Ilya Kasnacheev
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > >>>>>>>>>>> < [hidden email]
> > > >>>>>>>>>>>>> :
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > > >>>>> 2.7.6,
> > > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > >>> Xeon
> > > >>>>>> X5570
> > > >>>>>>>>> 96Gb
> > > >>>>>>>>>>>> 512GB
> > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> cacheMode — partitioned
> > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > >>>>>>>>>>>>> 1 backup
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > >>> disabled.
> > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> [1]
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>
> > >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
> > > >>>>>>>>>>>>>> To:  [hidden email]
> > > >>>>>>>>>>>>>> Cc:
> > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > >>> Manager]
> > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Igniters,
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > >>> Apache
> > > >>>>>> Ignite
> > > >>>>>>>>> 2.7
> > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > >>> performance
> > > >>>>>>>>>> improvements
> > > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > > >>>>>> release
> > > >>>>>>>>> date.
> > > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > > >>>>> point
> > > >>>>>>>> since
> > > >>>>>>>>>> the
> > > >>>>>>>>>>>>>> last major release:
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Service Grid,
> > > >>>>>>>>>>>>>> Monitoring,
> > > >>>>>>>>>>>>>> Recovery Read
> > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > >>>>>>>>>>>>>> PDS compression,
> > > >>>>>>>>>>>>>> WAL page compression,
> > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > >>>>>>>>>>>>>> SQL query history
> > > >>>>>>>>>>>>>> SQL statistics
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > > >>>>>> branch
> > > >>>>>>>>>> anymore
> > > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > > >>> year.
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > > >>>>>> release
> > > >>>>>>>> and
> > > >>>>>>>>>> also
> > > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > > >>> the
> > > >>>>>>>> planning
> > > >>>>>>>>>>>>>> release.
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> WDYT?
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>> --
> > > >>>>>> Best regards,
> > > >>>>>> Ivan Pavlukhin
> > > >>>>>>
> > > >>>>>
> > > >>>
> > > >>
> > > >>
> > > >> --
> > > >> BR, Sergey Antonov
> > > >
> > >
> > >
> > >
> > >
>
>
>
> --
> Best regards,
> Ivan Pavlukhin
>
>

> Hello!
>
> I think the third option (exclude publicly-accessible API) is preferable.
>
> Regards,
> --
> Ilya Kasnacheev
>
>
> пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <[hidden email]>:
>
> > Folks,
> >
> > Some thoughts:
> > * Releasing an API with known fallacies sounds really bad thing to me.
> > It can have a negative consequences for a whole project for years. My
> > opinion here that we should resolve the problem with this API somehow
> > before release.
> > * We can mark cluster read-only API (without enum) as experimental and
> > change the API in e.g. 2.8.1.
> > * We can try to exclude read-only API from 2.8 at all.
> >
> > What do you think?
> >
> > пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <[hidden email]>:
> > >
> > > Guys,
> > >
> > > There is also an issue with cluster activation by thin clients. This
> > > feature (.NET thin client API change and protocol change) was added by
> > [1]
> > > without any discussion on dev-list. Sergey's patch [2] deprecate
> methods
> > > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> didn't
> > do
> > > this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> also
> > > should not forget about thin client changes, since it will be strange
> if
> > we
> > > introduce some methods to thin client API and protocol and in the same
> > > Ignite version deprecate these methods for servers and thick clients.
> > >
> > > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> > >
> > >
> > > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> > <[hidden email]
> > > >:
> > >
> > > >
> > > >
> > > > Agree with Nikolay, -1 from me, too.
> > > >
> > > > >Hello, Igniters.
> > > > >
> > > > >I’m -1 to include the read-only patch to 2.8.
> > > > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
> > > > blockers and major issues.
> > > > >
> > > > >Guys, we don’t release Apache Ignite for 13 months!
> > > > >We should focus on the release and make it ASAP.
> > > > >
> > > > >We can’t extend the scope anymore.
> > > > >
> > > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > [hidden email] >
> > > > написал(а):
> > > > >>
> > > > >> Hello, Maxim!
> > > > >>
> > > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > > > >> changed.
> > > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> already
> > > > >> presented. Changes in product code are minimal - only 30 changed
> > files
> > > > in
> > > > >> /src/main/ part. And most of them are new control.sh commands and
> > > > >> configuration.
> > > > >>
> > > > >>> Do we have customer requests for this feature or maybe users who
> > are
> > > > >> waiting for exactly that ENUM values exactly in 2.8 release (not
> the
> > > > 2.8.1
> > > > >> for instance)?
> > > > >> Can we introduce in new features in maintanance release (2.8.1)?
> > Cluster
> > > > >> read-only mode will be new feature, if we remove
> > IgniteCluster#readOnly
> > > > in
> > > > >> 2.8 release. If all ok with that, lets remove
> > IgniteCluster#readOnly and
> > > > >> move ticket [1] to 2.8.1 release.
> > > > >>
> > > > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > > visa)
> > > > >> on this feature to be sure that we will not add any blocker issues
> > to
> > > > the
> > > > >> release?
> > > > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa
> > vs
> > > > >> release branch.
> > > > >>
> > > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>
> > > > >>
> > > > >>
> > > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < [hidden email]
> >:
> > > > >>
> > > > >>> Folks,
> > > > >>>
> > > > >>>
> > > > >>> Let me remind you that we are working on the 2.8 release branch
> > > > >>> stabilization currently (please, keep it in mind).
> > > > >>>
> > > > >>>
> > > > >>> Do we have a really STRONG reason for adding such a change [1] to
> > the
> > > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
> > > > >>> −2,038, 111 files changed.
> > > > >>> Do we have customer requests for this feature or maybe users who
> > are
> > > > >>> waiting for exactly that ENUM values exactly in 2.8 release (not
> > the
> > > > >>> 2.8.1 for instance)?
> > > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
> > > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > >>> Do we have extended test results report (on just only TC.Bot
> green
> > > > >>> visa) on this feature to be sure that we will not add any blocker
> > > > >>> issues to the release? For instance, on pre-production
> environment.
> > > > >>>
> > > > >>> I'd like to notice that we also have more than enough the release
> > > > >>> blocker issues [3] which are still `in progress` and such a
> release
> > > > >>> run becomes endless. Such changes without strong reasons looks
> too
> > > > >>> scary for me a special after scope and code freeze dates.
> > > > >>>
> > > > >>> Please, dispel my doubts.
> > > > >>>
> > > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > >>> [3]
> > > > >>>
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > )
> > > > >>>
> > > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > [hidden email]
> > > > >
> > > > >>> wrote:
> > > > >>>>
> > > > >>>> +1
> > > > >>>>
> > > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > [hidden email] >:
> > > > >>>>
> > > > >>>>> +1
> > > > >>>>>
> > > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > branch
> > > > >>> will be
> > > > >>>>> at 13 Jan
> > > > >>>>>
> > > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin < [hidden email]
> > >:
> > > > >>>>>
> > > > >>>>>> +1
> > > > >>>>>>
> > > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> [hidden email]
> > >:
> > > > >>>>>>>
> > > > >>>>>>> Maxim M. and anyone who is interested,
> > > > >>>>>>>
> > > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >>>>>>> Basically, it's a result of the following discussion:
> > > > >>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > >>>>>>>
> > > > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> that
> > > > >>> work
> > > > >>>>> with
> > > > >>>>>>> boolean are replaced with ones that work with enum.
> > > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > boolean
> > > > >>>>> version
> > > > >>>>>> of
> > > > >>>>>>> API in the code (which is currently present in 2.8 branch) as
> > it
> > > > >>> wasn't
> > > > >>>>>>> published in any release.
> > > > >>>>>>>
> > > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > >>>>>>  [hidden email] >
> > > > >>>>>>> wrote:
> > > > >>>>>>>
> > > > >>>>>>>> Hello!
> > > > >>>>>>>>
> > > > >>>>>>>> I have ran dependency checker plugin and quote the
> following:
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-urideploy:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-spring:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-spring-data:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-aop:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-visor-console:
> > > > >>>>>>>>
> > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > >>>>> :
> > > > >>>>>>>> CVE-2018-15756
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-spring-data_2.0:
> > > > >>>>>>>>
> > > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-15756
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-rest-http:
> > > > >>>>>>>>
> > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-kubernetes:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-aws:
> > > > >>>>>>>>
> > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > >>>>> CVE-2015-6644,
> > > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > >>>>> CVE-2016-1000341,
> > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > >>>>> CVE-2016-1000345,
> > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > >>> CVE-2017-13098,
> > > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-gce:
> > > > >>>>>>>>
> > > > >>>>>>>> httpclient-4.0.1.jar
> > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > CVE-2011-1498,
> > > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > >>>>>>>> guava-jdk5-17.0.jar
> > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-cloud:
> > > > >>>>>>>>
> > > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
> > > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > >>> CVE-2013-2014,
> > > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
> > > > >>>>>> CVE-2014-3520,
> > > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
> > > > >>>>>> CVE-2018-20170
> > > > >>>>>>>> cloudstack-2.0.0.jar
> > > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > >>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > CVE-2013-2136,
> > > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > >>>>>>>> docker-2.0.0.jar
> > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> CVE-2018-10892,
> > > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > CVE-2019-16884,
> > > > >>>>>>>> CVE-2019-5736
> > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> docker-1.9.3.jar
> > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > >>> ,
> > > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> CVE-2016-3697,
> > > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > CVE-2019-15752,
> > > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > >>>>> CVE-2015-6644,
> > > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > >>> CVE-2016-1000341,
> > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > >>>>> CVE-2016-1000345,
> > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > >>> CVE-2018-1000613
> > > > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> ,
> > > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> CVE-2016-2402
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-mesos:
> > > > >>>>>>>>
> > > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> CVE-2018-11793,
> > > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > CVE-2018-14720,
> > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > CVE-2018-19362,
> > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > CVE-2019-14379,
> > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > CVE-2019-16942,
> > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-kafka:
> > > > >>>>>>>>
> > > > >>>>>>>> kafka-clients-2.0.1.jar
> > > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > >>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > >>>>>>>> connect-api-2.0.1.jar
> > > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-flume:
> > > > >>>>>>>>
> > > > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
> > > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > >>> CVE-2017-15095,
> > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*)
> :
> > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > CVE-2018-1000873,
> > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-14540,
> > > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2015-6420,
> > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/[hidden email]
> ,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > >>>>>> CVE-2019-16869,
> > > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2005-3747,
> > > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
> > > > >>>>>> CVE-2009-5049,
> > > > >>>>>>>> CVE-2011-4461
> > > > >>>>>>>> jetty-util-6.1.26.jar
> > > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > >>>>> ,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > >>> CVE-2009-1523,
> > > > >>>>>>>> CVE-2011-4461
> > > > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > >>> CVE-2009-1523,
> > > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > > > >>>>>> CVE-2017-9735,
> > > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > >>>>>>>> libthrift-0.9.0.jar
> > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > >>> :
> > > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > >>>>>>>> httpclient-4.1.3.jar
> > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > > > >>>>>>>> CVE-2015-5262
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-twitter:
> > > > >>>>>>>>
> > > > >>>>>>>> httpclient-4.2.5.jar
> > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > > > >>>>>>>> CVE-2015-5262
> > > > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-zookeeper:
> > > > >>>>>>>>
> > > > >>>>>>>> jackson-databind-2.9.8.jar
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2019-12086,
> > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439,
> > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943,
> > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > CVE-2018-1000873,
> > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-10172,
> > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > >>> (pkg:maven/io.netty/[hidden email]
> > > > >>>>> ,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-camel:
> > > > >>>>>>>>
> > > > >>>>>>>> camel-core-2.22.0.jar
> > > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> CVE-2018-8041,
> > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-storm:
> > > > >>>>>>>>
> > > > >>>>>>>> storm-core-1.1.1.jar
> > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > >>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> CVE-2018-11779,
> > > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916
> ,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >>>>> CVE-2019-10247
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > CVE-2014-3577,
> > > > >>>>>>>> CVE-2015-5262
> > > > >>>>>>>>
> > > > >>>
> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
> > > > >>>>>> CVE-2014-3488,
> > > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> SSLv3.0
> > > > >>>>> support
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >>>>> CVE-2011-4461,
> > > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
> > > > >>>>>> CVE-2019-10241,
> > > > >>>>>>>> CVE-2019-10247
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > >>>>> CVE-2011-4461,
> > > > >>>>>>>> CVE-2019-10247
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2016-1000031
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> CVE-2015-1776,
> > > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
> > > > >>>>>> CVE-2017-15713,
> > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
> > > > >>>>>> CVE-2018-1296,
> > > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-cassandra-store:
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-cassandra-serializers:
> > > > >>>>>>>>
> > > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2019-10086
> > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2015-6420,
> > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > > > >>>
> > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > >>>>> :
> > > > >>>>>>>> CVE-2018-15756
> > > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-flink:
> > > > >>>>>>>>
> > > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > >>>>>>>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> CVE-2016-5001,
> > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
> > > > >>>>>> CVE-2016-4970,
> > > > >>>>>>>> CVE-2019-16869
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> ,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
> > > > >>>>>> CVE-2017-15095,
> > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > CVE-2018-11307,
> > > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > CVE-2018-14719,
> > > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > CVE-2018-19361,
> > > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> CVE-2019-12086,
> > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > CVE-2019-14439,
> > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > CVE-2019-16943,
> > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
> > > > >>>>>>>>
> > > > >>>>>>>> One or more dependencies were identified with known
> > > > >>> vulnerabilities
> > > > >>>>> in
> > > > >>>>>>>> ignite-rocketmq:
> > > > >>>>>>>>
> > > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > >>> (pkg:maven/io.netty/[hidden email]
> > > > >>>>> ,
> > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
> > > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > >>>>>>>>
> > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > >>> ,
> > > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > >>>>>>>>
> > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*)
> :
> > > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
> > > > >>>>>> CVE-2006-7196,
> > > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
> > > > >>>>>> CVE-2012-5568,
> > > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
> > > > >>>>>> CVE-2013-4590,
> > > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
> > > > >>>>>> CVE-2014-0119,
> > > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
> > > > >>>>>>>>
> > > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > maintenance
> > > > >>>>>> releases
> > > > >>>>>>>> of Spring. I think we can bump most of that.
> > > > >>>>>>>>
> > > > >>>>>>>> Some integrations also clearly suffer, through it's a
> problem
> > of
> > > > >>>>> their
> > > > >>>>>>>> users, since they need to declare their own libraries'
> > versions
> > > > >>> by
> > > > >>>>>>>> convention.
> > > > >>>>>>>>
> > > > >>>>>>>> Regards,
> > > > >>>>>>>> --
> > > > >>>>>>>> Ilya Kasnacheev
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> [hidden email]
> > >:
> > > > >>>>>>>>
> > > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
> > > > >>> let's
> > > > >>>>>> update
> > > > >>>>>>>>> the versions of the dependencies to the latest.
> > > > >>>>>>>>>
> > > > >>>>>>>>> -
> > > > >>>>>>>>> Denis
> > > > >>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > >>>>>>>>>  [hidden email] >
> > > > >>>>>>>>> wrote:
> > > > >>>>>>>>>
> > > > >>>>>>>>>> Hello!
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> By bumping versisons I mean the following:
> > > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > >>>>>>>>>>
> > > > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > >>>>>>>> <!--
> > > > >>>>>>>>>> don't forget to update spring version -->
> > > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > >>>>> don't
> > > > >>>>>>>>> forget
> > > > >>>>>>>>>> to update spring-data version -->
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>
> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > >>>>>>>>>>
> > > > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > >>>>>>>>> don't
> > > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> All these libraries have maintenance release (such as our
> > > > >>>>> 2.7.*6*)
> > > > >>>>>> and
> > > > >>>>>>>> I
> > > > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
> > > > >>> to the
> > > > >>>>>>>> latest
> > > > >>>>>>>>>> maintenance version found in Maven Central.
> > > > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> Regards,
> > > > >>>>>>>>>> --
> > > > >>>>>>>>>> Ilya Kasnacheev
> > > > >>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > [hidden email]
> > > > >>>> :
> > > > >>>>>>>>>>
> > > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > >>> fixes/improvements.
> > > > >>>>>> Ilya is
> > > > >>>>>>>>>> right
> > > > >>>>>>>>>>> that Spring Data related questions sparked last time due
> to
> > > > >>>>>> missing
> > > > >>>>>>>>>> support
> > > > >>>>>>>>>>> of 2.2 version.
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
> > > > >>> the
> > > > >>>>>>>>> versions"?
> > > > >>>>>>>>>> Do
> > > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > >>>>>>>>> "ignite-spring-data"
> > > > >>>>>>>>>> to
> > > > >>>>>>>>>>> version 2.2 and introducing
> > > > >>> "ignite-spring-data-{old-version"}
> > > > >>>>>> for
> > > > >>>>>>>> the
> > > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > > >>> proposal.
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> -
> > > > >>>>>>>>>>> Denis
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > >>>>>>>>>>  [hidden email]
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>>> Hello!
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
> > > > >>>>>> commits, be
> > > > >>>>>>>>>>> careful
> > > > >>>>>>>>>>>> with release version)
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > > >>> will
> > > > >>>>>> provide
> > > > >>>>>>>>> the
> > > > >>>>>>>>>>>> following considerations:
> > > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > >>> currently do
> > > > >>>>>> not
> > > > >>>>>>>>> have,
> > > > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
> > > > >>> and
> > > > >>>>>> mailing
> > > > >>>>>>>>>> list.
> > > > >>>>>>>>>>>> Spring Data is important to our public image since many
> > > > >>>>> people
> > > > >>>>>> may
> > > > >>>>>>>>>> learn
> > > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > >>> (just 2
> > > > >>>>> POM
> > > > >>>>>>>> file
> > > > >>>>>>>>>>>> touched and that's all).
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > > >>> gmail
> > > > >>>>>> quirk,
> > > > >>>>>>>> we
> > > > >>>>>>>>>> did
> > > > >>>>>>>>>>>> not react to it in time.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> WDYT?
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > >>>>>> dependencies'
> > > > >>>>>>>>>> versions
> > > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > > >>>>> hibernate
> > > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > >>>>> maintenance
> > > > >>>>>>>>> versions
> > > > >>>>>>>>>>> to
> > > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > > > >>>>> between
> > > > >>>>>>>>>> releases,
> > > > >>>>>>>>>>> so
> > > > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
> > > > >>>>> formal
> > > > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> merge
> > > > >>>>> these
> > > > >>>>>>>>> version
> > > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Regards,
> > > > >>>>>>>>>>>> --
> > > > >>>>>>>>>>>> Ilya Kasnacheev
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > >>>>>>>>>>> < [hidden email]
> > > > >>>>>>>>>>>>> :
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > > > >>>>> 2.7.6,
> > > > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > > >>> Xeon
> > > > >>>>>> X5570
> > > > >>>>>>>>> 96Gb
> > > > >>>>>>>>>>>> 512GB
> > > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> cacheMode — partitioned
> > > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > >>>>>>>>>>>>> 1 backup
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > >>> disabled.
> > > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> [1]
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
> > > > >>>>>>>>>>>>>> To:  [hidden email]
> > > > >>>>>>>>>>>>>> Cc:
> > > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > >>> Manager]
> > > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Igniters,
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > > >>> Apache
> > > > >>>>>> Ignite
> > > > >>>>>>>>> 2.7
> > > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > >>> performance
> > > > >>>>>>>>>> improvements
> > > > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
> > > > >>>>>> release
> > > > >>>>>>>>> date.
> > > > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
> > > > >>>>> point
> > > > >>>>>>>> since
> > > > >>>>>>>>>> the
> > > > >>>>>>>>>>>>>> last major release:
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Service Grid,
> > > > >>>>>>>>>>>>>> Monitoring,
> > > > >>>>>>>>>>>>>> Recovery Read
> > > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > >>>>>>>>>>>>>> PDS compression,
> > > > >>>>>>>>>>>>>> WAL page compression,
> > > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > >>>>>>>>>>>>>> SQL query history
> > > > >>>>>>>>>>>>>> SQL statistics
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
> > > > >>>>>> branch
> > > > >>>>>>>>>> anymore
> > > > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > > > >>> year.
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
> > > > >>>>>> release
> > > > >>>>>>>> and
> > > > >>>>>>>>>> also
> > > > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
> > > > >>> the
> > > > >>>>>>>> planning
> > > > >>>>>>>>>>>>>> release.
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> WDYT?
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>
> > > > >>>>>>
> > > > >>>>>>
> > > > >>>>>> --
> > > > >>>>>> Best regards,
> > > > >>>>>> Ivan Pavlukhin
> > > > >>>>>>
> > > > >>>>>
> > > > >>>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> BR, Sergey Antonov
> > > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> > --
> > Best regards,
> > Ivan Pavlukhin
> >
> >
>

> Hello,
>
> * We can mark cluster read-only API (without enum) as experimental and
> > change the API in e.g. 2.8.1.
> > * We can try to exclude read-only API from 2.8 at all.
>
> both approaches look good to me.
>
> By the way, I think it would be a good idea to introduce a new annotation -
> @IgniteExperimental for instance,
> The package, class or method that is marked by @IgniteExperimental should
> clearly state that this API, class or method can be changed or removed in a
> future release.
>
> Thanks,
> S.
>
> пт, 10 янв. 2020 г. в 13:02, Ilya Kasnacheev <[hidden email]>:
>
> > Hello!
> >
> > I think the third option (exclude publicly-accessible API) is preferable.
> >
> > Regards,
> > --
> > Ilya Kasnacheev
> >
> >
> > пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <[hidden email]>:
> >
> > > Folks,
> > >
> > > Some thoughts:
> > > * Releasing an API with known fallacies sounds really bad thing to me.
> > > It can have a negative consequences for a whole project for years. My
> > > opinion here that we should resolve the problem with this API somehow
> > > before release.
> > > * We can mark cluster read-only API (without enum) as experimental and
> > > change the API in e.g. 2.8.1.
> > > * We can try to exclude read-only API from 2.8 at all.
> > >
> > > What do you think?
> > >
> > > пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <[hidden email]>:
> > > >
> > > > Guys,
> > > >
> > > > There is also an issue with cluster activation by thin clients. This
> > > > feature (.NET thin client API change and protocol change) was added
> by
> > > [1]
> > > > without any discussion on dev-list. Sergey's patch [2] deprecate
> > methods
> > > > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > didn't
> > > do
> > > > this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> > also
> > > > should not forget about thin client changes, since it will be strange
> > if
> > > we
> > > > introduce some methods to thin client API and protocol and in the
> same
> > > > Ignite version deprecate these methods for servers and thick clients.
> > > >
> > > > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > > > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> > > >
> > > >
> > > > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> > > <[hidden email]
> > > > >:
> > > >
> > > > >
> > > > >
> > > > > Agree with Nikolay, -1 from me, too.
> > > > >
> > > > > >Hello, Igniters.
> > > > > >
> > > > > >I’m -1 to include the read-only patch to 2.8.
> > > > > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> for
> > > > > blockers and major issues.
> > > > > >
> > > > > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > >We should focus on the release and make it ASAP.
> > > > > >
> > > > > >We can’t extend the scope anymore.
> > > > > >
> > > > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > [hidden email] >
> > > > > написал(а):
> > > > > >>
> > > > > >> Hello, Maxim!
> > > > > >>
> > > > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
> > > > > >> changed.
> > > > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > already
> > > > > >> presented. Changes in product code are minimal - only 30 changed
> > > files
> > > > > in
> > > > > >> /src/main/ part. And most of them are new control.sh commands
> and
> > > > > >> configuration.
> > > > > >>
> > > > > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > > > >> waiting for exactly that ENUM values exactly in 2.8 release (not
> > the
> > > > > 2.8.1
> > > > > >> for instance)?
> > > > > >> Can we introduce in new features in maintanance release (2.8.1)?
> > > Cluster
> > > > > >> read-only mode will be new feature, if we remove
> > > IgniteCluster#readOnly
> > > > > in
> > > > > >> 2.8 release. If all ok with that, lets remove
> > > IgniteCluster#readOnly and
> > > > > >> move ticket [1] to 2.8.1 release.
> > > > > >>
> > > > > >>> Do we have extended test results report (on just only TC.Bot
> > green
> > > > > visa)
> > > > > >> on this feature to be sure that we will not add any blocker
> issues
> > > to
> > > > > the
> > > > > >> release?
> > > > > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> visa
> > > vs
> > > > > >> release branch.
> > > > > >>
> > > > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov < [hidden email]
> > >:
> > > > > >>
> > > > > >>> Folks,
> > > > > >>>
> > > > > >>>
> > > > > >>> Let me remind you that we are working on the 2.8 release branch
> > > > > >>> stabilization currently (please, keep it in mind).
> > > > > >>>
> > > > > >>>
> > > > > >>> Do we have a really STRONG reason for adding such a change [1]
> to
> > > the
> > > > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> +5,517
> > > > > >>> −2,038, 111 files changed.
> > > > > >>> Do we have customer requests for this feature or maybe users
> who
> > > are
> > > > > >>> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > > > >>> 2.8.1 for instance)?
> > > > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate
> any
> > > > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > > >>> Do we have extended test results report (on just only TC.Bot
> > green
> > > > > >>> visa) on this feature to be sure that we will not add any
> blocker
> > > > > >>> issues to the release? For instance, on pre-production
> > environment.
> > > > > >>>
> > > > > >>> I'd like to notice that we also have more than enough the
> release
> > > > > >>> blocker issues [3] which are still `in progress` and such a
> > release
> > > > > >>> run becomes endless. Such changes without strong reasons looks
> > too
> > > > > >>> scary for me a special after scope and code freeze dates.
> > > > > >>>
> > > > > >>> Please, dispel my doubts.
> > > > > >>>
> > > > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > >>> [3]
> > > > > >>>
> > > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > )
> > > > > >>>
> > > > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > [hidden email]
> > > > > >
> > > > > >>> wrote:
> > > > > >>>>
> > > > > >>>> +1
> > > > > >>>>
> > > > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > [hidden email] >:
> > > > > >>>>
> > > > > >>>>> +1
> > > > > >>>>>
> > > > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > > branch
> > > > > >>> will be
> > > > > >>>>> at 13 Jan
> > > > > >>>>>
> > > > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> [hidden email]
> > > >:
> > > > > >>>>>
> > > > > >>>>>> +1
> > > > > >>>>>>
> > > > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > [hidden email]
> > > >:
> > > > > >>>>>>>
> > > > > >>>>>>> Maxim M. and anyone who is interested,
> > > > > >>>>>>>
> > > > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > >>>>>>> Basically, it's a result of the following discussion:
> > > > > >>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > >>>>>>>
> > > > > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods
> > that
> > > > > >>> work
> > > > > >>>>> with
> > > > > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > boolean
> > > > > >>>>> version
> > > > > >>>>>> of
> > > > > >>>>>>> API in the code (which is currently present in 2.8 branch)
> as
> > > it
> > > > > >>> wasn't
> > > > > >>>>>>> published in any release.
> > > > > >>>>>>>
> > > > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > >>>>>>  [hidden email] >
> > > > > >>>>>>> wrote:
> > > > > >>>>>>>
> > > > > >>>>>>>> Hello!
> > > > > >>>>>>>>
> > > > > >>>>>>>> I have ran dependency checker plugin and quote the
> > following:
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-urideploy:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-spring:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-spring-data:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-aop:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-visor-console:
> > > > > >>>>>>>>
> > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email]
> ,
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > >>>>> :
> > > > > >>>>>>>> CVE-2018-15756
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-spring-data_2.0:
> > > > > >>>>>>>>
> > > > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2018-15756
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-rest-http:
> > > > > >>>>>>>>
> > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> :
> > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-kubernetes:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-aws:
> > > > > >>>>>>>>
> > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> :
> > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > > >>>>> CVE-2015-6644,
> > > > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > > >>>>> CVE-2016-1000341,
> > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > >>>>> CVE-2016-1000345,
> > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > >>> CVE-2017-13098,
> > > > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-gce:
> > > > > >>>>>>>>
> > > > > >>>>>>>> httpclient-4.0.1.jar
> > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > CVE-2011-1498,
> > > > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > >>>>>>>> guava-jdk5-17.0.jar
> > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-cloud:
> > > > > >>>>>>>>
> > > > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0
> ,
> > > > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2013-2014,
> > > > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> CVE-2014-3476,
> > > > > >>>>>> CVE-2014-3520,
> > > > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> CVE-2018-14432,
> > > > > >>>>>> CVE-2018-20170
> > > > > >>>>>>>> cloudstack-2.0.0.jar
> > > > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > >>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2013-2136,
> > > > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
> > > > > >>>>>>>> docker-2.0.0.jar
> > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > CVE-2018-10892,
> > > > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > CVE-2019-16884,
> > > > > >>>>>>>> CVE-2019-5736
> > > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> docker-1.9.3.jar
> > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > >>> ,
> > > > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > CVE-2016-3697,
> > > > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > CVE-2019-15752,
> > > > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
> > > > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > > >>>>> CVE-2015-6644,
> > > > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > >>> CVE-2016-1000341,
> > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > >>>>> CVE-2016-1000345,
> > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > >>> CVE-2018-1000613
> > > > > >>>>>>>> okhttp-2.2.0.jar
> (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > ,
> > > > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > CVE-2016-2402
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-mesos:
> > > > > >>>>>>>>
> > > > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
> > > > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > CVE-2018-11793,
> > > > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
> > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> :
> > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > CVE-2018-14720,
> > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > CVE-2018-19362,
> > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > CVE-2019-14379,
> > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > CVE-2019-16942,
> > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-kafka:
> > > > > >>>>>>>>
> > > > > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > >>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > > > >>>>>>>> connect-api-2.0.1.jar
> > > > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> CVE-2018-17196
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-flume:
> > > > > >>>>>>>>
> > > > > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2017-15095,
> > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*)
> > :
> > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-14540,
> > > > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2015-6420,
> > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > >>>>>>>> netty-3.9.4.Final.jar
> (pkg:maven/io.netty/[hidden email]
> > ,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > > > >>>>>> CVE-2019-16869,
> > > > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2005-3747,
> > > > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> CVE-2009-5048,
> > > > > >>>>>> CVE-2009-5049,
> > > > > >>>>>>>> CVE-2011-4461
> > > > > >>>>>>>> jetty-util-6.1.26.jar
> > > > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > >>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2009-1523,
> > > > > >>>>>>>> CVE-2011-4461
> > > > > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26
> ,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > >>> CVE-2009-1523,
> > > > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> CVE-2017-7658,
> > > > > >>>>>> CVE-2017-9735,
> > > > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > >>>>>>>> libthrift-0.9.0.jar
> > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > >>> :
> > > > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
> > > > > >>>>>>>> httpclient-4.1.3.jar
> > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > > > >>>>>>>> CVE-2015-5262
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-twitter:
> > > > > >>>>>>>>
> > > > > >>>>>>>> httpclient-4.2.5.jar
> > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > > > >>>>>>>> CVE-2015-5262
> > > > > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-zookeeper:
> > > > > >>>>>>>>
> > > > > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2019-12086,
> > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1
> ,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > CVE-2018-1000873,
> > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-10172,
> > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > >>> (pkg:maven/io.netty/[hidden email]
> > > > > >>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-camel:
> > > > > >>>>>>>>
> > > > > >>>>>>>> camel-core-2.22.0.jar
> > > > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > CVE-2018-8041,
> > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > CVE-2018-8041,
> > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-storm:
> > > > > >>>>>>>>
> > > > > >>>>>>>> storm-core-1.1.1.jar
> > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > >>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > CVE-2018-11779,
> > > > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916
> > ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >>>>> CVE-2019-10247
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > CVE-2014-3577,
> > > > > >>>>>>>> CVE-2015-5262
> > > > > >>>>>>>>
> > > > > >>>
> > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> CVE-2014-0193,
> > > > > >>>>>> CVE-2014-3488,
> > > > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > SSLv3.0
> > > > > >>>>> support
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916
> ,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >>>>> CVE-2011-4461,
> > > > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> CVE-2017-9735,
> > > > > >>>>>> CVE-2019-10241,
> > > > > >>>>>>>> CVE-2019-10247
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
> > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > >>>>> CVE-2011-4461,
> > > > > >>>>>>>> CVE-2019-10247
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > > >>>>>> CVE-2016-1000031
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > CVE-2015-1776,
> > > > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> CVE-2016-6811,
> > > > > >>>>>> CVE-2017-15713,
> > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> CVE-2018-11768,
> > > > > >>>>>> CVE-2018-1296,
> > > > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-cassandra-store:
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-cassandra-serializers:
> > > > > >>>>>>>>
> > > > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
> > > > > >>>>>> CVE-2019-10086
> > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
> > > > > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2015-6420,
> > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email]
> ,
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>
> > > > >
> > >
> cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > > > >>>
> > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > >>>>> :
> > > > > >>>>>>>> CVE-2018-15756
> > > > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-flink:
> > > > > >>>>>>>>
> > > > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > >>>>>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > CVE-2016-5001,
> > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> CVE-2015-2156,
> > > > > >>>>>> CVE-2016-4970,
> > > > > >>>>>>>> CVE-2019-16869
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > >>>>>>>>
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > ,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*)
> :
> > > > > >>>>>> CVE-2017-15095,
> > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > CVE-2018-11307,
> > > > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > CVE-2018-14719,
> > > > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > CVE-2018-19361,
> > > > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > CVE-2019-12086,
> > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > CVE-2019-14439,
> > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > CVE-2019-16943,
> > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> CVE-2018-10237
> > > > > >>>>>>>>
> > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > >>> vulnerabilities
> > > > > >>>>> in
> > > > > >>>>>>>> ignite-rocketmq:
> > > > > >>>>>>>>
> > > > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > >>> (pkg:maven/io.netty/[hidden email]
> > > > > >>>>> ,
> > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> CVE-2019-16869
> > > > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > >>>>>>>>
> > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > >>> ,
> > > > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > >>>>>>>>
> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*)
> > :
> > > > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> CVE-2005-4838,
> > > > > >>>>>> CVE-2006-7196,
> > > > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> CVE-2009-2696,
> > > > > >>>>>> CVE-2012-5568,
> > > > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> CVE-2013-4444,
> > > > > >>>>>> CVE-2013-4590,
> > > > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> CVE-2014-0099,
> > > > > >>>>>> CVE-2014-0119,
> > > > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> CVE-2018-8020
> > > > > >>>>>>>>
> > > > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > maintenance
> > > > > >>>>>> releases
> > > > > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > >>>>>>>>
> > > > > >>>>>>>> Some integrations also clearly suffer, through it's a
> > problem
> > > of
> > > > > >>>>> their
> > > > > >>>>>>>> users, since they need to declare their own libraries'
> > > versions
> > > > > >>> by
> > > > > >>>>>>>> convention.
> > > > > >>>>>>>>
> > > > > >>>>>>>> Regards,
> > > > > >>>>>>>> --
> > > > > >>>>>>>> Ilya Kasnacheev
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > [hidden email]
> > > >:
> > > > > >>>>>>>>
> > > > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> you,
> > > > > >>> let's
> > > > > >>>>>> update
> > > > > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> -
> > > > > >>>>>>>>> Denis
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > >>>>>>>>>  [hidden email] >
> > > > > >>>>>>>>> wrote:
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>> Hello!
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > >>>>>>>>>>
> > > > > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > >>>>>>>> <!--
> > > > > >>>>>>>>>> don't forget to update spring version -->
> > > > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > >>>>> don't
> > > > > >>>>>>>>> forget
> > > > > >>>>>>>>>> to update spring-data version -->
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>
> > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > > >>>>>>>>>>
> > > > > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > >>>>>>>>> don't
> > > > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> All these libraries have maintenance release (such as
> our
> > > > > >>>>> 2.7.*6*)
> > > > > >>>>>> and
> > > > > >>>>>>>> I
> > > > > >>>>>>>>>> think it would be beneficial to upgrade these
> dependencies
> > > > > >>> to the
> > > > > >>>>>>>> latest
> > > > > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> Regards,
> > > > > >>>>>>>>>> --
> > > > > >>>>>>>>>> Ilya Kasnacheev
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > [hidden email]
> > > > > >>>> :
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > >>> fixes/improvements.
> > > > > >>>>>> Ilya is
> > > > > >>>>>>>>>> right
> > > > > >>>>>>>>>>> that Spring Data related questions sparked last time
> due
> > to
> > > > > >>>>>> missing
> > > > > >>>>>>>>>> support
> > > > > >>>>>>>>>>> of 2.2 version.
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> "bumping
> > > > > >>> the
> > > > > >>>>>>>>> versions"?
> > > > > >>>>>>>>>> Do
> > > > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > > >>>>>>>>> "ignite-spring-data"
> > > > > >>>>>>>>>> to
> > > > > >>>>>>>>>>> version 2.2 and introducing
> > > > > >>> "ignite-spring-data-{old-version"}
> > > > > >>>>>> for
> > > > > >>>>>>>> the
> > > > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > > > >>> proposal.
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> -
> > > > > >>>>>>>>>>> Denis
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > >>>>>>>>>>  [hidden email]
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>>> Hello!
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259
> (3
> > > > > >>>>>> commits, be
> > > > > >>>>>>>>>>> careful
> > > > > >>>>>>>>>>>> with release version)
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
> > > > > >>> will
> > > > > >>>>>> provide
> > > > > >>>>>>>>> the
> > > > > >>>>>>>>>>>> following considerations:
> > > > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > >>> currently do
> > > > > >>>>>> not
> > > > > >>>>>>>>> have,
> > > > > >>>>>>>>>>>> leading to lots of confused questions on stack
> overflow
> > > > > >>> and
> > > > > >>>>>> mailing
> > > > > >>>>>>>>>> list.
> > > > > >>>>>>>>>>>> Spring Data is important to our public image since
> many
> > > > > >>>>> people
> > > > > >>>>>> may
> > > > > >>>>>>>>>> learn
> > > > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > > >>> (just 2
> > > > > >>>>> POM
> > > > > >>>>>>>> file
> > > > > >>>>>>>>>>>> touched and that's all).
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> * The core was ready since early November but, due to
> > > > > >>> gmail
> > > > > >>>>>> quirk,
> > > > > >>>>>>>> we
> > > > > >>>>>>>>>> did
> > > > > >>>>>>>>>>>> not react to it in time.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> WDYT?
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > > >>>>>> dependencies'
> > > > > >>>>>>>>>> versions
> > > > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
> > > > > >>>>> hibernate
> > > > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > > >>>>> maintenance
> > > > > >>>>>>>>> versions
> > > > > >>>>>>>>>>> to
> > > > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I think this is one of things that are very hard to do
> > > > > >>>>> between
> > > > > >>>>>>>>>> releases,
> > > > > >>>>>>>>>>> so
> > > > > >>>>>>>>>>>> I think this dependencies bumping should be a part of
> a
> > > > > >>>>> formal
> > > > > >>>>>>>>>>>> release/testing cycle, and then be backported to
> master.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> > merge
> > > > > >>>>> these
> > > > > >>>>>>>>> version
> > > > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Regards,
> > > > > >>>>>>>>>>>> --
> > > > > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > >>>>>>>>>>> < [hidden email]
> > > > > >>>>>>>>>>>>> :
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
> > > > > >>>>> 2.7.6,
> > > > > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
> > > > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > > > >>> Xeon
> > > > > >>>>>> X5570
> > > > > >>>>>>>>> 96Gb
> > > > > >>>>>>>>>>>> 512GB
> > > > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > >>>>>>>>>>>>> 1 backup
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > >>> disabled.
> > > > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> [1]
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
> > > > > >>>>>>>>>>>>>> To:  [hidden email]
> > > > > >>>>>>>>>>>>>> Cc:
> > > > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > > >>> Manager]
> > > > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Igniters,
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > > > >>> Apache
> > > > > >>>>>> Ignite
> > > > > >>>>>>>>> 2.7
> > > > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > >>> performance
> > > > > >>>>>>>>>> improvements
> > > > > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> their
> > > > > >>>>>> release
> > > > > >>>>>>>>> date.
> > > > > >>>>>>>>>>>>>> Here is my list of the most interesting things from
> my
> > > > > >>>>> point
> > > > > >>>>>>>> since
> > > > > >>>>>>>>>> the
> > > > > >>>>>>>>>>>>>> last major release:
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Service Grid,
> > > > > >>>>>>>>>>>>>> Monitoring,
> > > > > >>>>>>>>>>>>>> Recovery Read
> > > > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > >>>>>>>>>>>>>> PDS compression,
> > > > > >>>>>>>>>>>>>> WAL page compression,
> > > > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > >>>>>>>>>>>>>> SQL query history
> > > > > >>>>>>>>>>>>>> SQL statistics
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> master
> > > > > >>>>>> branch
> > > > > >>>>>>>>>> anymore
> > > > > >>>>>>>>>>>>>> and prepare the next major release by the end of the
> > > > > >>> year.
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> 2.8
> > > > > >>>>>> release
> > > > > >>>>>>>> and
> > > > > >>>>>>>>>> also
> > > > > >>>>>>>>>>>>>> I want to propose myself to be the release manager
> of
> > > > > >>> the
> > > > > >>>>>>>> planning
> > > > > >>>>>>>>>>>>>> release.
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> WDYT?
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>
> > > > > >>>>>>
> > > > > >>>>>>
> > > > > >>>>>> --
> > > > > >>>>>> Best regards,
> > > > > >>>>>> Ivan Pavlukhin
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> BR, Sergey Antonov
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> > > --
> > > Best regards,
> > > Ivan Pavlukhin
> > >
> > >
> >
>

> Support the idea with the annotation
>
> пт, 10 янв. 2020 г., 13:11 Вячеслав Коптилин <[hidden email]>:
>
> > Hello,
> >
> > * We can mark cluster read-only API (without enum) as experimental and
> > > change the API in e.g. 2.8.1.
> > > * We can try to exclude read-only API from 2.8 at all.
> >
> > both approaches look good to me.
> >
> > By the way, I think it would be a good idea to introduce a new
> annotation -
> > @IgniteExperimental for instance,
> > The package, class or method that is marked by @IgniteExperimental should
> > clearly state that this API, class or method can be changed or removed
> in a
> > future release.
> >
> > Thanks,
> > S.
> >
> > пт, 10 янв. 2020 г. в 13:02, Ilya Kasnacheev <[hidden email]
> >:
> >
> > > Hello!
> > >
> > > I think the third option (exclude publicly-accessible API) is
> preferable.
> > >
> > > Regards,
> > > --
> > > Ilya Kasnacheev
> > >
> > >
> > > пт, 10 янв. 2020 г. в 12:26, Ivan Pavlukhin <[hidden email]>:
> > >
> > > > Folks,
> > > >
> > > > Some thoughts:
> > > > * Releasing an API with known fallacies sounds really bad thing to
> me.
> > > > It can have a negative consequences for a whole project for years. My
> > > > opinion here that we should resolve the problem with this API somehow
> > > > before release.
> > > > * We can mark cluster read-only API (without enum) as experimental
> and
> > > > change the API in e.g. 2.8.1.
> > > > * We can try to exclude read-only API from 2.8 at all.
> > > >
> > > > What do you think?
> > > >
> > > > пт, 10 янв. 2020 г. в 11:20, Alex Plehanov <[hidden email]
> >:
> > > > >
> > > > > Guys,
> > > > >
> > > > > There is also an issue with cluster activation by thin clients.
> This
> > > > > feature (.NET thin client API change and protocol change) was added
> > by
> > > > [1]
> > > > > without any discussion on dev-list. Sergey's patch [2] deprecate
> > > methods
> > > > > "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but
> > > didn't
> > > > do
> > > > > this for thin clients. If we want to include IGNITE-12225 to 2.8 we
> > > also
> > > > > should not forget about thin client changes, since it will be
> strange
> > > if
> > > > we
> > > > > introduce some methods to thin client API and protocol and in the
> > same
> > > > > Ignite version deprecate these methods for servers and thick
> clients.
> > > > >
> > > > > [1]: https://issues.apache.org/jira/browse/IGNITE-11709
> > > > > [2]: https://issues.apache.org/jira/browse/IGNITE-12225
> > > > >
> > > > >
> > > > > пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky
> > > > <[hidden email]
> > > > > >:
> > > > >
> > > > > >
> > > > > >
> > > > > > Agree with Nikolay, -1 from me, too.
> > > > > >
> > > > > > >Hello, Igniters.
> > > > > > >
> > > > > > >I’m -1 to include the read-only patch to 2.8.
> > > > > > >I think we shouldn’t accept any patches to 2.8 except bug fixes
> > for
> > > > > > blockers and major issues.
> > > > > > >
> > > > > > >Guys, we don’t release Apache Ignite for 13 months!
> > > > > > >We should focus on the release and make it ASAP.
> > > > > > >
> > > > > > >We can’t extend the scope anymore.
> > > > > > >
> > > > > > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <
> > > > [hidden email] >
> > > > > > написал(а):
> > > > > > >>
> > > > > > >> Hello, Maxim!
> > > > > > >>
> > > > > > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111
> files
> > > > > > >> changed.
> > > > > > >> Yes, PR is huge, but I wrote a lot of new tests and reworked
> > > already
> > > > > > >> presented. Changes in product code are minimal - only 30
> changed
> > > > files
> > > > > > in
> > > > > > >> /src/main/ part. And most of them are new control.sh commands
> > and
> > > > > > >> configuration.
> > > > > > >>
> > > > > > >>> Do we have customer requests for this feature or maybe users
> > who
> > > > are
> > > > > > >> waiting for exactly that ENUM values exactly in 2.8 release
> (not
> > > the
> > > > > > 2.8.1
> > > > > > >> for instance)?
> > > > > > >> Can we introduce in new features in maintanance release
> (2.8.1)?
> > > > Cluster
> > > > > > >> read-only mode will be new feature, if we remove
> > > > IgniteCluster#readOnly
> > > > > > in
> > > > > > >> 2.8 release. If all ok with that, lets remove
> > > > IgniteCluster#readOnly and
> > > > > > >> move ticket [1] to 2.8.1 release.
> > > > > > >>
> > > > > > >>> Do we have extended test results report (on just only TC.Bot
> > > green
> > > > > > visa)
> > > > > > >> on this feature to be sure that we will not add any blocker
> > issues
> > > > to
> > > > > > the
> > > > > > >> release?
> > > > > > >> I'm preparing patch for 2.8 release and I will get new TC Bot
> > visa
> > > > vs
> > > > > > >> release branch.
> > > > > > >>
> > > > > > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <
> [hidden email]
> > > >:
> > > > > > >>
> > > > > > >>> Folks,
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Let me remind you that we are working on the 2.8 release
> branch
> > > > > > >>> stabilization currently (please, keep it in mind).
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Do we have a really STRONG reason for adding such a change
> [1]
> > to
> > > > the
> > > > > > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple
> > +5,517
> > > > > > >>> −2,038, 111 files changed.
> > > > > > >>> Do we have customer requests for this feature or maybe users
> > who
> > > > are
> > > > > > >>> waiting for exactly that ENUM values exactly in 2.8 release
> > (not
> > > > the
> > > > > > >>> 2.8.1 for instance)?
> > > > > > >>> Can we just simply remove IgniteCluster#readOnly to eliminate
> > any
> > > > > > >>> backward compatibility issues between 2.8 and 2.9 releases?
> > > > > > >>> Do we have extended test results report (on just only TC.Bot
> > > green
> > > > > > >>> visa) on this feature to be sure that we will not add any
> > blocker
> > > > > > >>> issues to the release? For instance, on pre-production
> > > environment.
> > > > > > >>>
> > > > > > >>> I'd like to notice that we also have more than enough the
> > release
> > > > > > >>> blocker issues [3] which are still `in progress` and such a
> > > release
> > > > > > >>> run becomes endless. Such changes without strong reasons
> looks
> > > too
> > > > > > >>> scary for me a special after scope and code freeze dates.
> > > > > > >>>
> > > > > > >>> Please, dispel my doubts.
> > > > > > >>>
> > > > > > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>> [2]  https://github.com/apache/ignite/pull/7194
> > > > > > >>> [3]
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
> > > > > > )
> > > > > > >>>
> > > > > > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <
> > > > [hidden email]
> > > > > > >
> > > > > > >>> wrote:
> > > > > > >>>>
> > > > > > >>>> +1
> > > > > > >>>>
> > > > > > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
> > > > > > [hidden email] >:
> > > > > > >>>>
> > > > > > >>>>> +1
> > > > > > >>>>>
> > > > > > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8
> > > > branch
> > > > > > >>> will be
> > > > > > >>>>> at 13 Jan
> > > > > > >>>>>
> > > > > > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <
> > [hidden email]
> > > > >:
> > > > > > >>>>>
> > > > > > >>>>>> +1
> > > > > > >>>>>>
> > > > > > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <
> > > [hidden email]
> > > > >:
> > > > > > >>>>>>>
> > > > > > >>>>>>> Maxim M. and anyone who is interested,
> > > > > > >>>>>>>
> > > > > > >>>>>>> I suggest to include this fix to 2.8 release:
> > > > > > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
> > > > > > >>>>>>> Basically, it's a result of the following discussion:
> > > > > > >>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
> > > > > > >>>>>>>
> > > > > > >>>>>>> The fix affects public API: IgniteCluster#readOnly
> methods
> > > that
> > > > > > >>> work
> > > > > > >>>>> with
> > > > > > >>>>>>> boolean are replaced with ones that work with enum.
> > > > > > >>>>>>> If we include it, we won't be obliged to keep deprecated
> > > > boolean
> > > > > > >>>>> version
> > > > > > >>>>>> of
> > > > > > >>>>>>> API in the code (which is currently present in 2.8
> branch)
> > as
> > > > it
> > > > > > >>> wasn't
> > > > > > >>>>>>> published in any release.
> > > > > > >>>>>>>
> > > > > > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
> > > > > > >>>>>>  [hidden email] >
> > > > > > >>>>>>> wrote:
> > > > > > >>>>>>>
> > > > > > >>>>>>>> Hello!
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> I have ran dependency checker plugin and quote the
> > > following:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-urideploy:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-spring:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-spring-data:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-aop:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-visor-console:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.springframework/[hidden email]
> > ,
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > >>>>> :
> > > > > > >>>>>>>> CVE-2018-15756
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-spring-data_2.0:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> spring-core-5.0.8.RELEASE.jar
> > > > > > >>>>>>>> (pkg:maven/org.springframework/[hidden email]
> ,
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2018-15756
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-rest-http:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-kubernetes:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-aws:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
> > > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
> > > > > > >>>>> CVE-2015-6644,
> > > > > > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
> > > > > > >>>>> CVE-2016-1000341,
> > > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > > >>>>> CVE-2016-1000345,
> > > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
> > > > > > >>> CVE-2017-13098,
> > > > > > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-gce:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> httpclient-4.0.1.jar
> > > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) :
> > > > CVE-2011-1498,
> > > > > > >>>>>>>> CVE-2014-3577, CVE-2015-5262
> > > > > > >>>>>>>> guava-jdk5-17.0.jar
> > > > (pkg:maven/com.google.guava/guava-jdk5@17.0,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-cloud:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> openstack-keystone-2.0.0.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2013-2014,
> > > > > > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204,
> > CVE-2014-3476,
> > > > > > >>>>>> CVE-2014-3520,
> > > > > > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546,
> > CVE-2018-14432,
> > > > > > >>>>>> CVE-2018-20170
> > > > > > >>>>>>>> cloudstack-2.0.0.jar
> > > > > > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
> > > > > > >>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) :
> > > > CVE-2013-2136,
> > > > > > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593,
> CVE-2015-3252
> > > > > > >>>>>>>> docker-2.0.0.jar
> > > > (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
> > > > > > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) :
> > > CVE-2018-10892,
> > > > > > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
> > > > CVE-2019-16884,
> > > > > > >>>>>>>> CVE-2019-5736
> > > > > > >>>>>>>> guava-16.0.1.jar
> (pkg:maven/com.google.guava/guava@16.0.1
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>> docker-1.9.3.jar
> > > > (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
> > > > > > >>> ,
> > > > > > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) :
> > > CVE-2016-3697,
> > > > > > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509,
> > > > CVE-2019-15752,
> > > > > > >>>>>>>> CVE-2019-16884, CVE-2019-5736
> > > > > > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
> > > > > > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
> > > > > > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) :
> CVE-2016-5725
> > > > > > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
> > > > > > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
> > > > > > >>>>> CVE-2015-6644,
> > > > > > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
> > > > > > >>> CVE-2016-1000341,
> > > > > > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
> > > > > > >>>>> CVE-2016-1000345,
> > > > > > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
> > > > > > >>> CVE-2018-1000613
> > > > > > >>>>>>>> okhttp-2.2.0.jar
> > (pkg:maven/com.squareup.okhttp/okhttp@2.2.0
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) :
> > > CVE-2016-2402
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-mesos:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0
> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) :
> > > CVE-2018-11793,
> > > > > > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204,
> CVE-2019-5736
> > > > > > >>>>>>>> jetty-server-9.4.11.v20180605.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
> > > > > > >>>>>>>> jackson-databind-2.9.6.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719,
> > > > CVE-2018-14720,
> > > > > > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
> > > > CVE-2018-19362,
> > > > > > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
> > > > CVE-2019-14379,
> > > > > > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
> > > > CVE-2019-16942,
> > > > > > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-kafka:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> kafka-clients-2.0.1.jar
> > > > > > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
> > > > > > >>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-17196
> > > > > > >>>>>>>> connect-api-2.0.1.jar
> > > > > > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
> > > > > > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) :
> > CVE-2018-17196
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-flume:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> guava-11.0.2.jar
> (pkg:maven/com.google.guava/guava@11.0.2
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>> jackson-core-asl-1.8.8.jar
> > > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2017-15095,
> > > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525
> > > > > > >>>>>>>> jackson-mapper-asl-1.8.8.jar
> > > > > > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8
> ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*)
> > > :
> > > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > CVE-2018-1000873,
> > > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-14540,
> > > > > > >>>>>>>> CVE-2019-16335, CVE-2019-17267
> > > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > > > > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2015-6420,
> > > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > >>>>>>>> netty-3.9.4.Final.jar
> > (pkg:maven/io.netty/[hidden email]
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) :
> > CVE-2015-2156,
> > > > > > >>>>>> CVE-2019-16869,
> > > > > > >>>>>>>> POODLE vulnerability in SSLv3.0 support
> > > > > > >>>>>>>> servlet-api-2.5-20110124.jar
> > > > > > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2005-3747,
> > > > > > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524,
> > CVE-2009-5048,
> > > > > > >>>>>> CVE-2009-5049,
> > > > > > >>>>>>>> CVE-2011-4461
> > > > > > >>>>>>>> jetty-util-6.1.26.jar
> > > > > > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
> > > > > > >>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2009-1523,
> > > > > > >>>>>>>> CVE-2011-4461
> > > > > > >>>>>>>> jetty-6.1.26.jar
> (pkg:maven/org.mortbay.jetty/jetty@6.1.26
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
> > > > > > >>> CVE-2009-1523,
> > > > > > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657,
> > CVE-2017-7658,
> > > > > > >>>>>> CVE-2017-9735,
> > > > > > >>>>>>>> CVE-2019-10241, CVE-2019-10247
> > > > > > >>>>>>>> libthrift-0.9.0.jar
> > > > (pkg:maven/org.apache.thrift/libthrift@0.9.0)
> > > > > > >>> :
> > > > > > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320,
> CVE-2019-0205
> > > > > > >>>>>>>> httpclient-4.1.3.jar
> > > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > > > >>>>>>>> CVE-2015-5262
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-twitter:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> httpclient-4.2.5.jar
> > > > > > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > > > >>>>>>>> CVE-2015-5262
> > > > > > >>>>>>>> guava-14.0.1.jar
> (pkg:maven/com.google.guava/guava@14.0.1
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-zookeeper:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> jackson-databind-2.9.8.jar
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2019-12086,
> > > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439,
> > > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943,
> > > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>> guava-16.0.1.jar
> (pkg:maven/com.google.guava/guava@16.0.1
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>> jackson-mapper-asl-1.9.13.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
> > > > > > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525,
> > > > CVE-2018-1000873,
> > > > > > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-10172,
> > > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
> > > > > > >>>>>>>> netty-all-4.1.29.Final.jar
> > > > > > >>> (pkg:maven/io.netty/[hidden email]
> > > > > > >>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-camel:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> camel-core-2.22.0.jar
> > > > > > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
> > > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > CVE-2018-8041,
> > > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
> > > > > > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) :
> > > CVE-2018-8041,
> > > > > > >>>>>>>> CVE-2019-0188, CVE-2019-0194
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-storm:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> storm-core-1.1.1.jar
> > > > (pkg:maven/org.apache.storm/storm-core@1.1.1
> > > > > > >>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) :
> > > CVE-2018-11779,
> > > > > > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008,
> CVE-2019-0202
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
> > > > > > >>>>>>>>
> > (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >>>>> CVE-2019-10247
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
> > > > > > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) :
> > > > CVE-2014-3577,
> > > > > > >>>>>>>> CVE-2015-5262
> > > > > > >>>>>>>>
> > > > > > >>>
> > > storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) :
> > > CVE-2018-10237
> > > > > > >>>>>>>>
> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
> > > > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) :
> > CVE-2014-0193,
> > > > > > >>>>>> CVE-2014-3488,
> > > > > > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in
> > > SSLv3.0
> > > > > > >>>>> support
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
> > > > > > >>>>>>>>
> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916
> > ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >>>>> CVE-2011-4461,
> > > > > > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
> > CVE-2017-9735,
> > > > > > >>>>>> CVE-2019-10241,
> > > > > > >>>>>>>> CVE-2019-10247
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916
> ,
> > > > > > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
> > > > > > >>>>> CVE-2011-4461,
> > > > > > >>>>>>>> CVE-2019-10247
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
> > > > > > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
> > > > > > >>>>>>>>
> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
> > > > > > >>>>>> CVE-2016-1000031
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
> > > > > > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
> > > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) :
> > > CVE-2015-1776,
> > > > > > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393,
> > CVE-2016-6811,
> > > > > > >>>>>> CVE-2017-15713,
> > > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166,
> > CVE-2018-11768,
> > > > > > >>>>>> CVE-2018-1296,
> > > > > > >>>>>>>> CVE-2018-8009, CVE-2018-8029
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-cassandra-store:
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-cassandra-serializers:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> commons-beanutils-1.9.2.jar
> > > > > > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
> > > > > > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*)
> :
> > > > > > >>>>>> CVE-2019-10086
> > > > > > >>>>>>>> commons-collections-3.2.1.jar
> > > > > > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1
> ,
> > > > > > >>>>>>>>
> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2015-6420,
> > > > > > >>>>>>>> CVE-2017-15708, Remote code execution
> > > > > > >>>>>>>> spring-core-4.3.18.RELEASE.jar
> > > > > > >>>>>>>>
> (pkg:maven/org.springframework/[hidden email]
> > ,
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>
> > > > > >
> > > >
> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > > > >>>
> > > > cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
> > > > > > >>>>> :
> > > > > > >>>>>>>> CVE-2018-15756
> > > > > > >>>>>>>> netty-transport-4.1.27.Final.jar
> > > > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-flink:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> flink-hadoop-fs-1.5.0.jar
> > > > > > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
> > > > > > >>>>>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) :
> > > CVE-2016-5001,
> > > > > > >>>>>>>> CVE-2017-3161, CVE-2017-3162
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
> > > > > > >>>>>>>> (pkg:maven/io.netty/[hidden email],
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) :
> > CVE-2015-2156,
> > > > > > >>>>>> CVE-2016-4970,
> > > > > > >>>>>>>> CVE-2019-16869
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
> > > > > > >>>>>>>>
> > (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9
> > > ,
> > > > > > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*)
> > :
> > > > > > >>>>>> CVE-2017-15095,
> > > > > > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
> > > > CVE-2018-11307,
> > > > > > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
> > > > CVE-2018-14719,
> > > > > > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
> > > > CVE-2018-19361,
> > > > > > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489,
> > > CVE-2019-12086,
> > > > > > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
> > > > CVE-2019-14439,
> > > > > > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
> > > > CVE-2019-16943,
> > > > > > >>>>>>>> CVE-2019-17267, CVE-2019-17531
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
> > > > > > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
> > > > > > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) :
> > CVE-2018-10237
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> One or more dependencies were identified with known
> > > > > > >>> vulnerabilities
> > > > > > >>>>> in
> > > > > > >>>>>>>> ignite-rocketmq:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> netty-all-4.0.42.Final.jar
> > > > > > >>> (pkg:maven/io.netty/[hidden email]
> > > > > > >>>>> ,
> > > > > > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) :
> > CVE-2019-16869
> > > > > > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
> > > > > > >>>>>>>>
> > > > (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
> > > > > > >>> ,
> > > > > > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > > > cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
> > > > > > >>>>>>>>
> > cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*)
> > > :
> > > > > > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493,
> > CVE-2005-4838,
> > > > > > >>>>>> CVE-2006-7196,
> > > > > > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128,
> > CVE-2009-2696,
> > > > > > >>>>>> CVE-2012-5568,
> > > > > > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322,
> > CVE-2013-4444,
> > > > > > >>>>>> CVE-2013-4590,
> > > > > > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096,
> > CVE-2014-0099,
> > > > > > >>>>>> CVE-2014-0119,
> > > > > > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019,
> > CVE-2018-8020
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> Main offenders seem to be "jackson-databind" and old
> > > > maintenance
> > > > > > >>>>>> releases
> > > > > > >>>>>>>> of Spring. I think we can bump most of that.
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> Some integrations also clearly suffer, through it's a
> > > problem
> > > > of
> > > > > > >>>>> their
> > > > > > >>>>>>>> users, since they need to declare their own libraries'
> > > > versions
> > > > > > >>> by
> > > > > > >>>>>>>> convention.
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> Regards,
> > > > > > >>>>>>>> --
> > > > > > >>>>>>>> Ilya Kasnacheev
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <
> > > [hidden email]
> > > > >:
> > > > > > >>>>>>>>
> > > > > > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with
> > you,
> > > > > > >>> let's
> > > > > > >>>>>> update
> > > > > > >>>>>>>>> the versions of the dependencies to the latest.
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>> -
> > > > > > >>>>>>>>> Denis
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
> > > > > > >>>>>>>>>  [hidden email] >
> > > > > > >>>>>>>>> wrote:
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>>> Hello!
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> By bumping versisons I mean the following:
> > > > > > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
> > > > > > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
> > > > > > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
> > > > > > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
> > > > > > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>
> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
> > > > > > >>>>>>>> <!--
> > > > > > >>>>>>>>>> don't forget to update spring version -->
> > > > > > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
> > > > > > >>>>> don't
> > > > > > >>>>>>>>> forget
> > > > > > >>>>>>>>>> to update spring-data version -->
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>
> > > <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
> > > > > > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>
> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
> > > > > > >>>>>>>>> don't
> > > > > > >>>>>>>>>> forget to update spring-data-2.0 version -->
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> All these libraries have maintenance release (such as
> > our
> > > > > > >>>>> 2.7.*6*)
> > > > > > >>>>>> and
> > > > > > >>>>>>>> I
> > > > > > >>>>>>>>>> think it would be beneficial to upgrade these
> > dependencies
> > > > > > >>> to the
> > > > > > >>>>>>>> latest
> > > > > > >>>>>>>>>> maintenance version found in Maven Central.
> > > > > > >>>>>>>>>> For example, there is spring.data-2.0
> 2.0.*14*.RELEASE.
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> Regards,
> > > > > > >>>>>>>>>> --
> > > > > > >>>>>>>>>> Ilya Kasnacheev
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <
> > > > [hidden email]
> > > > > > >>>> :
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>>> A huge +1 for adding Spring Data related
> > > > > > >>> fixes/improvements.
> > > > > > >>>>>> Ilya is
> > > > > > >>>>>>>>>> right
> > > > > > >>>>>>>>>>> that Spring Data related questions sparked last time
> > due
> > > to
> > > > > > >>>>>> missing
> > > > > > >>>>>>>>>> support
> > > > > > >>>>>>>>>>> of 2.2 version.
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>> Ilya, could you elaborate on what you mean under
> > "bumping
> > > > > > >>> the
> > > > > > >>>>>>>>> versions"?
> > > > > > >>>>>>>>>> Do
> > > > > > >>>>>>>>>>> you suggest performing a straightforward upgrade of
> > > > > > >>>>>>>>> "ignite-spring-data"
> > > > > > >>>>>>>>>> to
> > > > > > >>>>>>>>>>> version 2.2 and introducing
> > > > > > >>> "ignite-spring-data-{old-version"}
> > > > > > >>>>>> for
> > > > > > >>>>>>>> the
> > > > > > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
> > > > > > >>> proposal.
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>> -
> > > > > > >>>>>>>>>>> Denis
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
> > > > > > >>>>>>>>>>  [hidden email]
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>> wrote:
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Hello!
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> I propose to add the following ticket to the scope:
> > > > > > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259
> > (3
> > > > > > >>>>>> commits, be
> > > > > > >>>>>>>>>>> careful
> > > > > > >>>>>>>>>>>> with release version)
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but
> I
> > > > > > >>> will
> > > > > > >>>>>> provide
> > > > > > >>>>>>>>> the
> > > > > > >>>>>>>>>>>> following considerations:
> > > > > > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
> > > > > > >>> currently do
> > > > > > >>>>>> not
> > > > > > >>>>>>>>> have,
> > > > > > >>>>>>>>>>>> leading to lots of confused questions on stack
> > overflow
> > > > > > >>> and
> > > > > > >>>>>> mailing
> > > > > > >>>>>>>>>> list.
> > > > > > >>>>>>>>>>>> Spring Data is important to our public image since
> > many
> > > > > > >>>>> people
> > > > > > >>>>>> may
> > > > > > >>>>>>>>>> learn
> > > > > > >>>>>>>>>>>> about out project by starting with Spring Data.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> * It has zero code impact outside of its own module
> > > > > > >>> (just 2
> > > > > > >>>>> POM
> > > > > > >>>>>>>> file
> > > > > > >>>>>>>>>>>> touched and that's all).
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> * The core was ready since early November but, due
> to
> > > > > > >>> gmail
> > > > > > >>>>>> quirk,
> > > > > > >>>>>>>> we
> > > > > > >>>>>>>>>> did
> > > > > > >>>>>>>>>>>> not react to it in time.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> WDYT?
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Another semi-related question. *Should we bump our
> > > > > > >>>>>> dependencies'
> > > > > > >>>>>>>>>> versions
> > > > > > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring
> and
> > > > > > >>>>> hibernate
> > > > > > >>>>>>>>>>>> dependencies. We could switch them to their latest
> > > > > > >>>>> maintenance
> > > > > > >>>>>>>>> versions
> > > > > > >>>>>>>>>>> to
> > > > > > >>>>>>>>>>>> avoid shipping default links to outdated packages.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> I think this is one of things that are very hard to
> do
> > > > > > >>>>> between
> > > > > > >>>>>>>>>> releases,
> > > > > > >>>>>>>>>>> so
> > > > > > >>>>>>>>>>>> I think this dependencies bumping should be a part
> of
> > a
> > > > > > >>>>> formal
> > > > > > >>>>>>>>>>>> release/testing cycle, and then be backported to
> > master.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to
> > > merge
> > > > > > >>>>> these
> > > > > > >>>>>>>>> version
> > > > > > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> Regards,
> > > > > > >>>>>>>>>>>> --
> > > > > > >>>>>>>>>>>> Ilya Kasnacheev
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
> > > > > > >>>>>>>>>>> < [hidden email]
> > > > > > >>>>>>>>>>>>> :
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate
> vs
> > > > > > >>>>> 2.7.6,
> > > > > > >>>>>>>>>>>>> last sha 2.8 was build from :
> 9d114f3137f92aebc2562a
> > > > > > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
> > > > > > >>> Xeon
> > > > > > >>>>>> X5570
> > > > > > >>>>>>>>> 96Gb
> > > > > > >>>>>>>>>>>> 512GB
> > > > > > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
> > > > > > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
> > > > > > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
> > > > > > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
> > > > > > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
> > > > > > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
> > > > > > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
> > > > > > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
> > > > > > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> cacheMode — partitioned
> > > > > > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
> > > > > > >>>>>>>>>>>>> 1 backup
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
> > > > > > >>> disabled.
> > > > > > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> [1]
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>> do we need some bisect or other work here ?
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> ------- Forwarded message -------
> > > > > > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
> > > > > > >>>>>>>>>>>>>> To:  [hidden email]
> > > > > > >>>>>>>>>>>>>> Cc:
> > > > > > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
> > > > > > >>> Manager]
> > > > > > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> Igniters,
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> It's almost a year has passed since the last major
> > > > > > >>> Apache
> > > > > > >>>>>> Ignite
> > > > > > >>>>>>>>> 2.7
> > > > > > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
> > > > > > >>> performance
> > > > > > >>>>>>>>>> improvements
> > > > > > >>>>>>>>>>>>>> and a lot of new features which are waiting for
> > their
> > > > > > >>>>>> release
> > > > > > >>>>>>>>> date.
> > > > > > >>>>>>>>>>>>>> Here is my list of the most interesting things
> from
> > my
> > > > > > >>>>> point
> > > > > > >>>>>>>> since
> > > > > > >>>>>>>>>> the
> > > > > > >>>>>>>>>>>>>> last major release:
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> Service Grid,
> > > > > > >>>>>>>>>>>>>> Monitoring,
> > > > > > >>>>>>>>>>>>>> Recovery Read
> > > > > > >>>>>>>>>>>>>> BLT auto-adjust,
> > > > > > >>>>>>>>>>>>>> PDS compression,
> > > > > > >>>>>>>>>>>>>> WAL page compression,
> > > > > > >>>>>>>>>>>>>> Thin client: best effort affinity,
> > > > > > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
> > > > > > >>>>>>>>>>>>>> SQL query history
> > > > > > >>>>>>>>>>>>>> SQL statistics
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> I think we should no longer wait and freeze the
> > master
> > > > > > >>>>>> branch
> > > > > > >>>>>>>>>> anymore
> > > > > > >>>>>>>>>>>>>> and prepare the next major release by the end of
> the
> > > > > > >>> year.
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite
> > 2.8
> > > > > > >>>>>> release
> > > > > > >>>>>>>> and
> > > > > > >>>>>>>>>> also
> > > > > > >>>>>>>>>>>>>> I want to propose myself to be the release manager
> > of
> > > > > > >>> the
> > > > > > >>>>>>>> planning
> > > > > > >>>>>>>>>>>>>> release.
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
> > > > > > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
> > > > > > >>>>>>>>>>>>>> Voting Date: December 10, 2019
> > > > > > >>>>>>>>>>>>>> Release Date: December 17, 2019
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>> WDYT?
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>>
> > > > > > >>>>>>>>>>>>
> > > > > > >>>>>>>>>>>
> > > > > > >>>>>>>>>>
> > > > > > >>>>>>>>>
> > > > > > >>>>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>>
> > > > > > >>>>>> --
> > > > > > >>>>>> Best regards,
> > > > > > >>>>>> Ivan Pavlukhin
> > > > > > >>>>>>
> > > > > > >>>>>
> > > > > > >>>
> > > > > > >>
> > > > > > >>
> > > > > > >> --
> > > > > > >> BR, Sergey Antonov
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > > Ivan Pavlukhin
> > > >
> > > >
> > >
> >
>

>Folks,
>
>Some thoughts:
>* Releasing an API with known fallacies sounds really bad thing to me.
>It can have a negative consequences for a whole project for years. My
>opinion here that we should resolve the problem with this API somehow
>before release.
>* We can mark cluster read-only API (without enum) as experimental and
>change the API in e.g. 2.8.1.
>* We can try to exclude read-only API from 2.8 at all.
>
>What do you think?
>
>пт, 10 янв. 2020 г. в 11:20, Alex Plehanov < [hidden email] >:
>>
>> Guys,
>>
>> There is also an issue with cluster activation by thin clients. This
>> feature (.NET thin client API change and protocol change) was added by [1]
>> without any discussion on dev-list. Sergey's patch [2] deprecate methods
>> "IgniteCluster.active(boolean)" and "IgniteCluster.active()", but didn't do
>> this for thin clients. If we want to include IGNITE-12225 to 2.8 we also
>> should not forget about thin client changes, since it will be strange if we
>> introduce some methods to thin client API and protocol and in the same
>> Ignite version deprecate these methods for servers and thick clients.
>>
>> [1]:  https://issues.apache.org/jira/browse/IGNITE-11709
>> [2]:  https://issues.apache.org/jira/browse/IGNITE-12225
>>
>>
>> пт, 10 янв. 2020 г. в 10:24, Zhenya Stanilovsky < [hidden email]
>> >:
>>
>> >
>> >
>> > Agree with Nikolay, -1 from me, too.
>> >
>> > >Hello, Igniters.
>> > >
>> > >I’m -1 to include the read-only patch to 2.8.
>> > >I think we shouldn’t accept any patches to 2.8 except bug fixes for
>> > blockers and major issues.
>> > >
>> > >Guys, we don’t release Apache Ignite for 13 months!
>> > >We should focus on the release and make it ASAP.
>> > >
>> > >We can’t extend the scope anymore.
>> > >
>> > >> 10 янв. 2020 г., в 04:29, Sergey Antonov <  [hidden email] >
>> > написал(а):
>> > >>
>> > >> Hello, Maxim!
>> > >>
>> > >>> This PR [2] doesn't look a very simple +5,517 −2,038, 111 files
>> > >> changed.
>> > >> Yes, PR is huge, but I wrote a lot of new tests and reworked already
>> > >> presented. Changes in product code are minimal - only 30 changed files
>> > in
>> > >> /src/main/ part. And most of them are new control.sh commands and
>> > >> configuration.
>> > >>
>> > >>> Do we have customer requests for this feature or maybe users who are
>> > >> waiting for exactly that ENUM values exactly in 2.8 release (not the
>> > 2.8.1
>> > >> for instance)?
>> > >> Can we introduce in new features in maintanance release (2.8.1)? Cluster
>> > >> read-only mode will be new feature, if we remove IgniteCluster#readOnly
>> > in
>> > >> 2.8 release. If all ok with that, lets remove IgniteCluster#readOnly and
>> > >> move ticket [1] to 2.8.1 release.
>> > >>
>> > >>> Do we have extended test results report (on just only TC.Bot green
>> > visa)
>> > >> on this feature to be sure that we will not add any blocker issues to
>> > the
>> > >> release?
>> > >> I'm preparing patch for 2.8 release and I will get new TC Bot visa vs
>> > >> release branch.
>> > >>
>> > >> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
>> > >>
>> > >>
>> > >>
>> > >> чт, 9 янв. 2020 г. в 19:38, Maxim Muzafarov <  [hidden email] >:
>> > >>
>> > >>> Folks,
>> > >>>
>> > >>>
>> > >>> Let me remind you that we are working on the 2.8 release branch
>> > >>> stabilization currently (please, keep it in mind).
>> > >>>
>> > >>>
>> > >>> Do we have a really STRONG reason for adding such a change [1] to the
>> > >>> ignite-2.8 branch? This PR [2] doesn't look a very simple +5,517
>> > >>> −2,038, 111 files changed.
>> > >>> Do we have customer requests for this feature or maybe users who are
>> > >>> waiting for exactly that ENUM values exactly in 2.8 release (not the
>> > >>> 2.8.1 for instance)?
>> > >>> Can we just simply remove IgniteCluster#readOnly to eliminate any
>> > >>> backward compatibility issues between 2.8 and 2.9 releases?
>> > >>> Do we have extended test results report (on just only TC.Bot green
>> > >>> visa) on this feature to be sure that we will not add any blocker
>> > >>> issues to the release? For instance, on pre-production environment.
>> > >>>
>> > >>> I'd like to notice that we also have more than enough the release
>> > >>> blocker issues [3] which are still `in progress` and such a release
>> > >>> run becomes endless. Such changes without strong reasons looks too
>> > >>> scary for me a special after scope and code freeze dates.
>> > >>>
>> > >>> Please, dispel my doubts.
>> > >>>
>> > >>> [1]  https://issues.apache.org/jira/browse/IGNITE-12225
>> > >>> [2]  https://github.com/apache/ignite/pull/7194
>> > >>> [3]
>> > >>>
>> >  https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Unresolvedissues(notrelatedtodocumentation
>> > )
>> > >>>
>> > >>> On Thu, 9 Jan 2020 at 19:01, Alexey Zinoviev <  [hidden email]
>> > >
>> > >>> wrote:
>> > >>>>
>> > >>>> +1
>> > >>>>
>> > >>>> чт, 9 янв. 2020 г. в 18:52, Sergey Antonov <
>> >  [hidden email] >:
>> > >>>>
>> > >>>>> +1
>> > >>>>>
>> > >>>>> I'm preparing patch for 2.8 branch now. TC Bot visa for 2.8 branch
>> > >>> will be
>> > >>>>> at 13 Jan
>> > >>>>>
>> > >>>>> чт, 9 янв. 2020 г., 21:06 Ivan Pavlukhin <  [hidden email] >:
>> > >>>>>
>> > >>>>>> +1
>> > >>>>>>
>> > >>>>>> чт, 9 янв. 2020 г. в 16:38, Ivan Rakov <  [hidden email] >:
>> > >>>>>>>
>> > >>>>>>> Maxim M. and anyone who is interested,
>> > >>>>>>>
>> > >>>>>>> I suggest to include this fix to 2.8 release:
>> > >>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12225
>> > >>>>>>> Basically, it's a result of the following discussion:
>> > >>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> >  http://apache-ignite-developers.2346864.n4.nabble.com/DISCUSSION-Single-point-in-API-for-changing-cluster-state-td43665.html
>> > >>>>>>>
>> > >>>>>>> The fix affects public API: IgniteCluster#readOnly methods that
>> > >>> work
>> > >>>>> with
>> > >>>>>>> boolean are replaced with ones that work with enum.
>> > >>>>>>> If we include it, we won't be obliged to keep deprecated boolean
>> > >>>>> version
>> > >>>>>> of
>> > >>>>>>> API in the code (which is currently present in 2.8 branch) as it
>> > >>> wasn't
>> > >>>>>>> published in any release.
>> > >>>>>>>
>> > >>>>>>> On Tue, Dec 31, 2019 at 3:54 PM Ilya Kasnacheev <
>> > >>>>>>  [hidden email] >
>> > >>>>>>> wrote:
>> > >>>>>>>
>> > >>>>>>>> Hello!
>> > >>>>>>>>
>> > >>>>>>>> I have ran dependency checker plugin and quote the following:
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-urideploy:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-spring:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-spring-data:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-aop:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-visor-console:
>> > >>>>>>>>
>> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
>> > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>> > >>>>> :
>> > >>>>>>>> CVE-2018-15756
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-spring-data_2.0:
>> > >>>>>>>>
>> > >>>>>>>> spring-core-5.0.8.RELEASE.jar
>> > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > cpe:2.3:a:pivotal_software:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:springsource:spring_framework:5.0.8.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:vmware:springsource_spring_framework:5.0.8:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-15756
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-rest-http:
>> > >>>>>>>>
>> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>> > >>>>>>>> jackson-databind-2.9.6.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-kubernetes:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-aws:
>> > >>>>>>>>
>> > >>>>>>>> jackson-databind-2.9.6.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>> bcprov-ext-jdk15on-1.54.jar
>> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.54) :
>> > >>>>> CVE-2015-6644,
>> > >>>>>>>> CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
>> > >>>>> CVE-2016-1000341,
>> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>> > >>>>> CVE-2016-1000345,
>> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427,
>> > >>> CVE-2017-13098,
>> > >>>>>>>> CVE-2018-1000180, CVE-2018-1000613
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-gce:
>> > >>>>>>>>
>> > >>>>>>>> httpclient-4.0.1.jar
>> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*) : CVE-2011-1498,
>> > >>>>>>>> CVE-2014-3577, CVE-2015-5262
>> > >>>>>>>> guava-jdk5-17.0.jar (pkg:maven/com.google.guava/guava-jdk5@17.0,
>> > >>>>>>>> cpe:2.3:a:google:guava:17.0:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-cloud:
>> > >>>>>>>>
>> > >>>>>>>> openstack-keystone-2.0.0.jar
>> > >>>>>>>> (pkg:maven/org.apache.jclouds.api/openstack-keystone@2.0.0,
>> > >>>>>>>> cpe:2.3:a:openstack:keystone:2.0.0:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:openstack:openstack:2.0.0:*:*:*:*:*:*:*) :
>> > >>> CVE-2013-2014,
>> > >>>>>>>> CVE-2013-4222, CVE-2013-6391, CVE-2014-0204, CVE-2014-3476,
>> > >>>>>> CVE-2014-3520,
>> > >>>>>>>> CVE-2014-3621, CVE-2015-3646, CVE-2015-7546, CVE-2018-14432,
>> > >>>>>> CVE-2018-20170
>> > >>>>>>>> cloudstack-2.0.0.jar
>> > >>>>> (pkg:maven/org.apache.jclouds.api/cloudstack@2.0.0
>> > >>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:cloudstack:2.0.0:*:*:*:*:*:*:*) : CVE-2013-2136,
>> > >>>>>>>> CVE-2013-6398, CVE-2014-0031, CVE-2014-9593, CVE-2015-3252
>> > >>>>>>>> docker-2.0.0.jar (pkg:maven/org.apache.jclouds.api/docker@2.0.0,
>> > >>>>>>>> cpe:2.3:a:docker:docker:2.0.0:*:*:*:*:*:*:*) : CVE-2018-10892,
>> > >>>>>>>> CVE-2019-13139, CVE-2019-13509, CVE-2019-15752, CVE-2019-16884,
>> > >>>>>>>> CVE-2019-5736
>> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> docker-1.9.3.jar (pkg:maven/org.apache.jclouds.labs/docker@1.9.3
>> > >>> ,
>> > >>>>>>>> cpe:2.3:a:docker:docker:1.9.3:*:*:*:*:*:*:*) : CVE-2016-3697,
>> > >>>>>>>> CVE-2017-14992, CVE-2019-13139, CVE-2019-13509, CVE-2019-15752,
>> > >>>>>>>> CVE-2019-16884, CVE-2019-5736
>> > >>>>>>>> jsch.agentproxy.core-0.0.8.jar
>> > >>>>>>>> (pkg:maven/com.jcraft/jsch.agentproxy.core@0.0.8,
>> > >>>>>>>> cpe:2.3:a:jcraft:jsch:0.0.8:*:*:*:*:*:*:*) : CVE-2016-5725
>> > >>>>>>>> bcprov-ext-jdk15on-1.49.jar
>> > >>>>>>>> (pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.49) :
>> > >>>>> CVE-2015-6644,
>> > >>>>>>>> CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
>> > >>> CVE-2016-1000341,
>> > >>>>>>>> CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344,
>> > >>>>> CVE-2016-1000345,
>> > >>>>>>>> CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098,
>> > >>> CVE-2018-1000613
>> > >>>>>>>> okhttp-2.2.0.jar (pkg:maven/com.squareup.okhttp/okhttp@2.2.0,
>> > >>>>>>>> cpe:2.3:a:squareup:okhttp:2.2.0:*:*:*:*:*:*:*) : CVE-2016-2402
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-mesos:
>> > >>>>>>>>
>> > >>>>>>>> mesos-1.5.0.jar (pkg:maven/org.apache.mesos/mesos@1.5.0,
>> > >>>>>>>> cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*) : CVE-2018-11793,
>> > >>>>>>>> CVE-2018-1330, CVE-2018-8023, CVE-2019-0204, CVE-2019-5736
>> > >>>>>>>> jetty-server-9.4.11.v20180605.jar
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:9.4.11.v20180605:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:9.4.11:20180605:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
>> > >>>>>>>> jackson-databind-2.9.6.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.6:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2018-1000873, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720,
>> > >>>>>>>> CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362,
>> > >>>>>>>> CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379,
>> > >>>>>>>> CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
>> > >>>>>>>> CVE-2019-16943, CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-kafka:
>> > >>>>>>>>
>> > >>>>>>>> kafka-clients-2.0.1.jar
>> > >>>>> (pkg:maven/org.apache.kafka/kafka-clients@2.0.1
>> > >>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>> > >>>>>>>> connect-api-2.0.1.jar
>> > >>> (pkg:maven/org.apache.kafka/connect-api@2.0.1,
>> > >>>>>>>> cpe:2.3:a:apache:kafka:2.0.1:*:*:*:*:*:*:*) : CVE-2018-17196
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-flume:
>> > >>>>>>>>
>> > >>>>>>>> guava-11.0.2.jar (pkg:maven/com.google.guava/guava@11.0.2,
>> > >>>>>>>> cpe:2.3:a:google:guava:11.0.2:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> jackson-core-asl-1.8.8.jar
>> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-core-asl@1.8.8,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*) :
>> > >>> CVE-2017-15095,
>> > >>>>>>>> CVE-2017-17485, CVE-2017-7525
>> > >>>>>>>> jackson-mapper-asl-1.8.8.jar
>> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.8.8,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.8.8:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.8.8:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-14540,
>> > >>>>>>>> CVE-2019-16335, CVE-2019-17267
>> > >>>>>>>> commons-collections-3.2.1.jar
>> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2015-6420,
>> > >>>>>>>> CVE-2017-15708, Remote code execution
>> > >>>>>>>> netty-3.9.4.Final.jar (pkg:maven/io.netty/[hidden email],
>> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.4:*:*:*:*:*:*:*) : CVE-2015-2156,
>> > >>>>>> CVE-2019-16869,
>> > >>>>>>>> POODLE vulnerability in SSLv3.0 support
>> > >>>>>>>> servlet-api-2.5-20110124.jar
>> > >>>>>>>> (pkg:maven/org.mortbay.jetty/servlet-api@2.5-20110124,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:2.5.20110124:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay:jetty:2.5.20110124:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:2.5.20110124:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2005-3747,
>> > >>>>>>>> CVE-2007-5615, CVE-2009-1523, CVE-2009-1524, CVE-2009-5048,
>> > >>>>>> CVE-2009-5049,
>> > >>>>>>>> CVE-2011-4461
>> > >>>>>>>> jetty-util-6.1.26.jar
>> > >>> (pkg:maven/org.mortbay.jetty/jetty-util@6.1.26
>> > >>>>> ,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>> > >>> CVE-2009-1523,
>> > >>>>>>>> CVE-2011-4461
>> > >>>>>>>> jetty-6.1.26.jar (pkg:maven/org.mortbay.jetty/jetty@6.1.26,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:*) :
>> > >>> CVE-2009-1523,
>> > >>>>>>>> CVE-2011-4461, CVE-2017-7656, CVE-2017-7657, CVE-2017-7658,
>> > >>>>>> CVE-2017-9735,
>> > >>>>>>>> CVE-2019-10241, CVE-2019-10247
>> > >>>>>>>> libthrift-0.9.0.jar (pkg:maven/org.apache.thrift/libthrift@0.9.0)
>> > >>> :
>> > >>>>>>>> CVE-2015-3254, CVE-2016-5397, CVE-2018-1320, CVE-2019-0205
>> > >>>>>>>> httpclient-4.1.3.jar
>> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.1.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>> > >>>>>>>> CVE-2015-5262
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-twitter:
>> > >>>>>>>>
>> > >>>>>>>> httpclient-4.2.5.jar
>> > >>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.2.5
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.2.5:*:*:*:*:*:*:*) : CVE-2014-3577,
>> > >>>>>>>> CVE-2015-5262
>> > >>>>>>>> guava-14.0.1.jar (pkg:maven/com.google.guava/guava@14.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:14.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-zookeeper:
>> > >>>>>>>>
>> > >>>>>>>> jackson-databind-2.9.8.jar
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2019-12086,
>> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>> guava-16.0.1.jar (pkg:maven/com.google.guava/guava@16.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> jackson-mapper-asl-1.9.13.jar
>> > >>>>>>>> (pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:1.9.13:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-mapper-asl:1.9.13:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873,
>> > >>>>>>>> CVE-2018-14718, CVE-2018-5968, CVE-2018-7489, CVE-2019-10172,
>> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-17267
>> > >>>>>>>> netty-all-4.1.29.Final.jar
>> > >>> (pkg:maven/io.netty/[hidden email]
>> > >>>>> ,
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.29:*:*:*:*:*:*:*) : CVE-2019-16869
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-camel:
>> > >>>>>>>>
>> > >>>>>>>> camel-core-2.22.0.jar
>> > >>> (pkg:maven/org.apache.camel/camel-core@2.22.0,
>> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > camel-core-2.22.0.jar/META-INF/maven/org.apache.camel/spi-annotations/pom.xml
>> > >>>>>>>> (pkg:maven/org.apache.camel/spi-annotations@2.22.0,
>> > >>>>>>>> cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*) : CVE-2018-8041,
>> > >>>>>>>> CVE-2019-0188, CVE-2019-0194
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-storm:
>> > >>>>>>>>
>> > >>>>>>>> storm-core-1.1.1.jar (pkg:maven/org.apache.storm/storm-core@1.1.1
>> > >>> ,
>> > >>>>>>>> cpe:2.3:a:apache:storm:1.1.1:*:*:*:*:*:*:*) : CVE-2018-11779,
>> > >>>>>>>> CVE-2018-1331, CVE-2018-1332, CVE-2018-8008, CVE-2019-0202
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-servlet@7.6.13.v20130916,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>> > >>>>> CVE-2019-10247
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml
>> > >>>>>>>> (pkg:maven/org.apache.httpcomponents/httpclient@4.3.3,
>> > >>>>>>>> cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*) : CVE-2014-3577,
>> > >>>>>>>> CVE-2015-5262
>> > >>>>>>>>
>> > >>> storm-core-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml
>> > >>>>>>>> (pkg:maven/com.google.guava/guava@16.0.1,
>> > >>>>>>>> cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>> storm-core-1.1.1.jar/META-INF/maven/io.netty/netty/pom.xml
>> > >>>>>>>> (pkg:maven/io.netty/[hidden email],
>> > >>>>>>>> cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*) : CVE-2014-0193,
>> > >>>>>> CVE-2014-3488,
>> > >>>>>>>> CVE-2015-2156, CVE-2019-16869, POODLE vulnerability in SSLv3.0
>> > >>>>> support
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-server@7.6.13.v20130916,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>> > >>>>> CVE-2011-4461,
>> > >>>>>>>> CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735,
>> > >>>>>> CVE-2019-10241,
>> > >>>>>>>> CVE-2019-10247
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
>> > >>>>>>>> (pkg:maven/org.eclipse.jetty/jetty-util@7.6.13.v20130916,
>> > >>>>>>>> cpe:2.3:a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:jetty:jetty:7.6.13.v20130916:*:*:*:*:*:*:*) :
>> > >>>>> CVE-2011-4461,
>> > >>>>>>>> CVE-2019-10247
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/commons-fileupload/commons-fileupload/pom.xml
>> > >>>>>>>> (pkg:maven/commons-fileupload/commons-fileupload@1.3.2,
>> > >>>>>>>> cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2016-1000031
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > storm-core-1.1.1.jar/META-INF/maven/org.apache.hadoop/hadoop-auth/pom.xml
>> > >>>>>>>> (pkg:maven/org.apache.hadoop/hadoop-auth@2.6.1,
>> > >>>>>>>> cpe:2.3:a:apache:hadoop:2.6.1:*:*:*:*:*:*:*) : CVE-2015-1776,
>> > >>>>>>>> CVE-2016-3086, CVE-2016-5001, CVE-2016-5393, CVE-2016-6811,
>> > >>>>>> CVE-2017-15713,
>> > >>>>>>>> CVE-2017-3161, CVE-2017-3162, CVE-2017-3166, CVE-2018-11768,
>> > >>>>>> CVE-2018-1296,
>> > >>>>>>>> CVE-2018-8009, CVE-2018-8029
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-cassandra-store:
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-cassandra-serializers:
>> > >>>>>>>>
>> > >>>>>>>> commons-beanutils-1.9.2.jar
>> > >>>>>>>> (pkg:maven/commons-beanutils/commons-beanutils@1.9.2,
>> > >>>>>>>> cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2019-10086
>> > >>>>>>>> commons-collections-3.2.1.jar
>> > >>>>>>>> (pkg:maven/commons-collections/commons-collections@3.2.1,
>> > >>>>>>>> cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2015-6420,
>> > >>>>>>>> CVE-2017-15708, Remote code execution
>> > >>>>>>>> spring-core-4.3.18.RELEASE.jar
>> > >>>>>>>> (pkg:maven/org.springframework/[hidden email],
>> > >>>>>>>>
>> > >>>>>>
>> > >>>
>> > cpe:2.3:a:pivotal_software:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:springsource:spring_framework:4.3.18.release:*:*:*:*:*:*:*,
>> > >>>>>>>>
>> > >>> cpe:2.3:a:vmware:springsource_spring_framework:4.3.18:*:*:*:*:*:*:*)
>> > >>>>> :
>> > >>>>>>>> CVE-2018-15756
>> > >>>>>>>> netty-transport-4.1.27.Final.jar
>> > >>>>>>>> (pkg:maven/io.netty/[hidden email],
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.1.27:*:*:*:*:*:*:*) : CVE-2019-16869
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-flink:
>> > >>>>>>>>
>> > >>>>>>>> flink-hadoop-fs-1.5.0.jar
>> > >>>>>> (pkg:maven/org.apache.flink/flink-hadoop-fs@1.5.0
>> > >>>>>>>> ,
>> > >>>>>>>> cpe:2.3:a:apache:hadoop:1.5.0:*:*:*:*:*:*:*) : CVE-2016-5001,
>> > >>>>>>>> CVE-2017-3161, CVE-2017-3162
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > flink-shaded-netty-4.0.27.Final-2.0.jar/META-INF/maven/io.netty/netty-all/pom.xml
>> > >>>>>>>> (pkg:maven/io.netty/[hidden email],
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.27:*:*:*:*:*:*:*) : CVE-2015-2156,
>> > >>>>>> CVE-2016-4970,
>> > >>>>>>>> CVE-2019-16869
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > flink-shaded-jackson-2.7.9-3.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
>> > >>>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson:2.7.9:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*) :
>> > >>>>>> CVE-2017-15095,
>> > >>>>>>>> CVE-2017-17485, CVE-2017-7525, CVE-2018-1000873, CVE-2018-11307,
>> > >>>>>>>> CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719,
>> > >>>>>>>> CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361,
>> > >>>>>>>> CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086,
>> > >>>>>>>> CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
>> > >>>>>>>> CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943,
>> > >>>>>>>> CVE-2019-17267, CVE-2019-17531
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > flink-shaded-guava-18.0-2.0.jar/META-INF/maven/com.google.guava/guava/pom.xml
>> > >>>>>>>> (pkg:maven/com.google.guava/guava@18.0,
>> > >>>>>>>> cpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*) : CVE-2018-10237
>> > >>>>>>>>
>> > >>>>>>>> One or more dependencies were identified with known
>> > >>> vulnerabilities
>> > >>>>> in
>> > >>>>>>>> ignite-rocketmq:
>> > >>>>>>>>
>> > >>>>>>>> netty-all-4.0.42.Final.jar
>> > >>> (pkg:maven/io.netty/[hidden email]
>> > >>>>> ,
>> > >>>>>>>> cpe:2.3:a:netty:netty:4.0.42:*:*:*:*:*:*:*) : CVE-2019-16869
>> > >>>>>>>> netty-tcnative-boringssl-static-1.1.33.Fork26.jar
>> > >>>>>>>> (pkg:maven/io.netty/netty-tcnative-boringssl-static@1.1.33.Fork26
>> > >>> ,
>> > >>>>>>>> cpe:2.3:a:apache:tomcat:1.1.33:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:apache:tomcat_native:1.1.33:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:apache_software_foundation:tomcat:1.1.33:*:*:*:*:*:*:*,
>> > >>>>>>>> cpe:2.3:a:apache_tomcat:apache_tomcat:1.1.33:*:*:*:*:*:*:*) :
>> > >>>>>>>> CVE-2000-1210, CVE-2001-0590, CVE-2002-0493, CVE-2005-4838,
>> > >>>>>> CVE-2006-7196,
>> > >>>>>>>> CVE-2007-1358, CVE-2007-2449, CVE-2008-0128, CVE-2009-2696,
>> > >>>>>> CVE-2012-5568,
>> > >>>>>>>> CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4444,
>> > >>>>>> CVE-2013-4590,
>> > >>>>>>>> CVE-2013-6357, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099,
>> > >>>>>> CVE-2014-0119,
>> > >>>>>>>> CVE-2016-5425, CVE-2017-15698, CVE-2018-8019, CVE-2018-8020
>> > >>>>>>>>
>> > >>>>>>>> Main offenders seem to be "jackson-databind" and old maintenance
>> > >>>>>> releases
>> > >>>>>>>> of Spring. I think we can bump most of that.
>> > >>>>>>>>
>> > >>>>>>>> Some integrations also clearly suffer, through it's a problem of
>> > >>>>> their
>> > >>>>>>>> users, since they need to declare their own libraries' versions
>> > >>> by
>> > >>>>>>>> convention.
>> > >>>>>>>>
>> > >>>>>>>> Regards,
>> > >>>>>>>> --
>> > >>>>>>>> Ilya Kasnacheev
>> > >>>>>>>>
>> > >>>>>>>>
>> > >>>>>>>> пт, 27 дек. 2019 г. в 23:59, Denis Magda <  [hidden email] >:
>> > >>>>>>>>
>> > >>>>>>>>> Ilya, no I see, thanks for the explanation. Agree with you,
>> > >>> let's
>> > >>>>>> update
>> > >>>>>>>>> the versions of the dependencies to the latest.
>> > >>>>>>>>>
>> > >>>>>>>>> -
>> > >>>>>>>>> Denis
>> > >>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>> On Thu, Dec 26, 2019 at 10:50 PM Ilya Kasnacheev <
>> > >>>>>>>>>  [hidden email] >
>> > >>>>>>>>> wrote:
>> > >>>>>>>>>
>> > >>>>>>>>>> Hello!
>> > >>>>>>>>>>
>> > >>>>>>>>>> I have committed ignite-spring-data_2.2 to ignite-2.8.
>> > >>>>>>>>>>
>> > >>>>>>>>>> By bumping versisons I mean the following:
>> > >>>>>>>>>> <slf4j.version>1.7.*7*</slf4j.version>
>> > >>>>>>>>>> <slf4j16.version>1.6.*4*</slf4j16.version>
>> > >>>>>>>>>> <snappy.version>1.1.7.*2*</snappy.version>
>> > >>>>>>>>>> <spark.hadoop.version>2.6.*5*</spark.hadoop.version>
>> > >>>>>>>>>> <spark.version>2.3.*0*</spark.version>
>> > >>>>>>>>>>
>> > >>>>>> <spring.data.version>1.13.*14*.RELEASE</spring.data.version>
>> > >>>>>>>> <!--
>> > >>>>>>>>>> don't forget to update spring version -->
>> > >>>>>>>>>> <spring.version>4.3.*18*.RELEASE</spring.version><!--
>> > >>>>> don't
>> > >>>>>>>>> forget
>> > >>>>>>>>>> to update spring-data version -->
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>> <spring.data-2.0.version>2.0.*9*.RELEASE</spring.data-2.0.version>
>> > >>>>>>>>>> <!-- don't forget to update spring-5.0 version -->
>> > >>>>>>>>>>
>> > >>>>>> <spring-5.0.version>5.0.*8*.RELEASE</spring-5.0.version><!--
>> > >>>>>>>>> don't
>> > >>>>>>>>>> forget to update spring-data-2.0 version -->
>> > >>>>>>>>>>
>> > >>>>>>>>>> All these libraries have maintenance release (such as our
>> > >>>>> 2.7.*6*)
>> > >>>>>> and
>> > >>>>>>>> I
>> > >>>>>>>>>> think it would be beneficial to upgrade these dependencies
>> > >>> to the
>> > >>>>>>>> latest
>> > >>>>>>>>>> maintenance version found in Maven Central.
>> > >>>>>>>>>> For example, there is spring.data-2.0 2.0.*14*.RELEASE.
>> > >>>>>>>>>>
>> > >>>>>>>>>> Regards,
>> > >>>>>>>>>> --
>> > >>>>>>>>>> Ilya Kasnacheev
>> > >>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>> чт, 26 дек. 2019 г. в 19:32, Denis Magda <  [hidden email]
>> > >>>> :
>> > >>>>>>>>>>
>> > >>>>>>>>>>> A huge +1 for adding Spring Data related
>> > >>> fixes/improvements.
>> > >>>>>> Ilya is
>> > >>>>>>>>>> right
>> > >>>>>>>>>>> that Spring Data related questions sparked last time due to
>> > >>>>>> missing
>> > >>>>>>>>>> support
>> > >>>>>>>>>>> of 2.2 version.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Ilya, could you elaborate on what you mean under "bumping
>> > >>> the
>> > >>>>>>>>> versions"?
>> > >>>>>>>>>> Do
>> > >>>>>>>>>>> you suggest performing a straightforward upgrade of
>> > >>>>>>>>> "ignite-spring-data"
>> > >>>>>>>>>> to
>> > >>>>>>>>>>> version 2.2 and introducing
>> > >>> "ignite-spring-data-{old-version"}
>> > >>>>>> for
>> > >>>>>>>> the
>> > >>>>>>>>>>> previous versions? If it's so, I fully agree with the
>> > >>> proposal.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> -
>> > >>>>>>>>>>> Denis
>> > >>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> On Thu, Dec 26, 2019 at 4:52 AM Ilya Kasnacheev <
>> > >>>>>>>>>>  [hidden email]
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>> wrote:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>>> Hello!
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> I propose to add the following ticket to the scope:
>> > >>>>>>>>>>>>  https://issues.apache.org/jira/browse/IGNITE-12259 (3
>> > >>>>>> commits, be
>> > >>>>>>>>>>> careful
>> > >>>>>>>>>>>> with release version)
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> Adding tickets to scope surely seems crazy now, but I
>> > >>> will
>> > >>>>>> provide
>> > >>>>>>>>> the
>> > >>>>>>>>>>>> following considerations:
>> > >>>>>>>>>>>> * This is Spring Data 2.2 integration, which we
>> > >>> currently do
>> > >>>>>> not
>> > >>>>>>>>> have,
>> > >>>>>>>>>>>> leading to lots of confused questions on stack overflow
>> > >>> and
>> > >>>>>> mailing
>> > >>>>>>>>>> list.
>> > >>>>>>>>>>>> Spring Data is important to our public image since many
>> > >>>>> people
>> > >>>>>> may
>> > >>>>>>>>>> learn
>> > >>>>>>>>>>>> about out project by starting with Spring Data.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> * It has zero code impact outside of its own module
>> > >>> (just 2
>> > >>>>> POM
>> > >>>>>>>> file
>> > >>>>>>>>>>>> touched and that's all).
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> * The core was ready since early November but, due to
>> > >>> gmail
>> > >>>>>> quirk,
>> > >>>>>>>> we
>> > >>>>>>>>>> did
>> > >>>>>>>>>>>> not react to it in time.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> WDYT?
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> Another semi-related question. *Should we bump our
>> > >>>>>> dependencies'
>> > >>>>>>>>>> versions
>> > >>>>>>>>>>>> before releasing 2.8?* I talk mainly about spring and
>> > >>>>> hibernate
>> > >>>>>>>>>>>> dependencies. We could switch them to their latest
>> > >>>>> maintenance
>> > >>>>>>>>> versions
>> > >>>>>>>>>>> to
>> > >>>>>>>>>>>> avoid shipping default links to outdated packages.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> I think this is one of things that are very hard to do
>> > >>>>> between
>> > >>>>>>>>>> releases,
>> > >>>>>>>>>>> so
>> > >>>>>>>>>>>> I think this dependencies bumping should be a part of a
>> > >>>>> formal
>> > >>>>>>>>>>>> release/testing cycle, and then be backported to master.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> I could volunteer to do that myself, if we agree to merge
>> > >>>>> these
>> > >>>>>>>>> version
>> > >>>>>>>>>>>> upgrades to ignite-2.8 and then re-test.
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> Regards,
>> > >>>>>>>>>>>> --
>> > >>>>>>>>>>>> Ilya Kasnacheev
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>> вт, 24 дек. 2019 г. в 13:22, Zhenya Stanilovsky
>> > >>>>>>>>>>> <  [hidden email]
>> > >>>>>>>>>>>>> :
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> Igniters, i`l try to compare 2.8 release candidate vs
>> > >>>>> 2.7.6,
>> > >>>>>>>>>>>>> last sha 2.8 was build from : 9d114f3137f92aebc2562a
>> > >>>>>>>>>>>>> i use yardstick benchmarks, 4 bare machine with: 2x
>> > >>> Xeon
>> > >>>>>> X5570
>> > >>>>>>>>> 96Gb
>> > >>>>>>>>>>>> 512GB
>> > >>>>>>>>>>>>> SSD 2048GB HDD 10GB/s
>> > >>>>>>>>>>>>> 1 for client (driver) and 3 for servers.
>> > >>>>>>>>>>>>> this mappings for graphs and real yardstick tests:
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> atomic-put: IgnitePutBenchmark
>> > >>>>>>>>>>>>> sql-merge-query: IgniteSqlMergeQueryBenchmark
>> > >>>>>>>>>>>>> atomic-get: IgniteGetBenchmark
>> > >>>>>>>>>>>>> tx-get: IgniteGetTxBenchmark
>> > >>>>>>>>>>>>> tx-put: IgnitePutTxBenchmark
>> > >>>>>>>>>>>>> atomic-put-all-bs-10: IgnitePutAllBenchmark
>> > >>>>>>>>>>>>> tx-put-all-bs-10: IgnitePutAllTxBenchmark
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> cacheMode — partitioned
>> > >>>>>>>>>>>>> CacheWriteSynchronizationMode.FULL_SYNC
>> > >>>>>>>>>>>>> 1 backup
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> 1. wal = log_only 2. wal = none 3. persistence
>> > >>> disabled.
>> > >>>>>>>>>>>>> Thanks Maxim for wiki page [1]
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> [1]
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>
>> >  https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.8#ApacheIgnite2.8-Benchmarks
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>> do we need some bisect or other work here ?
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> ------- Forwarded message -------
>> > >>>>>>>>>>>>>> From: "Maxim Muzafarov" <  [hidden email] >
>> > >>>>>>>>>>>>>> To:  [hidden email]
>> > >>>>>>>>>>>>>> Cc:
>> > >>>>>>>>>>>>>> Subject: Apache Ignite 2.8 RELEASE [Time, Scope,
>> > >>> Manager]
>> > >>>>>>>>>>>>>> Date: Fri, 20 Sep 2019 14:44:31 +0300
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> Igniters,
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> It's almost a year has passed since the last major
>> > >>> Apache
>> > >>>>>> Ignite
>> > >>>>>>>>> 2.7
>> > >>>>>>>>>>>>>> has been released. We've accumulated a lot of
>> > >>> performance
>> > >>>>>>>>>> improvements
>> > >>>>>>>>>>>>>> and a lot of new features which are waiting for their
>> > >>>>>> release
>> > >>>>>>>>> date.
>> > >>>>>>>>>>>>>> Here is my list of the most interesting things from my
>> > >>>>> point
>> > >>>>>>>> since
>> > >>>>>>>>>> the
>> > >>>>>>>>>>>>>> last major release:
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> Service Grid,
>> > >>>>>>>>>>>>>> Monitoring,
>> > >>>>>>>>>>>>>> Recovery Read
>> > >>>>>>>>>>>>>> BLT auto-adjust,
>> > >>>>>>>>>>>>>> PDS compression,
>> > >>>>>>>>>>>>>> WAL page compression,
>> > >>>>>>>>>>>>>> Thin client: best effort affinity,
>> > >>>>>>>>>>>>>> Thin client: transactions support (not yet)
>> > >>>>>>>>>>>>>> SQL query history
>> > >>>>>>>>>>>>>> SQL statistics
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> I think we should no longer wait and freeze the master
>> > >>>>>> branch
>> > >>>>>>>>>> anymore
>> > >>>>>>>>>>>>>> and prepare the next major release by the end of the
>> > >>> year.
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> I propose to discuss Time, Scope of Apache Ignite 2.8
>> > >>>>>> release
>> > >>>>>>>> and
>> > >>>>>>>>>> also
>> > >>>>>>>>>>>>>> I want to propose myself to be the release manager of
>> > >>> the
>> > >>>>>>>> planning
>> > >>>>>>>>>>>>>> release.
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> Scope Freeze: November 4, 2019
>> > >>>>>>>>>>>>>> Code Freeze: November 18, 2019
>> > >>>>>>>>>>>>>> Voting Date: December 10, 2019
>> > >>>>>>>>>>>>>> Release Date: December 17, 2019
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>>
>> > >>>>>>>>>>>>>> WDYT?
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>>
>> > >>>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>> --
>> > >>>>>> Best regards,
>> > >>>>>> Ivan Pavlukhin
>> > >>>>>>
>> > >>>>>
>> > >>>
>> > >>
>> > >>
>> > >> --
>> > >> BR, Sergey Antonov
>> > >
>> >
>> >
>> >
>> >
>
>
>--
>Best regards,
>Ivan Pavlukhin
>