Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2360

Update commons collections version used by tests/releaseaudit

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 3.4.7, 3.5.1
    • 3.4.8, 3.5.2
    • build
    • None
    • Reviewed

    Description

      I don't believe this affects us from a security perspective directly, however it's something we should clean up in our next release.

      Afaict the only commons we use for shipping/production code is commons-cli. Our two release branches, 3.4 and 3.5, neither of them use commons-collections. I looked at the binary release artifact and it doesn't include the commons collections jar.

      We do have a test that uses CollectionsUtils, but no shipping code. I downloaded our 3.4 and 3.5 artifacts, this is all I see:

      phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$ grep -R "org.apache.commons.collections" .
      ./src/java/test/org/apache/zookeeper/RemoveWatchesTest.java:import org.apache.commons.collections.CollectionUtils;
      phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$

      Also in our ivy file we have

      <dependency org="org.apache.rat" name="apache-rat-tasks"
      rev="0.10" conf="releaseaudit->default"/>
      <dependency org="commons-lang" name="commons-lang"
      rev="2.6" conf="releaseaudit->default"/>
      <dependency org="commons-collections" name="commons-collections"
      rev="3.2.1" conf="releaseaudit->default"/>

      So commons-collections is pulled in - but only for the release audit, which is something we do as a build verification activity but not part of the product itself.

      Attachments

        1. ZOOKEEPER-2360.patch
          2 kB
          Patrick D. Hunt
        2. ZOOKEEPER-2360.patch
          2 kB
          Patrick D. Hunt
        3. ZOOKEEPER-2360-branch34.patch
          1 kB
          Patrick D. Hunt

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            phunt Patrick D. Hunt
            phunt Patrick D. Hunt
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment