Skip to content

Commit

Permalink
Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, C…
Browse files Browse the repository at this point in the history 
…VE-2023-34455, ...) (#2445)

* Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, CVE-2023-34455, ...)

* Update strimzi test container and align Kafka version
  • Loading branch information
@martinweiler
martinweiler authored Jul 17, 2024
1 parent 114d1ad commit 627f318
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@
<version.info.picocli>4.6.1</version.info.picocli>
<version.io.micrometer>1.7.3</version.io.micrometer>
<version.io.smallrye.openapi.core>2.1.4</version.io.smallrye.openapi.core>
<version.io.strimzi.strimzi-test-container>0.101.0</version.io.strimzi.strimzi-test-container>
<version.io.strimzi.strimzi-test-container>0.106.0</version.io.strimzi.strimzi-test-container>
<version.io.takari.maven.plugins.testing>2.9.2</version.io.takari.maven.plugins.testing>
<version.io.undertow>2.2.28.Final</version.io.undertow>
<version.jaxen>1.1.6</version.jaxen>
Expand Down Expand Up @@ -484,7 +484,7 @@
<version.org.hisrc.jsonix.jsonix-scripts>3.0.0</version.org.hisrc.jsonix.jsonix-scripts>
<version.org.jvnet.jaxb2.maven2.maven-jaxb2-plugin>0.15.3</version.org.jvnet.jaxb2.maven2.maven-jaxb2-plugin>
<version.org.mock-server>5.11.1</version.org.mock-server>
<version.org.apache.kafka>3.1.0</version.org.apache.kafka>
<version.org.apache.kafka>3.6.1</version.org.apache.kafka>
<version.shade.plugin>3.2.4</version.shade.plugin>

<version.lock-treatment-tool>^0.2.2</version.lock-treatment-tool>
Expand Down

2 comments on commit 627f318

@mareknovotny
Copy link
Member

@mareknovotny mareknovotny commented on 627f318 Oct 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just late comment, the strimzi test container and probably strimzi itself is deployed with java 11 class byte format. This breaks our CI which builds with jdk 8 fyi @martinweiler @gmunozfe @elguardian

Adding the stacktrace from jdk8 nightly

[2024-10-13T23:10:07.047Z] [INFO] Repository WildFly ................................. SUCCESS [ 10.206 s]
[2024-10-13T23:10:07.048Z] [INFO] karaf-itests ....................................... SUCCESS [  3.441 s]
[2024-10-13T23:10:07.048Z] [INFO] jBPM :: WorkItem :: SpringBoot :: IntegrationTests . FAILURE [  5.214 s]
[2024-10-13T23:10:07.048Z] [INFO] ------------------------------------------------------------------------
[2024-10-13T23:10:07.048Z] [INFO] BUILD FAILURE
[2024-10-13T23:10:07.048Z] [INFO] ------------------------------------------------------------------------
[2024-10-13T23:10:07.048Z] [INFO] Total time:  06:07 min
[2024-10-13T23:10:07.048Z] [INFO] Finished at: 2024-10-13T19:10:05-04:00
[2024-10-13T23:10:07.048Z] [INFO] ------------------------------------------------------------------------
[2024-10-13T23:10:07.048Z] [WARNING] The requested profile "run-code-coverage" could not be activated because it does not exist.
[2024-10-13T23:10:07.048Z] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:testCompile (default-testCompile) on project jbpm-workitem-itests: Compilation failure
[2024-10-13T23:10:07.048Z] [ERROR] /home/jenkins/workspace/KIE/main/daily-build-jdk8/jdk8-db-main/bc/kiegroup_jbpm-work-items/jbpm-workitem-itests/src/test/java/org/jbpm/workitem/springboot/samples/KafkaFixture.java:[42,33] cannot access io.strimzi.test.container.StrimziKafkaContainer
[2024-10-13T23:10:07.048Z] [ERROR]   bad class file: /home/jenkins/.m2/repository/io/strimzi/strimzi-test-container/0.106.0/strimzi-test-container-0.106.0.jar(io/strimzi/test/container/StrimziKafkaContainer.class)
[2024-10-13T23:10:07.048Z] [ERROR]     class file has wrong version 55.0, should be 52.0
[2024-10-13T23:10:07.048Z] [ERROR]     Please remove or make sure it appears in the correct subdirectory of the classpath.
[2024-10-13T23:10:07.048Z] [ERROR] -> [Help 1]
[2024-10-13T23:10:07.048Z] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:testCompile (default-testCompile) on project jbpm-workitem-itests: Compilation failure
[2024-10-13T23:10:07.048Z] /home/jenkins/workspace/KIE/main/daily-build-jdk8/jdk8-db-main/bc/kiegroup_jbpm-work-items/jbpm-workitem-itests/src/test/java/org/jbpm/workitem/springboot/samples/KafkaFixture.java:[42,33] cannot access io.strimzi.test.container.StrimziKafkaContainer
[2024-10-13T23:10:07.048Z]   bad class file: /home/jenkins/.m2/repository/io/strimzi/strimzi-test-container/0.106.0/strimzi-test-container-0.106.0.jar(io/strimzi/test/container/StrimziKafkaContainer.class)
[2024-10-13T23:10:07.048Z]     class file has wrong version 55.0, should be 52.0
[2024-10-13T23:10:07.048Z]     Please remove or make sure it appears in the correct subdirectory of the classpath.
[2024-10-13T23:10:07.048Z] 
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
[2024-10-13T23:10:07.048Z]     at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
[2024-10-13T23:10:07.048Z]     at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
[2024-10-13T23:10:07.048Z]     at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
[2024-10-13T23:10:07.048Z]     at java.lang.reflect.Method.invoke (Method.java:498)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[2024-10-13T23:10:07.048Z] Caused by: org.apache.maven.plugin.compiler.CompilationFailureException: Compilation failure
[2024-10-13T23:10:07.048Z] /home/jenkins/workspace/KIE/main/daily-build-jdk8/jdk8-db-main/bc/kiegroup_jbpm-work-items/jbpm-workitem-itests/src/test/java/org/jbpm/workitem/springboot/samples/KafkaFixture.java:[42,33] cannot access io.strimzi.test.container.StrimziKafkaContainer
[2024-10-13T23:10:07.048Z]   bad class file: /home/jenkins/.m2/repository/io/strimzi/strimzi-test-container/0.106.0/strimzi-test-container-0.106.0.jar(io/strimzi/test/container/StrimziKafkaContainer.class)
[2024-10-13T23:10:07.048Z]     class file has wrong version 55.0, should be 52.0
[2024-10-13T23:10:07.048Z]     Please remove or make sure it appears in the correct subdirectory of the classpath.
[2024-10-13T23:10:07.048Z] 
[2024-10-13T23:10:07.048Z]     at org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute (AbstractCompilerMojo.java:1220)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.plugin.compiler.TestCompilerMojo.execute (TestCompilerMojo.java:180)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
[2024-10-13T23:10:07.048Z]     at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
[2024-10-13T23:10:07.048Z]     at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
[2024-10-13T23:10:07.048Z]     at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
[2024-10-13T23:10:07.048Z]     at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
[2024-10-13T23:10:07.048Z]     at java.lang.reflect.Method.invoke (Method.java:498)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
[2024-10-13T23:10:07.048Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[2024-10-13T23:10:07.048Z] [ERROR] 
[2024-10-13T23:10:07.048Z] [ERROR] Re-run Maven using the -X switch to enable full debug logging.
[2024-10-13T23:10:07.048Z] [ERROR] 
[2024-10-13T23:10:07.048Z] [ERROR] For more information about the errors and possible solutions, please read the following articles:
[2024-10-13T23:10:07.048Z] [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[2024-10-13T23:10:07.048Z] [ERROR] 
[2024-10-13T23:10:07.048Z] [ERROR] After correcting the problems, you can resume the build with the command
[2024-10-13T23:10:07.048Z] [ERROR]   mvn <args> -rf :jbpm-workitem-itests

@mareknovotny
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the last version compiled to java 8 is https://repo1.maven.org/maven2/io/strimzi/strimzi-test-container/0.103.0/strimzi-test-container-0.103.0.pom

Please sign in to comment.