Page tree
Skip to end of metadata
Go to start of metadata

Release Notes

Issues discovered in testing

Issues discovered in testing:

Discovered byIssuebbdbnw
Andy

The only issue I’ve found so far is that the looping task producers emit an error to STDERR on every run. I have set up cron jobs to run the loopers daily and send us an email if there are errors, so now we’re receiving this error for every looper every day.

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/var/lib/duracloud/auditlog-generator.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

This is a known issue with Spring and Java 9+. https://github.com/spring-projects/spring-framework/issues/20414

It looks like this is addressed in more recent version of the Spring framework.

The workaround is to add these parameters to the JVM.

--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.lang.invoke=ALL-UNNAMED



Danny

opening duracloudsync-6.3.0-SNAPSHOT-osx-installer.app on my machine is failing (due to openjdk 13.0 security issue) . After removing the offending cask I am getting this:

I'm pretty sure this is a local issue,  but it would be good if Nicholas Woodward can confirm that it works on his machine.


(tick)(tick)
Bill

The SyncTool installer is meant to check for Java prior to launch. At the moment, it is set (in installbuilder.xml) to require Java 7. This needs to be updated to Java 11. The related error messages should also be updated, along with the download link, which should be: https://www.oracle.com/java/technologies/javase-downloads.html

JIRA ticket: DURACLOUD-1295 - Getting issue details... STATUS

PR: https://github.com/duracloud/duracloud/pull/133

(tick)

BillThe SyncTool installer for linux does not work on Ubuntu 20.04. The executable jar works just fine, so this will become the preferred installation method for linux users.


Nick 

Found this while looking for anything below Java 11. Not sure if it's even still in use. https://github.com/duracloud/snapshot/blob/develop/resources/setup-bridge-server.sh.

PR to remove this file (it's unused): https://github.com/duracloud/snapshot/pull/28

(tick)

Testing of Completed Issues

Itembbdbnw

DURACLOUD-1242 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1273 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1274 - Getting issue details... STATUS


(tick)(tick)

DURACLOUD-1264 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1275 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1246 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1270 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1271 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1276 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1263 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1266 - Getting issue details... STATUS


(tick)(tick)

DURACLOUD-1269 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1284 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1283 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1282 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1281 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1280 - Getting issue details... STATUS

(tick)(tick)

DURACLOUD-1285 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1286 - Getting issue details... STATUS

(tick)(tick)(tick)

DURACLOUD-1287 - Getting issue details... STATUS

(tick)
(tick)

DURACLOUD-1293 - Getting issue details... STATUS

(tick)(tick)

DURACLOUD-1250 - Getting issue details... STATUS

(tick)(tick)(tick)

Regression Testing

Taskbbdbnwaf
Perform Regression TestsVerified: UI functions across user levels and browsers, media streaming, synctool, retrieval tool, rest api, Manifest, Audit, Snapshot actions, Storage Stats


Use ZAProxy to perform a security analysis
  • Use a test DuraCloud account with very little content
  • Start an Automated Scan
  • Remove any sites not relevant to DuraCloud from the "Sites" list
  • Generate an HTML and XML report and attach to this page

ZAProxy Report (html, xml)

  • Medium risk:
    • jquery, version 1.7.1 is vulnerable
  • Low risk: 
    • Missing anti-CSFR tokens on login form
    • Missing cookie settings (AWS cookies):  HttpOnly flag, SameSite attribute, Secure flag
    • Missing X-Content-Type-Options header



Build Tests

Testbbdbnwaf
Update all dependencies to 6.3.0-SNAPSHOT versions

(error) Duracloud is pointing at duracloud-db-6.2.0 

(error) Management console is pointing to duracloud 6.2.0 and duracloud-db 6.2.0

(error) Mill is pointing to duracloud-6.2.0


https://github.com/duracloud/duracloud/pull/132

https://github.com/duracloud/management-console/pull/40

https://github.com/duracloud/mill/pull/40

(tick) These are all fixed and updated.



mvn clean install (full build + integration tests) - DuraCloud DB

(tick)

(tick)(tick)
mvn clean install (full build + integration tests) - DuraCloud(tick)(tick)(tick)
mvn clean install (full build + integration tests) - Management Console(tick)(tick)(tick)
mvn clean install (full build + integration tests) - Mill(tick)(tick)(tick)
mvn clean install (full build + integration tests) - Snapshot(tick)(tick)(tick)


Release Actions - for each baseline (in this order): DB, DuraCloud, MC, Mill, Snapshot



  • No labels