...
Issues discovered in testing:
af | Andy | The only issue I’ve found so far is that the looping task producers emit an error to STDERR on every run. I have set up cron jobs to run the loopers daily and send us an email if there are errors, so now we’re receiving this error for every looper every day. WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/var/lib/duracloud/auditlog-generator.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release
This is a known issue with Spring and Java 9+. https://github.com/spring-projects/spring-framework/issues/20414 It looks like this is addressed in more recent version of the Spring framework. The workaround is to add these parameters to the JVM. --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.lang.invoke=ALL-UNNAMED |
|
|
|
Danny | opening duracloudsync-6.3.0-SNAPSHOT-osx-installer.app on my machine is failing (due to openjdk 13.0 security issue) . After removing the offending cask I am getting this: Image Added
I'm pretty sure this is a local issue, but it would be good if Nicholas Woodward can confirm that it works on his machine. |
| ![(tick)](/s/-141ylv/9012/1phy4ty/_/images/icons/emoticons/check.svg) | ![(tick)](/s/-141ylv/9012/1phy4ty/_/images/icons/emoticons/check.svg) |
Bill | The SyncTool installer is meant to check for Java prior to launch. At the moment, it is set (in installbuilder.xml) to require Java 7. This needs to be updated to Java 11. The related error messages should also be updated, along with the download link, which should be: https://www.oracle.com/java/technologies/javase- |
still investigating, but most likely due to my system configuration. Testing of Completed Issues
Regression Testing
Task | bb | db | nw | af |
---|
Perform Regression Tests | Verified: UI functions across user levels and browsers, media streaming, synctool, retrieval tool, rest api To be verified: Audit, Manifest, Storage StatsAudit, Snapshot actions, Storage Stats |
|
|
|
Use ZAProxy to perform a security analysis
- Use a test DuraCloud account with very little content
- Start an Automated Scan
- Remove any sites not relevant to DuraCloud from the "Sites" list
- Generate an HTML and XML report and attach to this page
| ZAProxy Report (html, xml) - Medium risk:
- jquery, version 1.7.1 is vulnerable
- Low risk:
- Missing anti-CSFR tokens on login form
- Missing cookie settings (AWS cookies): HttpOnly flag, SameSite attribute, Secure flag
- Missing X-Content-Type-Options header
|
|
|
|
Build Tests
Release Actions - for each baseline (in this order): DB, DuraCloud, MC, Mill, Snapshot
...