Release Notes
Issues discovered in testing
Issues discovered in testing:
Discovered by | Issue | bb | db | nw |
---|
Andy | The only issue I’ve found so far is that the looping task producers emit an error to STDERR on every run. I have set up cron jobs to run the loopers daily and send us an email if there are errors, so now we’re receiving this error for every looper every day. WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/var/lib/duracloud/auditlog-generator.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release
This is a known issue with Spring and Java 9+. https://github.com/spring-projects/spring-framework/issues/20414 It looks like this is addressed in more recent version of the Spring framework. The workaround is to add these parameters to the JVM. --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.lang.invoke=ALL-UNNAMED |
|
|
|
Danny | opening duracloudsync-6.3.0-SNAPSHOT-osx-installer.app on my machine is failing (due to openjdk 13.0 security issue) . After removing the offending cask I am getting this: Image Added I'm pretty sure this is a local issue, but it would be good if Nicholas Woodward can confirm that it works on his machine. |
| | |
Bill | The SyncTool installer is meant to check for Java prior to launch. At the moment, it is set (in installbuilder.xml) to require Java 7. This needs to be updated to Java 11. The related error messages should also be updated, along with the download link, which should be: https://www.oracle.com/java/technologies/javase-downloads.html JIRA ticket: Jira |
---|
server | LYRASIS JIRA |
---|
serverId | c815ca92-fd23-34c2-8fe3-956808caf8c5 |
---|
key | DURACLOUD-1295 |
---|
|
PR: https://github.com/duracloud/duracloud/pull/133 | |
|
|
Bill | The SyncTool installer for linux does not work on Ubuntu 20.04. The executable jar works just fine, so this will become the preferred installation method for linux users. |
|
|
|
Nick | Found this while looking for anything below Java 11. Not sure if it's even still in use. https://github.com/duracloud/snapshot/blob/develop/resources/setup-bridge-server.sh. PR to remove this file (it's unused): https://github.com/duracloud/snapshot/pull/28 | |
|
|
Testing of Completed Issues
Regression Testing
Task | bb | db | nw | af |
---|
Perform Regression Tests | Verified: UI functions across user levels and browsers, media streaming, synctool, retrieval tool, rest api, Manifest, Audit, Snapshot actions, Storage Stats |
|
|
|
Use ZAProxy to perform a security analysis
- Use a test DuraCloud account with very little content
- Start an Automated Scan
- Remove any sites not relevant to DuraCloud from the "Sites" list
- Generate an HTML and XML report and attach to this page
| ZAProxy Report (html, xml) - Medium risk:
- jquery, version 1.7.1 is vulnerable
- Low risk:
- Missing anti-CSFR tokens on login form
- Missing cookie settings (AWS cookies): HttpOnly flag, SameSite attribute, Secure flag
- Missing X-Content-Type-Options header
|
|
|
|
Build Tests
Release Actions - for each baseline (in this order): DB, DuraCloud, MC, Mill, Snapshot
- Complete testing
- Perform version release (v6v7.30.0): https://github.com/duracloud/deployment-docs/blob/master/release-new-version.md
- Deploy release zip to production Beanstalk
- Create release notes in Github
- Update documentation
- Update download links to point to Github release
...