Versions 1.15.3 and earlier stored the Flow Configuration in flow.xml.gz, and version 1.16.0 introduced a new serialization format stored in flow.json.gz. As a result of changes in version 1.17.0 to support Sensitive Dynamic Properties, components can be marked as invalid when the Flow Configuration contains a Parameter Context with a Sensitive Parameter Value that is referenced in a Sensitive Property. This issue can be resolved by entering the Sensitive Parameter Value in the referenced component Sensitive Property, which will save the Flow Configuration using the new flow.json.gz format. As an alternative, first upgrading to version 1.16.3 and then upgrading to 1.17.0 also avoids invalid component status issues.
How should I migrate flow.xml.gz to flow.json.gz, whether to automatically transition or to change the file name to flow.json.gz when migrating the old version of flow.xml.gz?
cruise6, changing the file name to flow.json.gz from the old version of flow.xml.gz will not work, as they are two different formats.
The other alternative you suggested, i.e. automatically transition will work fine.
I migrated from 1.15.1 to 1.16.1 and in the 1.15.1 I only had flow.xml.gz file. After I restarted with the upgrade I see two files flow.xml.gz and flow.json.gz. Both files are updated as I make changes to the flows. But at some point the xml version will go away.
Related
My system currently uses a gemfire cache and uses the io.pivotal.gemfire dependencies. Two of the dependencies, geode-core and geode-management both use org.jgroups (jgroups) as a runtime dependency. Currently I am using version 9.10.13 of the io.pivotal.gemfire dependencies (geode-core, geode-wan, geode-management etc. (see code snippet below)) and version 3.6.14.Final of jgroups.
Due to a vulnerability in the current version of jgroups, I want to upgrade to a newer version (any in version 4 would be sufficient but the newer the better (versions)). The problem I am having is that when I attempt to upgrade to a newer version (3.6.17 or newer), I get the following error when attempting to start-up the cache server:
java.lang.NoSuchMethodError: org.jgroups.View.<init>(Lorg/jgroups/ViewId;Ljava/util/List;)V
at org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger.installView(JGroupsMessenger.java:459) ~[geode-membership-9.10.13.jar:?]
When I actually go to investigate the issue, it looks as though it is referencing a line where the View class constructor was changed to take in a "Collection" instead of a "List", which seemed like a strange error since a List is a Collection.
I have tried using different combinations of jgroups and gemfire going up to 4/5 and 9.10.17 respectively without success. If anyone has any recommendations on how to move past (solve) this jgroups vulnerability while using a gemfire cache it would be much appreciated. Also, is there a table that lists gemifre versions vs. supported versions of jgroups?
Was able to get in contact with VMware Tanzu. All 9.* versions of gemfire require jgroups 3.6.14.Final. The new version of gemfire (10.*) which is currently in beta, is supposed to remove all dependencies on jgroups.
I have the following situation when migrating and compiling in native mode a quarkus service from version 2.5 to 2.6 and it is the following:
We have a JAR which contains the definition of traversal objects used by several services, within these are the validation messages used in the javax.validation.constraints annotations defined in a file called ValidationMessages.properties
Until version 2.5 I could include this jar as part of the service dependencies, it performed the native compilation of the service and managed to load these messages through the context without any additional configuration.
Now when migrating to version 2.6 it is not able to locate the default file but always looks for one depending on the region of the system:
The specific message is the following:
java.util.MissingResourceException: Can't find bundle for base name ValidationMessages, locale es_MX
at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:2055)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1689)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1593)
at java.util.ResourceBundle.getBundle(ResourceBundle.java:1284)```
After upgrading to quarkus version 2.7.3 I no longer have this issue.
Before the log4j shell issue happened last month I was using 'org.springframework.boot:spring-boot-starter-logging:1.5.22.RELEASE' which has internal dependencies on
ch.qos.logback:logback-classic:1.1.11 and ch.qos.logback:logback-core:1.1.11 jars respectively.
After that log4j shell issue occurred I had upgraded both the jars to version ch.qos.logback:logback-classic:1.2.3 and ch.qos.logback:logback-core:1.2.3 with gradle v3.5 which works fine. Now when I am trying to upgrade jars to logback-classic:1.2.10 and logback-core:1.2.10, this stops me while running the application stating below error:
org.gradle.tooling.BuildException: Could not execute build using Gradle distribution 'https://services.gradle.org/distributions/gradle-3.5-all.zip'.
Do I need to move to higher version of Grails or Gradle 3.5 have any issue with upgrade. Please any hint or guidance is most welcome.
From https://logback.qos.ch/news.html
We note that the vulnerability mentioned in CVE-2021-42550 requires
write access to logback's configuration file as a prerequisite. Please
understand that log4Shell and CVE-2021-42550 are of different severity
levels. In response to CVE-2021-42550 (aka LOGBACK-1591) we have
decided to make the following steps. 1) Hardened logback's JNDI lookup
mechanism to only honor requests in the java: namespace. All other
types of requests are ignored. Many thanks to Michael Osipov for
suggesting this change and providing the relvant PR. 2) SMTPAppender
was hardened. 3) Temporarily removed DB support for security reasons.
4) Removed Groovy configuration support. As logging is so
pervasive and configuration with Groovy is probably too powerful, this
feature is unlikely to be reinstated for security reasons. We note
that the aforementioned vulnerability requires write access to
logback's configuration file as a prerequisite. Please understand that
log4Shell/CVE-2021-44228 and CVE-2021-42550 are of different severity
levels. A successul RCE attack with CVE-2021-42550 requires all of the
following conditions to be met: write access to logback.xml use of
versions < 1.2.9 reloading of poisoned configuration data, which
implies application restart or scan="true" set prior to attack As an
additional extra precaution, in addition to upgrading to logback
version 1.2.9, we also recommend users to set their logback
configuration files as read-only
For now no support for grails so v1.2.9 onwards logback is not supported for now.
We're using Camel's File component to receive files that are placed into a directory. The URI for this is similar to:
file:///some/directory/inbox?delay=30000&delete=true&include=DSINV.*%5C.OUT&preSort=true&readLock=changed&readLockCheckInterval=5000&readLockMinLength=0
previously we did not have the 'preSort=true' parameter, and files were being received in a random order.
We added this parameter, but we are now getting the following error in the logs:
There are 1 parameters that couldn't be set on the endpoint.
Check the uri if the parameters are spelt correctly and that they are properties of the endpoint.
Unknown parameters=[\{preSort=true}]
The version of Camel we are using is 2.15.4. The documentation for the 2.x version of the File component states that this is a valid parameter.
This has been added in 2.21.0
https://camel.apache.org/releases/release-2.21.0/
See the related jira here
https://issues.apache.org/jira/browse/CAMEL-11656
So it is not available in 2.15.4 you have to at least update to 2.21.0 in order to work.
I don't know about the latest but is seems even the most resent Camel versions still support java 8
https://camel.apache.org/manual/latest/index.html#_jdk_requirements
Camel 2.x supports JDK 8
Camel 3.0 - 3.4 supports JDK 8 and 11
There is one particular processor as mentioned below I am interested in which has one extra feature in 1.5.0 as compared to 1.2.0 and so I want to use that.
Processor Name: QueryDatabaseTable
Is there any way I can just upgrade the processor or add this processor without upgrading whole NiFi?
I see there are two approaches.
Above processor is stored as the nifi-standard-nar-x.x.x.nar-unpacked file. So just copy the Nar from 1.5.0 and put it on 1.2.0. I am not sure after this if nifi will recognize this new processor version or not?
above processor is part of the following file, and so create a new processor out of it and deploye it on 1.2.0, not sure how complicated it will be though.
https://github.com/apache/nifi/blob/dd58a376c9050bdb280e29125cce4c55701b29df/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/QueryDatabaseTableTest.java
would someone let me know which would be a better version and also, where I can find the nar file or source code of above processor, I don't separate nar file for this processor?
It might be worth a try to simply copy in the NAR, but in this case I'm pretty sure it won't work. There were lots of core framework changes between 1.2.0 and 1.5.0, and also the standard NAR has the standard-services-api NAR as a dependency, so you'd likely need to copy that one as well, etc.
A general approach for backporting is to find the Jira case that has the feature/fix you want, use the link in the Jira to get to the Github Pull Request that added/fixed it, then create a branch from your baseline (nifi-1.2.0, e.g.) and cherry-pick the commits. If the changes are to a single bundle, you can simply build that NAR from the POM in its bundle directory (nifi-standard-bundle, e.g.). Then you can replace your existing NAR with the one you built, creating a kind of "hotfix NAR".
I would think this is mainly an addition to the existing answer, but in general it is possible to create new processors. As such it may be wise to create a 'QueryDatabaseTable2' processor which is the same as the new one (or similar to it).