Ondrej Lukas

It started to fail quite often, another fail is for example here: http://jenkins.hazelcast.com/job/jet-oss-master-sonar-nightly/658/testReport/junit/com.hazelcast.jet.core/MemberReconnectionStressTest/test/

Reopening, it failed again on nightly build with Oracle JDK 8: http://jenkins.hazelcast.com/job/jet-oss-master-nightly-oracle-jdk8/369/testReport/junit/com.hazelcast.jet.core/MemberReconnectionStressTest/test/ Stacktrace: ``` java.lang.AssertionError: jobCount didn't increment for 30 seconds at org.junit.Assert.fail(Assert.java:89) at com.hazelcast.jet.core.MemberReconnectionStressTest.test(MemberReconnectionStressTest.java:118) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)...

This happens also on `4.3-maintenance` branch.

Actually it's not fixed at all. I've just ignored those tests on JDK 15 to not block other tests. We still should investigate it and: - fix it if it's...

the latest version of `grpc-netty` (`1.31.0`) shades `io.netty:netty-transport:4.1.48.Final` which has this vulnerability. We can update this dependency once it will be fixed on grpc-netty side. (see https://github.com/grpc/grpc-java/pull/7939)

There are 5 new vulnerabilities for Netty `4.1.51`: - CVE-2021-43797 - https://nvd.nist.gov/vuln/detail/CVE-2021-43797 - CVE-2021-37137 - https://nvd.nist.gov/vuln/detail/CVE-2021-37137 - CVE-2021-37136 - https://nvd.nist.gov/vuln/detail/CVE-2021-37136 - CVE-2021-21409 - https://nvd.nist.gov/vuln/detail/CVE-2021-21409 - CVE-2021-21295 - https://nvd.nist.gov/vuln/detail/CVE-2021-21295

There is a new reported CVE for this version. AWS Java SDK Bundle `1.11.976` shades `com.amazonaws:aws-java-sdk-storagegateway:1.11.976` which includes following vulnerability: - CVE-2021-20291 - https://nvd.nist.gov/vuln/detail/CVE-2021-20291

There is a new reported CVE for this version. AWS Java SDK Bundle `1.11.976` shades `io.netty:netty-transport:4.1.59.Final` which includes following vulnerability: - CVE-2021-21409 - https://nvd.nist.gov/vuln/detail/CVE-2021-21409 - CVE-2021-21295 - https://nvd.nist.gov/vuln/detail/CVE-2021-21295

In Jet 4.5.2 we migrated to AWS Java SDK Bundle `1.12.128` which has shaded some artifacts with vulnerabilities. It shades `com.amazonaws:aws-java-sdk-prometheus:1.12.128` which includes following vulnerabilities: - CVE-2019-3826 - https://nvd.nist.gov/vuln/detail/CVE-2019-3826 (fixed...

Failed again on Zulu JDK 8: http://jenkins.hazelcast.com/job/jet-oss-master-zulu-jdk8/325/testReport/com.hazelcast.jet.kinesis/KinesisIntegrationTest/com_hazelcast_jet_kinesis_KinesisIntegrationTest/