java-spring-jaeger
java-spring-jaeger copied to clipboard
opentracing-contrib
3.3.3 hasn't been released or pushed to Maven Central
Version 3.3.3 has been tagged as 3.3.3 and release-3.3.3 but has not been released or pushed to Maven Central.
This is a particularly desirable update since it contains an update to the version of the jaeger-client from 1.3.2 to 1.6.0 which patches a significant vulnerability by using an updated version of Apache libthrift.
(Incidentally Release 3.3.2 hasn't been pushed to Maven Central either)
@geoand Travis doesn't seem to work correctly, would you please give it a check? thanks.
+1 on this..
Would be good to know if this project is still "active" as this has been open for a couple of months now.
The problem seems to be, that there is no bintray anymore. The distribution management needs an update.
<distributionManagement>
<repository>
<id>bintray</id>
<url>https://api.bintray.com/maven/opentracing/maven/opentracing-spring-jaeger/;publish=1</url>
</repository>
<snapshotRepository>
<id>jfrog-snapshots</id>
<url>http://oss.jfrog.org/artifactory/oss-snapshot-local</url>
</snapshotRepository>
</distributionManagement>
👍 Also interested to hear if it's possible to resolve maven central release issue. :)
@geoand Is there a chance for 3.3.3 to be published to either Maven Central or to the Opentracing repository? Or there are issues wrt to the release process, could you share, so we that they're known and we would try to build the starter ourselves and publish to a local repository?
Is there any update on this? We have just started using this library so is it maintained or should we look for a different solution?
Bump. I'm also interested in publication of this library on Maven Central. Version 3.3.3 resolves vulnerability (CVE-2020-13949) with high score.
Bump. I am also interested in this being released because of open security vulnerability
Since I created this issue, but no longer use the library. Here's some comments:
- This is still an issue, and it's pretty appalling that it hasn't been fixed by now.
- OpenTracing is archived now, and developers are instructed to move to OpenTelemetry, which has its own instrumentation libraries/dependencies.
- For those of you who are doing Java stuff on "the Cloud" - you could switch to using Spring Cloud Sleuth which doesn't use Jaeger/OpenTracing, but instead uses Zipkin & Brave. However Spring are experimenting with supporting OpenTelemetry in Sleuth.
For me: I went with Spring Cloud Sleuth, since I switched from Jaeger to using Google's Cloud Trace, and there's the spring-cloud-gcp-starter-trace that's available that works with Sleuth.
Hi all, I managed to get version 3.3.1 working by including an updated jaeger client my project pom.xml:
<dependency>
<groupId>io.opentracing.contrib</groupId>
<artifactId>opentracing-spring-jaeger-web-starter</artifactId>
<version>3.3.1</version>
</dependency>
<dependency>
<groupId>io.jaegertracing</groupId>
<artifactId>jaeger-client</artifactId>
<version>1.8.0</version>
</dependency>
Additional Notes: As mentioned by @Harmelodic, the recommendation is to move to OpenTelemetry. I just wanted to share for those who still have a legacy jaeger backend without support for OpenTelemetry client or for whatever reason need to use the jaeger client for now. This overrides the problematic jaeger-client included in 3.3.1. Kindly consider that this is a temporary workaround.
