rop icon indicating copy to clipboard operation
rop copied to clipboard

Published 20 hours ago verified publisher icon streamnative

Bump pulsar-broker from 2.8.1 to 2.8.4

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps pulsar-broker from 2.8.1 to 2.8.4.

Release notes

Sourced from pulsar-broker's releases.

v2.8.3

Important Notices

  • Fix detecting number of NICs in EC2 #14252. In the event that Pulsar cannot determine the NIC speed from the host, please set loadBalancerOverrideBrokerNicSpeedGbps.
  • Bump BookKeeper 4.14.3 12906
  • Add broker config isAllowAutoUpdateSchema 12786

Security

  • Upgrade Postgres driver to 42.2.25 to get rid of CVE-2022-21724 14119
  • Get rid of CVEs in Solr connector 13822
  • Get rid of CVEs in InfluxDB connector 13821
  • Get rid of CVEs in batch-data-generator 13820
  • Get rid of CVEs brought in with aerospike 13819
  • [owasp] suppress false positive Avro CVE-2021-43045 13764
  • Upgrade protobuf to 3.16.1 to address CVE-2021-22569 13695
  • Upgrade Jackson to 2.12.6 13694
  • Upgrade Log4j to 2.17.1 to address CVE-2021-44832 13552
  • Cipher params not work in KeyStoreSSLContext 13322
  • [Broker] Remove tenant permission verification when list partitioned-topic 13138
  • Use JDK default security provider when Conscrypt isn't available 12938
  • [Authorization] Return if namespace policies are read only 12514

Pulsar Admin

  • Make sure policies.is_allow_auto_update_schema not null 14409
  • pulsar admin exposes secret for source and sink 13059
  • Fix deleting tenants with active namespaces with 500. 13020
  • [function] pulsar admin exposes secrets for function 12950

Bookkeeper

  • Upgrade BK to 4.14.4 and Grpc to 1.42.1 13714
  • Bump BookKeeper 4.14.3 12906

Broker

  • Fix the wrong parameter in the log. 14309
  • Fix batch ack count is negative issue. 14288
  • bug fix: IllegalArgumentException: Invalid period 0.0 to calculate rate 14280
  • Clean up individually deleted messages before the mark-delete position 14261
  • If mark-delete operation fails, mark the cursor as "dirty" 14256
  • Fixed detecting number of NICs in EC2 14252
  • Remove log unacked msg. 14246
  • Change broker producer fence log level 14196
  • Fix NPE of cumulative ack mode and incorrect unack message count 14021
  • KeyShared stickyHashRange subscription: prevent stuck subscription in case of consumer restart 14014
  • Trim configuration value string which contains blank prefix or suffix 13984
  • waitingCursors potential heap memory leak 13939
  • Fix read schema compatibility strategy priority 13938
  • NPE when get isAllowAutoUploadSchema 13831
  • Fix call sync method in async rest API for internalGetSubscriptionsForNonPartitionedTopic 13745
  • Fix the deadlock while using zookeeper thread to create ledger 13744
  • Fix inefficient forEach loop 13742

... (truncated)

Commits
  • 02ee561 Release 2.8.4
  • 9bc0115 Fix testProducerInvalidMessageMemoryRelease
  • c038898 Fix AuthenticationProviderBasicTest
  • c8c1c09 [improve][authentication] Adapt basic authentication configuration with prefi...
  • 6b3e46f Fix testProducerSemaphoreInvalidMessage by removing usages of mockStatic
  • 59339c4 [fix][client]Fix MaxQueueSize semaphore release leak in createOpSendMsg (#16915)
  • a501593 Forget to update memory usage when invalid message (#16835)
  • 7107657 Fix the compilation error when cherry-picking cdec98a
  • 05b16e2 [improve][test] Verify the authentication data in the authorization provider ...
  • acb4eba [improve][authentication] Improve get the basic authentication config (#16526)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Sep 30 '22 15:09 dependabot[bot]