Solr libs duplication

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Solr libs duplication

Jacques Le Roux
Administrator
Hi Jinghai,

Do you think it's possible to somehow avoid these duplications in Solr component?

C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar


I think it must be hard (if even possible) because it's runtime dependencies, right?

Thanks

Jacques

Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Shi Jinghai-3
Hi Jacques,

Obviously it's my fault :-(

The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.

Kind Regards,

Shi Jinghai

-----邮件原件-----
发件人: Jacques Le Roux [mailto:[hidden email]]
发送时间: 2016年4月26日 17:58
收件人: [hidden email]; shi.jinghai
主题: Solr libs duplication

Hi Jinghai,

Do you think it's possible to somehow avoid these duplications in Solr component?

C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar


I think it must be hard (if even possible) because it's runtime dependencies, right?

Thanks

Jacques


Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Christian Geisert
There are also duplicates with regards to framework (noticed that while
integrating Apache Camel, but didn't have time to work on it yet)

./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
./framework/base/lib/clhm-release-1.0-lru.jar

I think version 1.2 should be moved to framework.

Christian

Am 27.04.2016 11:34, schrieb Shi Jinghai:

> Hi Jacques,
>
> Obviously it's my fault :-(
>
> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Jacques Le Roux [mailto:[hidden email]]
> 发送时间: 2016年4月26日 17:58
> 收件人: [hidden email]; shi.jinghai
> 主题: Solr libs duplication
>
> Hi Jinghai,
>
> Do you think it's possible to somehow avoid these duplications in Solr component?
>
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar
>
>
> I think it must be hard (if even possible) because it's runtime dependencies, right?
>
> Thanks
>
> Jacques
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Shi Jinghai-3
Thanks Christian!

I created an issue on the jars duplicated:
https://issues.apache.org/jira/browse/OFBIZ-7026

I'll remove the dupliations step by step.

Kind Regards,

Shi Jinghai

-----邮件原件-----
发件人: Christian Geisert [mailto:[hidden email]]
发送时间: 2016年4月27日 18:02
收件人: [hidden email]
主题: Re: Solr libs duplication

There are also duplicates with regards to framework (noticed that while
integrating Apache Camel, but didn't have time to work on it yet)

./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
./framework/base/lib/clhm-release-1.0-lru.jar

I think version 1.2 should be moved to framework.

Christian

Am 27.04.2016 11:34, schrieb Shi Jinghai:

> Hi Jacques,
>
> Obviously it's my fault :-(
>
> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Jacques Le Roux [mailto:[hidden email]]
> 发送时间: 2016年4月26日 17:58
> 收件人: [hidden email]; shi.jinghai
> 主题: Solr libs duplication
>
> Hi Jinghai,
>
> Do you think it's possible to somehow avoid these duplications in Solr component?
>
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar
>
>
> I think it must be hard (if even possible) because it's runtime dependencies, right?
>
> Thanks
>
> Jacques
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Jacques Le Roux
Administrator
About concurrentlinkedhashmap the author himself recommends to use Guava or possibly his last version built for Java 8

https://stackoverflow.com/questions/15299554/what-does-it-mean-that-concurrentlinkedhashmap-has-been-integrated-into-guava

Please check

Thanks

Jacques


Le 28/04/2016 à 06:06, Shi Jinghai a écrit :

> Thanks Christian!
>
> I created an issue on the jars duplicated:
> https://issues.apache.org/jira/browse/OFBIZ-7026
>
> I'll remove the dupliations step by step.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Christian Geisert [mailto:[hidden email]]
> 发送时间: 2016年4月27日 18:02
> 收件人: [hidden email]
> 主题: Re: Solr libs duplication
>
> There are also duplicates with regards to framework (noticed that while
> integrating Apache Camel, but didn't have time to work on it yet)
>
> ./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
> ./framework/base/lib/clhm-release-1.0-lru.jar
>
> I think version 1.2 should be moved to framework.
>
> Christian
>
> Am 27.04.2016 11:34, schrieb Shi Jinghai:
>> Hi Jacques,
>>
>> Obviously it's my fault :-(
>>
>> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.
>>
>> Kind Regards,
>>
>> Shi Jinghai
>>
>> -----邮件原件-----
>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>> 发送时间: 2016年4月26日 17:58
>> 收件人: [hidden email]; shi.jinghai
>> 主题: Solr libs duplication
>>
>> Hi Jinghai,
>>
>> Do you think it's possible to somehow avoid these duplications in Solr component?
>>
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar
>>
>>
>> I think it must be hard (if even possible) because it's runtime dependencies, right?
>>
>> Thanks
>>
>> Jacques
>>
>>
>>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Jacques Le Roux
Administrator
In reply to this post by Shi Jinghai-3
Thanks Shingai!

And while at it, if it's possible, it would be good, for security reason, to upgrade (or remember to upgrade) Hadoop libs, used in Solr component, to
the 2.7.2 version.

This is due to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1776 which is quite recent.

I don't know (did not try) if it's possible to simply upgrade the libs or to wait for a new Solr version covering the issue. I checked the last
available Solr version (6.0.0) does not.

For details see https://svn.apache.org/viewvc/ofbiz/trunk/tools/security/dependency-check/dependency-check-report.html?view=co&revision=HEAD

Thanks

Jacques


Le 28/04/2016 à 06:06, Shi Jinghai a écrit :

> Thanks Christian!
>
> I created an issue on the jars duplicated:
> https://issues.apache.org/jira/browse/OFBIZ-7026
>
> I'll remove the dupliations step by step.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Christian Geisert [mailto:[hidden email]]
> 发送时间: 2016年4月27日 18:02
> 收件人: [hidden email]
> 主题: Re: Solr libs duplication
>
> There are also duplicates with regards to framework (noticed that while
> integrating Apache Camel, but didn't have time to work on it yet)
>
> ./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
> ./framework/base/lib/clhm-release-1.0-lru.jar
>
> I think version 1.2 should be moved to framework.
>
> Christian
>
> Am 27.04.2016 11:34, schrieb Shi Jinghai:
>> Hi Jacques,
>>
>> Obviously it's my fault :-(
>>
>> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.
>>
>> Kind Regards,
>>
>> Shi Jinghai
>>
>> -----邮件原件-----
>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>> 发送时间: 2016年4月26日 17:58
>> 收件人: [hidden email]; shi.jinghai
>> 主题: Solr libs duplication
>>
>> Hi Jinghai,
>>
>> Do you think it's possible to somehow avoid these duplications in Solr component?
>>
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar
>>
>>
>> I think it must be hard (if even possible) because it's runtime dependencies, right?
>>
>> Thanks
>>
>> Jacques
>>
>>
>>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Shi Jinghai-3
In reply to this post by Jacques Le Roux
Thanks Jacques!

I'll check how to remove this duplication this weekend.

Kind Regards,

Shi Jinghai

-----邮件原件-----
发件人: Jacques Le Roux [mailto:[hidden email]]
发送时间: 2016年4月28日 16:55
收件人: [hidden email]
主题: Re: Solr libs duplication

About concurrentlinkedhashmap the author himself recommends to use Guava or possibly his last version built for Java 8

https://stackoverflow.com/questions/15299554/what-does-it-mean-that-concurrentlinkedhashmap-has-been-integrated-into-guava

Please check

Thanks

Jacques


Le 28/04/2016 à 06:06, Shi Jinghai a écrit :

> Thanks Christian!
>
> I created an issue on the jars duplicated:
> https://issues.apache.org/jira/browse/OFBIZ-7026
>
> I'll remove the dupliations step by step.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Christian Geisert [mailto:[hidden email]]
> 发送时间: 2016年4月27日 18:02
> 收件人: [hidden email]
> 主题: Re: Solr libs duplication
>
> There are also duplicates with regards to framework (noticed that while
> integrating Apache Camel, but didn't have time to work on it yet)
>
> ./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
> ./framework/base/lib/clhm-release-1.0-lru.jar
>
> I think version 1.2 should be moved to framework.
>
> Christian
>
> Am 27.04.2016 11:34, schrieb Shi Jinghai:
>> Hi Jacques,
>>
>> Obviously it's my fault :-(
>>
>> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.
>>
>> Kind Regards,
>>
>> Shi Jinghai
>>
>> -----邮件原件-----
>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>> 发送时间: 2016年4月26日 17:58
>> 收件人: [hidden email]; shi.jinghai
>> 主题: Solr libs duplication
>>
>> Hi Jinghai,
>>
>> Do you think it's possible to somehow avoid these duplications in Solr component?
>>
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar
>>
>>
>> I think it must be hard (if even possible) because it's runtime dependencies, right?
>>
>> Thanks
>>
>> Jacques
>>
>>
>>
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Solr libs duplication

Shi Jinghai-3
In reply to this post by Jacques Le Roux
OK, I'll try to upgrad the hadoop jars to 2.7.2.


-----邮件原件-----
发件人: Jacques Le Roux [mailto:[hidden email]]
发送时间: 2016年4月28日 19:53
收件人: [hidden email]
主题: Re: Solr libs duplication

Thanks Shingai!

And while at it, if it's possible, it would be good, for security reason, to upgrade (or remember to upgrade) Hadoop libs, used in Solr component, to
the 2.7.2 version.

This is due to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1776 which is quite recent.

I don't know (did not try) if it's possible to simply upgrade the libs or to wait for a new Solr version covering the issue. I checked the last
available Solr version (6.0.0) does not.

For details see https://svn.apache.org/viewvc/ofbiz/trunk/tools/security/dependency-check/dependency-check-report.html?view=co&revision=HEAD

Thanks

Jacques


Le 28/04/2016 à 06:06, Shi Jinghai a écrit :

> Thanks Christian!
>
> I created an issue on the jars duplicated:
> https://issues.apache.org/jira/browse/OFBIZ-7026
>
> I'll remove the dupliations step by step.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Christian Geisert [mailto:[hidden email]]
> 发送时间: 2016年4月27日 18:02
> 收件人: [hidden email]
> 主题: Re: Solr libs duplication
>
> There are also duplicates with regards to framework (noticed that while
> integrating Apache Camel, but didn't have time to work on it yet)
>
> ./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar
> ./framework/base/lib/clhm-release-1.0-lru.jar
>
> I think version 1.2 should be moved to framework.
>
> Christian
>
> Am 27.04.2016 11:34, schrieb Shi Jinghai:
>> Hi Jacques,
>>
>> Obviously it's my fault :-(
>>
>> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they are already common jars at container level. I'll remove the duplicated jars ASAP.
>>
>> Kind Regards,
>>
>> Shi Jinghai
>>
>> -----邮件原件-----
>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>> 发送时间: 2016年4月26日 17:58
>> 收件人: [hidden email]; shi.jinghai
>> 主题: Solr libs duplication
>>
>> Hi Jinghai,
>>
>> Do you think it's possible to somehow avoid these duplications in Solr component?
>>
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar
>> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar
>>
>>
>> I think it must be hard (if even possible) because it's runtime dependencies, right?
>>
>> Thanks
>>
>> Jacques
>>
>>
>>
>
>
>