Comments (6)
/assign @lentitude2tk
could you take a look on it?
from milvus-sdk-java.
The CVE-2023-3635 is caused by okio, which is included by minio-java. minio-java is imported for BlukWriter.
+- io.minio:minio:jar:8.2.1:compile
| +- com.carrotsearch.thirdparty:simple-xml-safe:jar:2.7.1:compile
| +- (com.google.guava:guava:jar:29.0-jre:compile - omitted for conflict with 32.0.1-android)
| +- com.squareup.okhttp3:okhttp:jar:4.8.1:compile
| | +- com.squareup.okio:okio:jar:2.7.0:compile
CVE-2023-3635 is fixed in okio 3.4.0: square/okio#1280
The minio-java 8.5.7 fixed this issue by upgrading the okhttp from 4.11 to 4.12: https://github.com/minio/minio-java/releases/tag/8.5.7
from milvus-sdk-java.
Get new error after upgrading minio-java to 8.5.7, not sure the root cause.
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 1 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 1 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Detecting the operating system and CPU architecture
[INFO] ------------------------------------------------------------------------
[INFO] os.detected.name: linux
[INFO] os.detected.arch: x86_64
[INFO] os.detected.version: 5.4
[INFO] os.detected.version.major: 5
[INFO] os.detected.version.minor: 4
[INFO] os.detected.release: ubuntu
[INFO] os.detected.release.version: 20.04
[INFO] os.detected.release.like.ubuntu: true
[INFO] os.detected.release.like.debian: true
[INFO] os.detected.classifier: linux-x86_64
[INFO]
[INFO] ---------------------< io.milvus:milvus-sdk-java >----------------------
[INFO] Building io.milvus:milvus-sdk-java 2.4.0
[INFO] from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.0.0-M2:enforce (enforce) @ milvus-sdk-java ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for com.google.guava:guava:32.0.1-android paths to dependency are:
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-netty-shaded:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-protobuf:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-stub:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.minio:minio:8.5.7
+-com.google.guava:guava:32.1.3-jre
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-netty-shaded:1.59.1
+-io.grpc:grpc-core:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-protobuf:1.59.1
+-io.grpc:grpc-api:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-protobuf:1.59.1
+-io.grpc:grpc-protobuf-lite:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-testing:1.59.1
+-io.grpc:grpc-inprocess:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-hdfs:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-yarn-api:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.curator:curator-client:2.6.0
+-com.google.guava:guava:16.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.curator:curator-recipes:2.6.0
+-com.google.guava:guava:16.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.htrace:htrace-core:3.0.4
+-com.google.guava:guava:12.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-core:2.6.0
+-org.apache.hadoop:hadoop-yarn-common:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.hadoop:hadoop-auth:2.6.0
+-org.apache.curator:curator-framework:2.6.0
+-com.google.guava:guava:16.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-app:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-common:2.6.0
+-org.apache.hadoop:hadoop-yarn-client:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-app:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-common:2.6.0
+-org.apache.hadoop:hadoop-yarn-server-common:2.6.0
+-com.google.guava:guava:11.0.2
,
Require upper bound dependencies error for com.squareup.okhttp3:okhttp:4.10.0 paths to dependency are:
+-io.milvus:milvus-sdk-java:2.4.0
+-com.squareup.okhttp3:okhttp:4.10.0
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.minio:minio:8.5.7
+-com.squareup.okhttp3:okhttp:4.12.0
,
Require upper bound dependencies error for org.xerial.snappy:snappy-java:1.1.8.3 paths to dependency are:
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.parquet:parquet-hadoop:1.13.1
+-org.xerial.snappy:snappy-java:1.1.8.3
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.minio:minio:8.5.7
+-org.xerial.snappy:snappy-java:1.1.10.5
]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.537 s
[INFO] Finished at: 2024-03-25T18:39:33+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M2:enforce (enforce) on project milvus-sdk-java: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Process finished with exit code 1
from milvus-sdk-java.
@yhmo I'll handle it
from milvus-sdk-java.
@yhmo Could you please help review? I've completed the upgrade of the Minio Java version and resolved the conflicts arising from the upgrade.
from milvus-sdk-java.
from milvus-sdk-java.
Related Issues (20)
- How to save numbers greater than 127, such as 255, into a binary vector?
- cannot find milvus-sdk-java 2.4.0 in the Maven Repository HOT 5
- SDK 2.3.5 brings a vulnerable version of hadoop libraries HOT 4
- Exception in thread "main" java.lang.NoSuchMethodError: java.nio.ByteBuffer.rewind()Ljava/nio/ByteBuffer; HOT 9
- Unsafe deserialization in com.alibaba:fastjson HOT 7
- Loading collection console log keeps looping with errors in milvus-sdk-java 2.4.0 HOT 3
- Iterators and range_filter error (when no range filter is specified) HOT 19
- Is there any interface in the Java Sdk that can clear a collection? HOT 3
- When a SearchIteratorParam is initialized via withParams, calling build() raises an error HOT 2
- 关于查询milvus的向量精度问题 HOT 17
- 数组字段支持索引吗? 没有索引查询起来很慢,怎么搞 HOT 4
- milvus集群版search压力倾斜 HOT 4
- Support AlterDatabase api
- How to support connection pooling in milvus-java-sdk?(如何在milvus-java-sdk中支持连接池?) HOT 1
- 集合别名相关内容疑问
- [v2]-Use the milvusClientV2.describeCollection interface to view the vector of bf16/float16/sparse vector type. The vectorFieldName in the return value is empty. HOT 1
- Does milvus support search data by json field condition? HOT 2
- [v2][BFloat16Vector]--The search return result is empty, but the query return is correct。
- 能否在SDK中增加EmbeddingModels和Rerankers相关接口,同时做好归一化,目前看只有PY的sdk存在。 HOT 2
- milvus-sdk-java 2.3.5版本后,引入了hadoop-client依赖,其中slf4j-reload4j-1.7.36.jar与logback-classic-1.2.12.jar存在冲突,有好的解决方案吗? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from milvus-sdk-java.