-
Bug
-
Resolution: Done
-
Medium
-
Casablanca Release
https://lists.onap.org/g/onap-discuss/topic/oparent_spring_5_0_9_versions/28087317?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,28087317
and the secondary weekly timing discussion on
https://lists.onap.org/g/onap-discuss/topic/running_run_clm_on_all_repos/28057929?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,28057929
Testing: For existing oparent issue with 5.0.9
built oparent locally - and updated my root pom.xml to use 1.2.2-SNAPSHOT (master)
see screencap - spring-web is not 5.1.2 not 5.0.9
INT-716
proposed fix in https://gerrit.onap.org/r/#/c/72396/1
Team,
This brings up a larger issue around the fact that oparent cannot have any red or orange CLM issues at any time – if the rest of us are going to inherit properly from it – any CLM issue above is currently getting inherited downstream.
I understand that 5.0.9 just went CLM-bad recently on Oct 20th – but we need to fix the root pom asap as soon as any issue appears
Letting the default oparent CLM job run only every Sunday is not good enough – it needs to be run manually every day if we are to continue using the library up to RC2.
A critical CLM issue that other teams inherit should not be up for 20 days
Was getting a 5.0.9 override specific to 3 libraries mvc,core,web – it looks like oparent needs to fix their CLM issue first before the rest of us can fully use spring 5.1.2 to fix downstream CLM issues
Fix: https://jira.onap.org/browse/INT-716
upgrade from 5.0.9 across https://git.onap.org/oparent/tree/dependencies/pom.xml#n68
The managed version 5.1.2 override in logging for only 3 of the 8+ spring libraries is because of the oparent definitions under 5.0.9 when inheriting from oparent
this is blocking a full change to spring 5.1.2 downstream
https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/oparent/59c2d86e97364c8a918236536d0ba132
blocks for example
https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/logging-analytics/477be399bd514382be0f7d1e18785e0d
thank you
/michael
- blocks
-
LOG-837 Logging/POMBA CLM: fix/address/red-flag spring-mvc-5.1.2 pulls in spring-web-5.0.9
- Closed
- is blocked by
-
INT-716 oparent spring reference needs CLM upgrade from 5.0.9 to 5.1.2 to unblock downstream mvc,web, core overrides - 20181020
- Closed
- relates to
-
SECCOM-245 CVE - CLM Nexus-iq alternatives - MISP or github/Microsoft security scans
- In Progress
-
TSC-49 Grant access to nexus-iq for non-committer contributors
- Closed
-
LOG-616 POMBA: Address CLM critical issues by M4/RC2 - 6 High across all projects
- Closed
-
TSC-58 Dublin Toolchain Improvement
- Closed
-
TSC-29 Create a wiki page to collect Security SMEs to access CLM
- Closed
- links to