Develop merge#1
Open
marinov-code wants to merge 80 commits intomarinov-code:GEODE-10458from
Open
Conversation
…utor. CompletableFuture.supplyAsync() uses the common ForkJoinPool, which may not have enough threads. (#7908) * Those tests have a race condition: it assumes all tasks start before await() times out — which is not guaranteed. * Replacing CompletableFuture.supplyAsync() with fixed thread pool executor. CompletableFuture.supplyAsync() uses the common ForkJoinPool, which may not have enough threads. * Replacing CompletableFuture.supplyAsync() with fixed thread pool executor. CompletableFuture.supplyAsync() uses the common ForkJoinPool, which may not have enough threads. --------- Co-authored-by: VENTSISLAV MARINOV <ventsislav.marinov@sas.com>
* AbstractJSONFormatter
…ry (#7914) * geode-server-all:integrationTest
* ObjectSizerJUnitTest
* Migration of the build system and scripts from Gradle version 6.8.3 to version 7, as part of our strategic modernization initiative.
* WellKnownClassSizerJUnitTest * Update geode-core/src/test/java/org/apache/geode/internal/size/WellKnownClassSizerJUnitTest.java Co-authored-by: Arnout Engelen <arnout@engelen.eu> * WellKnownClassSizerJUnitTest --------- Co-authored-by: Arnout Engelen <arnout@engelen.eu>
* SizeClassOnceObjectSizerJUnitTest
…actRangeIndex, specify not to lookup old key, which is very expensive operation. It's actually broken and regression. All the tombstone entries are going to be NullToken and cause class cast exception for every single remove compare if looking up old key. There is no old key during initial tombstone image sync up from lead peer. (#7890) Co-authored-by: Leon Finker <Leon.Finker@tsimagine.com>
* GEODE-10459: upgrade testcontainers The acceptance tests appear to fail because `docker-compose` does not exist. Likely the GHA machines have moved to the new `docker compose` convention. This attempts upgrading testcontainers, as testcontainers is what's starting docker compose, and newer versions indeed do it through the `docker` executable. * Change DockerComposeContainer to ComposeContainer To use docker v2 instead of v1. Also use new '-' separator naming convention
* Disallow GET requests to /management/commands endpoint
…urces (#7918) * gfsh dependency * commons-io-2.15.1 Co-authored-by: Jinwoo Hwang <JinwooHwang-SAS>
* commons-beanutil 1.11.0 * commons-beanutil 1.11.0
* Document update - Security section – Added the Security Model statement to the Security section and repositioned the entire section to the top-level hierarchy of the document for improved visibility. Also added a link to the security pages in the “Apache Geode is 15 or Less” section to enhance accessibility to related resources. * Fixed based on review - Links called directly. Fixed indentation issue. Fixed broken links.
* Document update - Added serialization to Security section Added serialization page under Security section Added link to serialization page from Security model page Added a bullet point to the Security Implementaton Overview page * Document update - Added serialization to Security section Added serialization page under Security section Added link to serialization page from Security model page Added a bullet point to the Security Implementaton Overview page Removed Java version * Document update: Removed java version in serialization section
…patibility (#7927) Upgraded the Gradle build system to version 7.3.3 to enable support for Java 17 and Jakarta EE 9. This change ensures compatibility with modern Java features and aligns the build infrastructure with current Jakarta EE standards. The upgrade improves overall build stability across supported platforms. It also lays the groundwork for future enhancements involving newer JVM and EE specifications.
…ocumentation (#7932) Found the issue trying to publish the 1.15.2 documentation
This commit streamlines the project's GitHub pull request template. Primarily, it removes white space between bullet items, which add unnecessary visual bulk to new pull requests. It also rewords a code comment and removes one that seems to reference deprecated systems.
Earlier due to the status of the project, we changed (#7900) it to zero to allow commits without blocking. As we have now active commiters we should revert the change.
* GEODE-10481: Implemenation Propoal * Test Signed commit
…en ALL_UNICODE and DIGIT rules (#7928) * GEODE-10463: Fix lexical nondeterminism warning in OQL grammar between ALL_UNICODE and DIGIT rules Refactored ALL_UNICODE rule to exclude Unicode digit ranges that overlap with DIGIT rule, eliminating lexical ambiguity in RegionNameCharacter. The ALL_UNICODE range is now split into 15 non-overlapping segments that exclude Arabic-Indic, Devanagari, Bengali, and other Unicode digit ranges. This ensures deterministic tokenization where Unicode digits are always matched by DIGIT rule while other Unicode characters use ALL_UNICODE. * GEODE-10463: Add clarifying comment for ALL_UNICODE lexer rule Add documentation comment to explain that the ALL_UNICODE character class excludes Unicode digit ranges to prevent lexical nondeterminism with the DIGIT rule in the OQL grammar lexer.
…le System Compatibility, and Test Infrastructure Modernization (#7930) * GEODE-10465: Migrate Apache Geode to Java 17 with comprehensive compatibility fixes - Upgrade sourceCompatibility and targetCompatibility from Java 8 to 17 - Add module system exports for jdk.compiler, java.management, and java.base APIs - Integrate external JAXB dependencies (javax.xml.bind:jaxb-api, com.sun.xml.bind:jaxb-impl) - Fix ClassCastException in QCompiler GROUP BY clause with TypeUtils.checkCast - Modernize test infrastructure with Mockito type-safe mocking patterns - Update Gradle wrapper to 7.3.3 and configure Java 17 JVM arguments - Resolve Javadoc HTML5 compatibility and exclude legacy UnitTestDoclet - Update CI/CD CodeQL workflow to use Java 17 Affected modules: - Core build system (gradle.properties, geode-java.gradle) - JAXB integration (geode-assembly, geode-gfsh, geode-lucene, geode-web-api, geode-junit) - Query compilation (QCompiler.java type system compatibility) - Test framework (LocatorClusterManagementServiceTest, UncheckedUtilsTest) Testing: All 244 test tasks pass, clean compilation validated across all modules This migration enables access to Java 17 LTS features, security improvements, and performance optimizations while maintaining full backward compatibility. * GEODE-10465: Fix JDK version in BUILDING.md * GEODE-10465: Fix extra new line * GEODE-10465: Upgrade to Java 17 in gradle.yml * GEODE-10465: Fix error: package sun.security.x509 is not visible * GEODE-10465: Fix the explicit export flag for the CI server * GEODE-10465: Fix the explicit export flag for javadoc * GEODE-10465: Fix ClassCastException for CliFunctionResult * GEODE-10465: Update serialization analysis baselines for Java 17 - Updated sanctioned data serializable files for Java 17 compatibility - Fixed serialization size mismatches in geode-core, geode-lucene, geode-junit, and geode-membership modules - Addresses serialization size changes due to Java 17 optimizations: * Compact strings reducing serialization overhead * Improved DataOutputStream implementations * Optimized primitive type handling - PageEntry toData size reduced from 94 to 91 bytes - Multiple core classes show 1-3 byte reductions in serialization size - No backward compatibility issues - wire protocol remains unchanged - All serialization analysis integration tests now pass The size reductions are beneficial optimizations from the JVM upgrade that reduce memory usage and network bandwidth while maintaining full compatibility with existing Geode deployments. * GEODE-10465: Fix extra new line * GEODE-10465: Add exception handling for WAN acceptance test Add IgnoredException handling for network-related exceptions that occur during WAN gateway setup in Docker Compose environment. These exceptions are expected during the distributed system startup phase when gateway senders attempt to connect to remote locators. - Handle "could not get remote locator information" exceptions - Handle GatewaySender-specific remote locator connection failures - Improve test reliability by filtering expected connection errors This change addresses intermittent test failures in the WAN acceptance test suite when running with Docker Compose infrastructure. * GEODE-10465: Add exception handling for WAN acceptance test Add IgnoredException handling for network-related exceptions that occur during WAN gateway setup in Docker Compose environment. These exceptions are expected during the distributed system startup phase when gateway senders attempt to connect to remote locators. - Handle 'could not get remote locator information' exceptions - Handle GatewaySender-specific remote locator connection failures - Improve test reliability by filtering expected connection errors This change addresses intermittent test failures in the WAN acceptance test suite when running with Docker Compose infrastructure. * GEODE-10465: Add exception handling for WAN acceptance test Add IgnoredException handling for network-related exceptions that occur during WAN gateway setup in Docker Compose environment. These exceptions are expected during the distributed system startup phase when gateway senders attempt to connect to remote locators. - Handle "could not get remote locator information" exceptions - Handle GatewaySender-specific remote locator connection failures - Improve test reliability by filtering expected connection errors This change addresses intermittent test failures in the WAN acceptance test suite when running with Docker Compose infrastructure. * Revert "GEODE-10465: Add exception handling for WAN acceptance test" This reverts commit faba36d. * Revert "GEODE-10465: Add exception handling for WAN acceptance test" This reverts commit 6a283ab. * Revert "GEODE-10465: Add exception handling for WAN acceptance test" This reverts commit da0855d. * GEODE-10465: Groovy VM plugin cache corruption with the error Could not initialize class org.codehaus.groovy.vmplugin.v7.Java7 * GEODE-10465: Groovy VM plugin cache corruption with the error Could not initialize class org.codehaus.groovy.vmplugin.v7.Java7 * GEODE-10465: Add comprehensive diagnostic logging to failing acceptance tests Add detailed diagnostic logging to troubleshoot CI acceptance test failures including Docker container setup, network connectivity, and SSL configuration issues. Changes: - SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest: Add logging for Docker container lifecycle, gateway sender creation, region setup, queue monitoring, and pool connection statistics to diagnose "could not get remote locator information" errors - DualServerSNIAcceptanceTest: Add logging for multi-server Docker setup, SSL configuration, region connection attempts, and detailed error reporting to troubleshoot SNI routing failures - SingleServerSNIAcceptanceTest: Add logging for single-server setup, client cache creation, SSL trust store configuration, and connection parameter tracking to diagnose "Unable to connect to any locators" errors The diagnostic output will help identify root causes of: - Gateway sender ping mechanism failures - Docker network connectivity issues - HAProxy SNI routing problems - SSL/TLS handshake failures - Locator discovery timeouts All diagnostic messages use [DIAGNOSTIC] and [DIAGNOSTIC ERROR] prefixes for easy filtering in CI logs. This logging is essential for resolving the intermittent test failures affecting the CI build pipeline. * GEODE-10465: Replace System.out.println with Log4j logging in acceptance tests Replace console output with proper Log4j logging framework in Docker-based acceptance tests to improve diagnostic visibility in CI environments. Changes: - SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest.java: * Add Log4j Logger import and static logger instance * Add static initializer block with class loading diagnostics * Replace 20+ System.out.println/System.err.println with logger.info/error * Add try-finally block with IgnoredException management * Enhanced error diagnostics for gateway sender connectivity issues - DualServerSNIAcceptanceTest.java: * Add Log4j Logger import and static logger instance * Replace System.out.println with logger.info for setup diagnostics * Replace System.err.println with logger.error for error conditions * Improve diagnostic messaging for Docker container setup - SingleServerSNIAcceptanceTest.java: * Add Log4j Logger import and static logger instance * Replace System.out.println with logger.info throughout setup * Replace System.err.println with logger.error for cache creation failures * Maintain consistent diagnostic message format These changes ensure diagnostic messages appear in DUnit test logs since System.out.println output is isolated to individual JVM logs in distributed test environments, while Log4j messages are properly aggregated in the main test output for CI troubleshooting. * Revert diagnostic logging changes from acceptance tests Revert SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest, DualServerSNIAcceptanceTest, and SingleServerSNIAcceptanceTest back to their original state before any diagnostic logging modifications. This removes: - Log4j logger imports and static instances - Static initializer blocks - All System.out.println replacement with logger.info/error - Enhanced error diagnostics and try-finally blocks - Diagnostic messaging throughout test methods Files are now restored to clean baseline state. * GEODE-10465: Fix addIgnoredException * GEODE-10465: Fix addIgnoredException * GEODE-10465: Java 17 migration * GEODE-10465: Add ignored exception for Gateway Sender remote locator connection error The SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest was failing with a fatal error "GatewaySender ln could not get remote locator information for remote site 2". This is a known transient timing issue that occurs when gateway senders attempt to connect to remote locators during test setup before the remote locators are fully available. Added IgnoredException for "could not get remote locator information for remote site" in the createGatewaySender method to handle this expected transient error, consistent with the pattern used by other WAN tests in the codebase. This allows the gateway sender to eventually establish the connection once the remote locators are ready, while preventing test failures due to expected startup timing issues. * GEODE-10465: Add ignored exception for Gateway Sender remote locator connection error The SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest was failing with a fatal error "GatewaySender ln could not get remote locator information for remote site 2". This is a known transient timing issue that occurs when gateway senders attempt to connect to remote locators during test setup before the remote locators are fully available. Added IgnoredException for "could not get remote locator information for remote site" in the createGatewaySender method to handle this expected transient error, consistent with the pattern used by other WAN tests in the codebase. This allows the gateway sender to eventually establish the connection once the remote locators are ready, while preventing test failures due to expected startup timing issues. * GEODE-10465: Fix acceptance test failures due to Java 17 compatibility issues Fixed two related issues causing acceptance test failures: 1. Gateway Sender Remote Locator Connection Error: - Added IgnoredException for "could not get remote locator information for remote site" in SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest - This transient timing error occurs when gateway senders attempt to connect to remote locators during test setup before they are fully available - Solution follows the same pattern used by other WAN tests in the codebase 2. Gradle Version Compatibility Error: - Fixed GradleBuildWithGeodeCoreAcceptanceTest failing with NoClassDefFoundError for org.codehaus.groovy.vmplugin.v7.Java7 - Changed from connector.useBuildDistribution() to connector.useGradleVersion("7.3.3") - Gradle 5.1.1 (default build distribution) is incompatible with Java 17, while Gradle 7.3.3 properly supports Java 17 - Removed unnecessary workaround flags (--rerun-tasks, clean task) that were masking the root cause Both fixes ensure acceptance tests run successfully on Java 17 by addressing compatibility issues at their source rather than working around symptoms. * GEODE-10465: Extra new line * GEODE-10465: Extra new line * GEODE-10465: Revert SeveralGatewayReceiversWithSamePortAndHostnameForSendersTest * GEODE-10465: Fix Jetty 9 + Java 17 module system compatibility in distributedTest Added JVM arguments to fix InaccessibleObjectException in Jetty9CachingClientServerTest. The issue occurs because Jetty 9.4.57 attempts to access internal JDK classes (jdk.internal.platform.cgroupv2.CgroupV2Subsystem) for system monitoring, but Java 17's module system blocks access to these internal APIs by default. Solution: Added --add-opens JVM arguments specifically for distributedTest tasks: - --add-opens=java.base/jdk.internal.platform=ALL-UNNAMED - --add-opens=java.base/jdk.internal.platform.cgroupv1=ALL-UNNAMED - --add-opens=java.base/jdk.internal.platform.cgroupv2=ALL-UNNAMED This allows Jetty to access the internal cgroup monitoring classes it needs while maintaining security boundaries for other parts of the system. * GEODE-10465: Fix Gradle compatibility and ArchUnit test failures for Java 17 This commit addresses two Java 17 compatibility issues: 1. **Fix deprecated Gradle syntax in acceptance test template** - Update geode-assembly test resource build.gradle: - compile() → implementation() - runtime() → runtimeOnly() - mainClassName → mainClass - Resolves GradleBuildWithGeodeCoreAcceptanceTest failure with "Could not find method compile()" error when using Gradle 7.3.3 2. **Fix CoreOnlyUsesMembershipAPIArchUnitTest architectural violations** - Replace layered architecture rule with direct dependency rules - Remove imports of membership packages moved to geode-membership module - Fixes "Layer 'api' is empty, Layer 'internal' is empty" errors - Maintains architectural constraint: geode-core classes cannot directly depend on GMS internal classes These changes ensure compatibility with Gradle 7.3.3 and fix ArchUnit tests affected by the geode-core/geode-membership module separation. * GEODE-10465: Document Spotless exclusion for acceptance test gradle projects Add documentation to explain why acceptance test gradle projects are excluded from Spotless formatting. These standalone test applications need hardcoded dependency versions for testing Geode integration in real-world scenarios. The exclusion prevents build failures that would occur if Spotless tried to enforce the "no hardcoded versions" rule on test projects that legitimately require specific dependency versions. Also includes minor formatting improvements to CoreOnlyUsesMembershipAPIArchUnitTest and updates log4j version in test gradle project from 2.12.0 to 2.17.2. * GEODE-10465: Update assembly content validation for Java 17 javadoc changes The AssemblyContentsIntegrationTest was failing after upgrading from Java 8 to Java 17 due to significant changes in javadoc generation format. Java 9+ removed frame-based navigation and introduced modern HTML5 structure: - Replaced allclasses-frame.html with allclasses-index.html - Replaced package-list with element-list - Removed all package-frame.html files - Added search functionality with *-search-index.js files - Added jQuery integration and legal notices - Enhanced accessibility and responsive design Updated assembly_content.txt to reflect the new javadoc file structure generated by Java 17, ensuring integration tests pass while maintaining full documentation coverage. * GEODE-10465: Fix java.lang.AssertionError: Suspicious strings were written to the log during this run * Revert "GEODE-10465: Fix java.lang.AssertionError: Suspicious strings were written to the log during this run" This reverts commit f783780. * GEODE-10465: Fix SingleServerSNIAcceptanceTest Java version compatibility and Docker networking - Update Dockerfile to use Java 17 instead of Java 11 to match build environment - Add network aliases for locator-maeve in docker-compose.yml for proper SNI routing - Add HAProxy port mapping (15443:15443) and service dependency configuration Resolves UnsupportedClassVersionError when running gfsh commands in Docker container and ensures proper hostname resolution for SNI proxy tests. * GEODE-10465: Remove extra new lines. * GEODE-10465: Remove architectual chage note. This test was updated to fix the "Layer 'api' is empty, Layer 'internal' is empty" error. The original layered architecture approach failed because membership classes were moved from geode-core to geode-membership module, leaving empty layers. The solution uses direct dependency rules instead of layered architecture to enforce the same constraint: geode-core classes should not directly access GMS internals. * GEODE-10465: Configure JDK compiler exports for Spotless and remove duplicates * Add JDK compiler module exports to gradle.properties for Spotless removeUnusedImports - Required for Google Java Format to access JDK compiler internals - Must be global JVM args due to Spotless plugin architecture limitations - Documented why task-specific configuration is not possible * Remove duplicate --add-exports from geode-java.gradle compilation tasks - Cleaned up redundant jdk.compiler exports already covered by gradle.properties - Retained necessary java.management and java.base exports for compilation - Removed duplicate sourceCompatibility/targetCompatibility settings * Update expected-pom.xml files with javax.activation dependency - Add com.sun.activation:javax.activation to geode-core and geode-gfsh - Required for Java 17 compatibility (removed from JDK in Java 11+) - Minimal changes preserving original dependency order This resolves Spotless formatting issues while maintaining clean build configuration and CI compatibility. * GEODE-10465: Fix integration tests for javax.activation dependency changes Add javax.activation-1.2.0.jar to integration test expected dependencies to fix failures caused by dependency artifact name changes from javax.activation-api to javax.activation. The build system now generates both javax.activation-1.2.0.jar and javax.activation-api-1.2.0.jar in classpaths, so test expectation files need to include both artifacts. Changes: - Add javax.activation-1.2.0.jar to dependency_classpath.txt - Add javax.activation-1.2.0.jar to gfsh_dependency_classpath.txt - Add javax.activation entry to expected_jars.txt - Add javax.activation-api-1.2.0.jar entry to assembly_content.txt Fixes: GeodeServerAllJarIntegrationTest, GfshDependencyJarIntegrationTest, BundledJarsJUnitTest, and AssemblyContentsIntegrationTest failures. * GEODE-10465: remove --add-exports * Revert "GEODE-10465: remove --add-exports" This reverts commit 1052c4f. * GEODE-10465: replace ALL-UNNAMED with com.diffplug.spotless * Revert "GEODE-10465: replace ALL-UNNAMED with com.diffplug.spotless" This reverts commit 3950d50.
…e System Encapsulation (#7954) * Replace reflection-based UnsafeThreadLocal with WeakHashMap implementation - Removed reflection access to ThreadLocal/ThreadLocalMap internals - Implemented cross-thread value lookup using synchronized WeakHashMap - Removed requirement for --add-opens=java.base/java.lang=ALL-UNNAMED - WeakHashMap ensures terminated threads can be garbage collected - Maintains same API and functionality for deadlock detection - All existing tests pass without JVM flag changes This eliminates the fragile reflection-based approach that required special JVM flags and was vulnerable to Java module system changes. The new implementation is safer, more maintainable, and works across all Java versions without requiring internal access. * Remove --add-opens=java.base/java.lang from test configuration - Removed unnecessary JVM flag from geode-test.gradle line 185 - Flag no longer needed after UnsafeThreadLocal refactoring - Tests now run with same security constraints as production - All UnsafeThreadLocal and deadlock tests pass without the flag - Validates that refactoring truly eliminated reflection dependency
…ncy Information (#7961) * Correct license classification for Jakarta EE dependencies - Moved jakarta.servlet v6.0.0 and jakarta.transaction v2.0.1 from CDDL to EPL 2.0 section - These components use EPL 2.0 with GPL-2.0 + Classpath Exception, not CDDL 1.1 * GEODE-10511: Update istack-commons-runtime version from 4.0.1 to 4.1.1 - Aligns declared version with actual resolved version - Eliminates version conflict resolution between 4.0.1 and 4.1.1 - Makes DependencyConstraints.groovy consistent with LICENSE file - jaxb-core/jaxb-runtime 4.0.2 transitively requires 4.1.1 * GEODE-10511: Update test expectations for istack-commons-runtime 4.1.1 - Update geode-server-all dependency_classpath.txt - Update geode-assembly assembly_content.txt to remove 4.0.1 reference - Fixes integration test failures in both modules
…--add-opens Requirement (#7957) * GEODE-10522: Eliminate reflection in VMStats50 to remove --add-opens requirement Replace reflection-based access to platform MXBean methods with direct interface casting, eliminating the need for --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED JVM flag. Key Changes: - Replaced Method.invoke() with direct calls to com.sun.management interfaces - Removed setAccessible(true) calls that required module opening - Updated to use OperatingSystemMXBean and UnixOperatingSystemMXBean directly - Removed COM_SUN_MANAGEMENT_INTERNAL_OPEN flag from MemberJvmOptions - Removed unused ClassPathLoader import - Improved code clarity and type safety Benefits: - Completes Java Platform Module System (JPMS) compliance initiative - Eliminates last remaining --add-opens flag requirement - Improves security posture (no module violations) - Better performance (no reflection overhead) - Simpler, more maintainable code Testing: - All VMStats tests pass - Tested without module flags - Uses public, documented APIs from exported com.sun.management package This completes the module compliance initiative: - GEODE-10519: Eliminated java.base/java.lang opening - GEODE-10520: Eliminated sun.nio.ch export - GEODE-10521: Eliminated java.base/java.nio opening - GEODE-10522: Eliminated jdk.management/com.sun.management.internal opening (this commit) Apache Geode now requires ZERO module flags to run on Java 17+. * Apply code formatting to VMStats50 - Fix import ordering (move com.sun.management imports after java.util imports) - Remove trailing whitespace - Apply consistent formatting throughout * Address reviewer feedback: Add null check and improve error message - Add null check for platformOsBean before calling getAvailableProcessors() - Enhance error message to clarify impact on statistics vs core functionality - Both changes suggested by @sboorlagadda in PR review * Remove SUN_NIO_CH_EXPORT reference from JAVA_11_OPTIONS - Fix compilation error after merging GEODE-10520 changes - SUN_NIO_CH_EXPORT constant was removed but still referenced in list * Fix duplicate JAVA_NIO_OPEN and missing JAVA_LANG_OPEN - Remove duplicate JAVA_NIO_OPEN definition - Add missing JAVA_LANG_OPEN constant - Fix comment to correctly reference UnsafeThreadLocal for JAVA_LANG_OPEN
…nd Java 17 (#7953) * docs: Update documentation for Jakarta EE 10 and Java 17 - Update Java version format from 1.8.0_121 to 17.0.16 - Update all Geode module versions from 1.0.0 to 2.0.0 - Replace javax.transaction-api with jakarta.transaction-api 2.0.1 - Update dependency versions (slf4j 2.0.17, log4j 2.17.2, jgroups 3.6.20, fastutil 8.5.8) - Update config.yml: min_java_version='17', min_java_update='16' - Fix Java version template expressions across 20+ documentation files - Update WebLogic HTTP session management guide for Jakarta EE 10 - Update installation guides with Java 17 requirements Breaking Changes: - Minimum Java version now Java 17.0.16 (was Java 8u121) - Jakarta EE 10 required (was Java EE 8) - All javax.* packages replaced with jakarta.* Testing: - Verified peer-to-peer and client-server configurations - Documentation builds successfully - All quality checks passed (spotlessCheck, rat, checkPom, pmdMain) * docs: Address review feedback - fix version consistency and consolidate tc Server deprecation notes - Fix Tomcat version inconsistency: Changed CATALINA_HOME path from 10.1.49 to 10.1.30 to match example text - Consolidate duplicate tc Server removal messages into single Note for clarity - Improve documentation consistency and readability * Fix log file path to be consistent with server path
…which will be removed for Srping7. (#7967)
The geode-core module declares jackson-dataformat-yaml as a dependency without specifying a version, relying on DependencyConstraints.groovy to provide it. However, DependencyConstraints.groovy was missing the version constraint for com.fasterxml.jackson.dataformat.* artifacts. This caused the published geode-core-2.0.0.pom to have jackson-dataformat-yaml with no <version> tag, making the POM invalid according to Maven specification. Maven refuses to process ANY transitive dependencies from an invalid POM, which caused all dependencies (antlr, jopt-simple, micrometer-core, shiro-core, jakarta.transaction-api, geode-management, geode-deployment-legacy, rmiio) to not be pulled transitively. This fix adds the missing dependency constraint for jackson-dataformat-yaml, using jackson.version (2.17.0) to match other Jackson artifacts. Issue reported by Leon during 2.0.0.RC2 testing.
…ecurity Model using ObjectInputFilter (JEP 290) (#7966) * Add application-level security using ObjectInputFilter (JEP 290) - Implement per-application deserialization filtering using standard JEP 290 API - Add ObjectInputFilter parameter to ClassLoaderObjectInputStream constructor - Update GemfireHttpSession to read filter configuration from ServletContext - Add comprehensive security tests covering RCE and DoS prevention - Add 52 tests validating gadget chain blocking and resource limits - Add example configuration in session-testing-war web.xml This provides application-level security isolation, allowing each web application to define its own deserialization policy independent of cluster configuration. * Add ObjectInputFilter security documentation for HTTP Session Management - Add comprehensive security guide for configuring deserialization protection - Document JEP 290 ObjectInputFilter pattern syntax and examples - Include best practices, troubleshooting, and migration guidance - Add navigation link in HTTP Session Management chapter overview * Address PR review feedback: cache filter, add null check, add logging - Implement filter caching using double-checked locking with volatile fields to eliminate race conditions and improve performance - Add null check before setObjectInputFilter() for defensive programming - Add INFO logging when filter is configured and WARN logging when not configured to improve security visibility Addresses review comments by @sboorlagadda on PR #7966
#7972) * Add explicit jakarta.annotation-api dependency to fix version conflict jakarta.resource-api:2.1.0 declares a transitive dependency on jakarta.annotation-api:2.1.0, but Spring Boot 3.3.4 (used by geode-gfsh) requires jakarta.annotation-api:2.1.1. This causes Maven enforcer to fail with a version conflict error. By explicitly declaring jakarta.annotation-api as an api dependency in geode-core, the published POM will include it with version 2.1.1 (from DependencyConstraints), which takes precedence over the transitive 2.1.0 dependency from jakarta.resource-api. Reported-by: Leon Finker * Update expected POM to include jakarta.annotation-api dependency
#7975) * GEODE-10543: Upgrade Log4j from 2.17.2 to 2.25.3 to remediate CVE-2025-68161 - Updated log4j version to 2.25.3 in DependencyConstraints.groovy - Added log4j-core-test dependency for integration tests - Migrated integration test imports to new log4j-core-test package structure: * org.apache.logging.log4j.junit → org.apache.logging.log4j.core.test.junit * org.apache.logging.log4j.test → org.apache.logging.log4j.core.test - Added GraalVM annotation processor configuration to suppress compilation warnings - Updated documentation references to log4j 2.25.3 - Updated test resource files with new JAR versions All 21 integration tests migrated with zero logic changes. Build successful with all tests passing. * GEODE-10543: Fix GraalVM annotation processor options to apply only to main compilation The annotation processor options were being applied to all JavaCompile tasks including integration tests, where the Log4j GraalVM processor is not triggered. This caused compilation warnings about unrecognized processor options. Changed from tasks.withType(JavaCompile) to tasks.named('compileJava') to restrict the configuration to main source compilation only. * GEODE-10543: Exclude AssertJ 3.27.3 from log4j-core-test to prevent NoSuchMethodError Log4j 2.25.3's log4j-core-test transitively depends on AssertJ 3.27.3, but Geode's custom AssertJ assertions (AbstractLogFileAssert) were built against AssertJ 3.22.0. The CommonValidations.failIfEmptySinceActualIsNotEmpty method signature changed between versions, causing NoSuchMethodError at runtime. Exclude assertj-core from log4j-core-test dependency to force usage of 3.22.0, ensuring binary compatibility with Geode's test infrastructure.
…VE-2026-1225 (#7982) * GEODE-10555: Remediate CVEs - Add global exclusion of ch.qos.logback to prevent transitive inclusion - Remediate CVE-2024-12798, CVE-2024-12801, CVE-2025-11226, CVE-2026-1225 - Update expected POM files to reflect dependency changes - All logging routed through Log4j 2 via log4j-slf4j-impl * Update geode-server-all expected dependency classpath Remove logback-classic and logback-core from expected dependencies * Update assembly integration test expected files - Remove logback-classic and logback-core from assembly_content.txt - Remove logback from expected_jars.txt (bundled jars) - Remove logback from gfsh_dependency_classpath.txt
) * GEODE-10562 : Testcases — Hybrid Model (Public CA servers, Private CA clients) * GEODE-10562 : Testcases — Hybrid Model (Public CA servers, Private CA clients) * Add sun.security.util exports for CertificateBuilder - Export sun.security.util package alongside sun.security.x509 - Required for ObjectIdentifier import in CertificateBuilder.java - Added to both compileJava and javadoc tasks for Java 17 compatibility * javadoc
* jackson upgrade * Update integration test resources for dependency classpath and bundled jars: remove byte-buddy, update snakeyaml to 2.3 * Fix integration test snapshots: remove snakeyaml-2.2, add logback jars * Fix integration test snapshot: remove incorrect logback entries
* GEODE-10568: Upgrade Jetty to 12.0.33 * GEODE-10568: Update integration test snapshots for Jetty 12.0.33
…2026-23903 remediation) (#7986) * GEODE-10559: Upgrade Apache Shiro to 2.1.0; migrate APIs (CVE-2026-23903) * GEODE-10559: update integration test resources after Shiro 2.1.0 bump * Build an IniRealm * include shiro * remove shiro * remove shiro * Fix integration test snapshot: remove spurious logback-core entry
…ess is empty (#7984) When JmxManagerBindAddress is not configured (empty string, meaning bind all interfaces), ManagementAgent was setting the pulse.host system property to the empty string. On Linux/Docker, an empty host in the JMX service URL resolves to InetAddress.getLocalHost(), which returns the container bridge IP (e.g. 172.17.0.2) rather than 127.0.0.1. The embedded test keystore (trusted.keystore) only contains IPAddress:127.0.0.1 as a Subject Alternative Name. The SSL handshake between Pulse JMXDataUpdater and the JMX connector server therefore failed: SSLHandshakeException: No subject alternative names matching IP address 172.17.0.2 found This caused PulseSecurityWithSSLTest to consistently fail on CI (Ubuntu, Liberica JDK 17, Docker) with BAD_CREDS while passing locally on macOS with Zulu JDK 17 (where getLocalHost() returns 127.0.0.1). Fix: when JmxManagerBindAddress is empty, pass localhost as the pulse.host property so JMXDataUpdater connects to 127.0.0.1, which is always covered by the certificate SAN.
…U Migration (#7989) * documentation * Sheila's review * GEODE-10561: fix wording in CA topology section
…, geode-serialization, geode-deployment-legacy, geode-web-api) (#7983) * GEODE-10534: Module 1: geode-management RestTemplateClusterManagementServiceTransport.java ○ Update RestTemplateClusterManagementServiceTransport to remove deprecated API usage ○ Replaced deprecated SSLConnectionSocketFactory with DefaultClientTlsStrategy and setSSLSocketFactory with setTlsSocketStrategy Issue 1.2: Apache Commons Lang StringUtils Index.java Updated removeStart with string manipulation code Module 2: geode-serialization DSFIDSerializerImpl.java Updated deprecated getProxyClass with newProxyInstance with a no-op handler Module 3: geode-deployment-legacy LegacyClasspathServiceImpl.java Refactor proxy class creation to avoid deprecated Proxy.getProxyClass usage Replaced usage of deprecated Proxy.getProxyClass with Proxy.newProxyInstance to obtain proxy class Module 4: geode-web-api SwaggerConfig.java No changes, can be updated when we move to Spring Framework 6.2+ with UrlHandlerFilter * Update DSFIDSerializerImpl.java fixed space format issue
* GEODE-10533: Fix Deprecated APIs in geode-gfsh Module * GEODE-10533: Fix Deprecated APIs in geode-gfsh Module * GEODE-10533: Fix Deprecated APIs in geode-gfsh Module * GEODE-10533: Fix Deprecated APIs in geode-gfsh Module * GEODE-10533: Fix Deprecated APIs in geode-gfsh Module --------- Co-authored-by: VENTSISLAV MARINOV <ventsislav.marinov@sas.com>
Co-authored-by: VENTSISLAV MARINOV <ventsislav.marinov@sas.com>
Replace 2.0.0 with 2.0.1 in old versions and set as default Benchmarks baseline on develop to enable rolling upgrade tests from 2.0.1 The serialization version has not changed between 2.0.0 and 2.0.1, so there should be no need to keep both
…n for Logs (#8005) Upgrade Apache Log4j from 2.25.3 to 2.25.4 to remediate CVE-2026-34478 (CVSS 6.9 MEDIUM). VULNERABILITY: Log4j Core's Rfc5424Layout (versions 2.21.0 through 2.25.3) is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes (CWE-117, CWE-684). Two issues affect users of stream-based syslog services: - The newLineEscape attribute was silently renamed, disabling newline escaping for TCP framing (RFC 6587) and exposing CRLF injection. - The useTlsMessageFormat attribute was silently renamed, silently downgrading TLS framing (RFC 5425) to unframed TCP without newline escaping. REMEDIATION: Updated all Log4j dependency references from 2.25.3 to 2.25.4 across dependency constraints, build files, documentation, and test resources. References: https://nvd.nist.gov/vuln/detail/CVE-2026-34478 apache/logging-log4j2#4074 https://logging.apache.org/security.html#CVE-2026-34478
…8007) Single-word spelling correction in the Javadoc of IndexConditioningHelper. No functional changes. Signed-off-by: Sai Asish Y <say.apm35@gmail.com>
* build: make cacheable test inputs relocatable
* Disabled caching for all test tasks, ecept for :test, as they have utputs.upToDateWhen { false } configured, which effectively disabled caching anyway
* build: fix missing task dependencies causing cache disabled for correctness
- Add sourcesJar.dependsOn(generateGrammarSource) in geode-core so the
sourcesJar task declares its dependency on antlr-generated sources.
- Replace taskGraph.whenReady combineReports wiring with eager subprojects
configuration so Gradle sees the dependency declarations during
configuration phase instead of after task graph finalization.
* build: use mustRunAfter instead of dependsOn for combineReports
dependsOn forces all test tasks to execute when combineReports runs.
The original whenReady wiring never triggered tasks because the graph
was already sealed. mustRunAfter preserves ordering without forcing
execution.
* build: revert eager combineReports wiring, fix geode-old-versions only
reportOn creates implicit file dependencies that trigger all test tasks.
Revert to original whenReady block and instead add the missing
finalizedBy/mustRunAfter wiring in geode-old-versions, which is the
only project that lacks it since it doesn't apply geode-test.gradle.
* build: exclude geode-old-versions version dirs from rat task inputs
The version subdirectories (1.10.0, 1.11.0, etc.) are empty Gradle
project directories with no source files. Gradle creates them during
the build, so their presence differs between clean builds in different
locations, causing a rat task cache miss.
* build: clean geode-old-versions subproject dirs to fix rat cache miss
The version subdirectories (1.10.0, 1.11.0, etc.) are not in git but
get created during the build as Gradle project directories. On
subsequent clean builds from the same location, these dirs persist
after clean and cause rat task input fingerprint mismatches. Add a
deleteOldGeodeVersions task finalized by clean to remove them.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
Has your PR been rebased against the latest commit within the target branch (typically
develop)?Is your initial contribution a single, squashed commit?
Does
gradlew buildrun cleanly?Have you written or updated unit tests to verify your changes?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?