Apache Storm官网安全更新（2023-08-04）

Apache Storm 2.5.0 Released

The Apache Storm community is pleased to announce that version 2.5.0 has been<br/>released and is available from the downloads page.<br/><br/>This release includes a number of code improvements and important bug fixes <br/>that improve Apache Storm&#39;s performance, stability and fault tolerance. <br/>We encourage users of previous versions to upgrade to this latest release.<br/><br/>Thanks<br/><br/>Special thanks are due to all those who have contributed to Apache Storm -- whether <br/>through direct code contributions, documentation, bug reports, or helping other <br/>users on the mailing lists. Your efforts are much appreciated.<br/><br/>Changes in this Release - Storm 2.5.0<br/><br/><br/><br/> Release Notes for Storm 2.5.0<br/> JIRA issues addressed in the 2.5.0 release of Storm. Documentation for this<br/> release is available at the Apache Storm project site.<br/><br/> New Feature<br/> Note breaking change with python - python3 must exist in path.<br/> [STORM-3855] - Remove Python2 Support in Travis and storm.py - Breaking Change<br/> [STORM-3886] - Adding IgnoreUnrecognizedVMOptions to make worker start with jdk-11<br/> [STORM-3897] - Replace Travis with GitHub Actions<br/> [STORM-3916] - Create a RoundRobin Scheduler Strategy with node limits<br/> [STORM-3922] - Update Acker Related Scheduling Changes<br/> <br/><br/> Improvement<br/> [STORM-3832] - Remove python2 support<br/> [STORM-3835] - Log when shell command exceptions occur<br/> [STORM-3836] - Update master branch to version 2.5.0-SNAPSHOT<br/> [STORM-3841] - Remove dependency on javax.jms which has been removed from maven central repo<br/> [STORM-3843] - Update storm dev and user mail archive urls from http to https<br/> [STORM-3846] - Print contents of actual and expected dependency license files when different<br/> [STORM-3847] - Fix various problems in the python PowerShell execution<br/> [STORM-3848] - Specify build.plugins.plugin.version to remove build warning<br/> [STORM-3849] - Eliminate build warning for &#34;Unable to locate Source XRef to link to - DISABLED&#34;<br/> [STORM-3851] - Fix travis error reporting script print-errors-from-test-reports.py<br/> [STORM-3861] - Upgrade clojure-maven-plugin<br/> [STORM-3873] - Remove Junit 4 dependencies<br/> [STORM-3877] - change test_storm_cli script to use python3<br/> [STORM-3891] - Change commons.cli version and python<br/> [STORM-3902] - Print summary of difference between expected and actual licenses<br/> [STORM-3905] - Replace Anonymous Inner classs with Lambda in storm-core commands<br/> [STORM-3906] - Remove use of mockito interal class org.mockito.internal.util.reflection.FieldSetter<br/> [STORM-3908] - Increase heap memory for MAVEN_OPTS used in github actions<br/> [STORM-3909] - Use python3 in metrics test<br/> [STORM-3910] - Enhance LOG when rocksdb is used for metric store<br/> [STORM-3911] - Add json-smart dependency to retrieve from maven repo<br/> [STORM-3912] - Pull new carbonite code into storm<br/> [STORM-3913] - Upgrade version of ROCKSDB for junit tests on MAC OSX<br/> <br/><br/> Bug<br/> [STORM-3822] - Colon in streamId breaks topology visualization<br/> [STORM-3838] - prevent topology from overriding STORM_WORKERS_ARTIFACTS_DIR<br/> [STORM-3862] - HdfsBlobStoreImpl should check permission after mkdirs<br/> [STORM-3875] - ThroughputVsLatency does not run on JDK11 due to specified TOPOLOGY_WORKER_GC_CHILDOPTS<br/> [STORM-3917] - Hardcoded worker heapsize in ThroughputVsLatency <br/> [STORM-3923] - Cassandra module fails tests probably OOM<br/> [STORM-3940] - Missing dependency prevents Storm from being built<br/> <br/><br/> Task<br/> [STORM-3854] - A very large number of PMD Exceptions are thrown when building storm<br/> [STORM-3926] - &#34;bin/storm dev-zookeeper&#34; fails to find python<br/> [STORM-3927] - Use python3 in example topologies<br/> [STORM-3928] - Use python3 in flux test, examples and wrappers<br/> [STORM-3929] - Update documentation to refer to python3<br/> [STORM-3930] - Change pom.xml to use ssh connection and fix the url<br/> <br/><br/> Dependency upgrade<br/> [STORM-3837] - upgrade activemq-client due to cve<br/> [STORM-3839] - Upgrade org.springframework:spring-core for CVE-2022-22965<br/> [STORM-3853] - Upgrade maven-pmd-plugin from 3.12.0 to 3.16.0<br/> [STORM-3857] - Bump spring-core from 5.3.18 to 5.3.19 in /examples/storm-jms-examples<br/> [STORM-3864] - Bump gson from 2.8.0 to 2.8.9 in /integration-test <br/> [STORM-3865] - Bump hadoop-common from 2.8.5 to 2.10.1<br/> [STORM-3866] - Update Rockdb version from 5.18.4 to 6.27.3<br/> [STORM-3867] - Update Apache MQ to ActiveMQ 5.16.5 (jdk8)<br/> [STORM-3868] - Bump spring-core from 5.3.19 to 5.3.20 in /examples/storm-jms-examples<br/> [STORM-3889] - Bump snakeyaml from 1.26 to 1.32<br/> [STORM-3892] - Bump testng from 6.8.5 to 7.7.0<br/> [STORM-3893] - Bump testng from 6.8.5 to 7.7.0 in integration test<br/> [STORM-3900] - Upgrade Cassandra version to avoid depedency on snakeyaml 1.3<br/> [STORM-3903] - Bump commons-fileupload from 1.3.3 to 1.5<br/> [STORM-3904] - Bump spring-core from 5.3.20 to 5.3.26 in /examples/storm-jms-examples<br/> [STORM-3907] - Update mockito to version 4.11.0<br/> [STORM-3918] - Bump snakeyaml from 1.32 to 2.0<br/> [STORM-3921] - Bump spring-core from 5.3.26 to 5.3.27 in /examples/storm-jms-examples<br/> <br/><br/> Documentation<br/> [STORM-3890] - Update readme document to state usage parameters for KafkaLagUtil<br/> [STORM-3920] - Update the Secure Storm documentation

Apache Storm是一个分布式实时大数据处理系统。Storm设计用于在容错和水平可扩展方法中处理大量数据。它是一个流数据框架，具有最高的摄取率。

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965">CVE-2022-22965</a></p>

暂无

暂无

https://storm.apache.org/2023/08/04/storm250-released.html