Version number is the same as ours - `2.19.1`, removing `includeGroup 'org.apache.activemq'` from Corda Dependencies repository, will make it fall back to Maven Central where the official version is available.
Fixes DDoS attack mentioned on the Jira ticket.
PR upgrades Artemis library to version 2.19.1.
This is our own release of Apache Artemis library which has vulnerability fix for v2.20 applied.
**_Breaking changes discovered during Artemis upgrade:_**
1. When the queue is created as temporary, it needs to explicitly be specified as non-durable.
2. By default, Artemis Client performs Host DNS name check against the certificate presented by the server. Our TLS certificates fail this check and this verification has to be explicitly disabled, see use of: `TransportConstants.VERIFY_HOST_PROP_NAME`.
3. Artemis Server now caches login attempts, even unsuccessful ones. When we add RPC users dynamically via DB insert this may have an unexpected outcome if the user with the same `userName` and `password` was not available previously.
To workaround permissions changing dynamically, authorization and authentication caches had to be disabled.
4. When computing `maxMessageSize`, the size of the headers content is now taken into account as well.
5. Artemis handling of start-up errors has changed. E.g. when the port is already bound.
6. A number of deprecated APIs like: `createTemporaryQueue`, `failoverOnInitialAttempt`, `NullOutputStream`, `CoreQueueConfiguration`.
7. Log warning message is produced like: `AMQ212080: Using legacy SSL store provider value: JKS. Please use either 'keyStoreType' or 'trustStoreType' instead as appropriate.`
8. As reported by QA, Artemis now produces more audit logging more details [here](https://r3-cev.atlassian.net/browse/ENT-6540). Log configuration been adjusted to reduce such output.
Remove the shell code from the OS code base, this includes the modules:
- `:tools:shell`
- `:tools:shell-cli`
The shell will be run within a node if it exists within the node's `drivers` directory.
This is done by using a `URLClassloader` to load the `InteractiveShell` class into Corda's JVM process and running `startShell` and `runLocalShell`.
Running the shell within the `:samples` will require adding:
```
cordaDriver "net.corda:corda-shell:<corda_shell_version>"
```
To the module's `build.gradle` containing `deployNodes`. The script will then include the shell in the created nodes.
This is a newly built internal version of the library which in particular upgrades `org.apache.mina:mina-core` to version `2.0.22` eliminating NexusIQ vulnerability.
* wip
* wip
* wip (need to review IEE comments)
* wip
* wip
* Small refactoring, fixed network-verifier's TestNotaryFlow
* Added command line option to explicitly enable hash agility support
* wip-do-not-push
* wip
* wip
* wip
* aligned merkletree/transaction hash algorithms
* wip
* Added mixed algorithm support for nodes vs leaves and corrected mixed algorithm tests
* moved global computeNonce and componentHash to DigestService
* added comment for failing test to fix
* wip
* Minor cleanups, added deprecated componentHash/computeNonce
* restored exploratory changes to failing SignedTransaction test
* cleaned up and minor rafactoring
* Fixed some tests with hardcoded hash algorithm
* some changes and cleanups following code review
* WIP commit before large change
* WIP Fixed 3 tests
* WIP removed direct references to randomSHA256() and sha256()
* Updated/added liquibase migrations to support larger hash algorithms
* Reviewed, cleanups, comments, fixes
* removing direct references to sha256()
* WIP verifying obligations test errors
* reviewing obligation/attachment issues with sha3_256
* Full review before PR - intermediate commits
* Reviewed and cleaned up
* Futher cleanup
* Fixed partial tree backward compatible json and cleanups
* all tests passing
* Removed couple of unused imports
* Reworked global componentHash function to avoid deprecated warnings
* replaced SHA3s with some alternate SHA2s
* Removed SHA3-256 and SHA3-512 references
* fixed some tests using non ubiquitous hash algorithms
* Fixed ABI compatibility (not for TransactionBuilder)
* Fixed ABI compatibility to TransactionBuilder
* couple of fixes
* fixed DigestService's randomHash
* Removed constructor with loosely typed args for private constructor of LedgerTransaction class (API removal)
* re-introduced LedgerTransaction deprecated ctor for deserialization
* Add possibility to load CustomMessageDigest bypassing JCA (#6798)
* Change api-current for DigestAlgorithm
* disable flaky tests
Co-authored-by: Denis Rekalov <denis.rekalov@r3.com>
* CORDA-3845: Update BC, log4j, slf4j (#6699)
* CORDA-3845: Update BC to 1.64
* CORDA-3845: Upgraded log4j to 2.12.1
* We can remove the use of Manifests from the logging package so that when _it_ logs it doesn't error on the fact the stream was already closed by the default Java logger.
* Remove the logging package as a plugin
* latest BC version
* Remove old test
* Fix some rebased changes to log file handling
* Update slf4j too
Co-authored-by: Ryan Fowler <fowlerrr@users.noreply.github.com>
Co-authored-by: Adel El-Beik <adel.el-beik@r3.com>
* CORDA-4034 Reduce forkEvery to 15 to attempt to mitigate memory leak.
* ENT-5679 Disable test which triggers OOM
* Run tests on two Jenkins agents
* Fixed processing JUnit test results by Allure
* Add timeouts to VaultObserverExceptionTest
* Revert "CORDA-3845: Update BC, log4j, slf4j (#6699)" to eliminate introduced memory leaks
Co-authored-by: Waldemar Zurowski <waldemar.zurowski@r3.com>
* Do not use Security.addProvider(BouncyCastleProvider()) in tests, to avoid disruptions of other tests.
* Forcibly register security providers before starting Jimfs, to resolve a sequencing problem where Jimfs triggers loading of the SFTP filesystem provider, which in turn registers the standard BouncyCastle provider rather than the patched version Corda needs.
* INFRA-683 Move Corda OS release branch builds to serial (#6703)
Co-authored-by: Waldemar Zurowski <waldemar.zurowski@r3.com>
Co-authored-by: Denis Rekalov <denis.rekalov@r3.com>
Co-authored-by: Waldemar Zurowski <waldemar.zurowski@r3.com>
* CORDA-3845: Update BC to 1.64
* CORDA-3845: Upgraded log4j to 2.12.1
* We can remove the use of Manifests from the logging package so that when _it_ logs it doesn't error on the fact the stream was already closed by the default Java logger.
* Remove the logging package as a plugin
* latest BC version
* Remove old test
* Fix some rebased changes to log file handling
* Update slf4j too
Co-authored-by: Ryan Fowler <fowlerrr@users.noreply.github.com>
Co-authored-by: Adel El-Beik <adel.el-beik@r3.com>
Integrate YAML profile support, and the eagle-eyed will notice that the plugin no longer needs to be applied at the very bottom of the build.gradle file!
Other features include:
* Implicit upgrade to docker-remote-api plugin v5.3.0
* Fixing a ClassGraph-related memory leak by closing the ScanResult objects after use.
* More logging of any exceptions from Kubenetese.
* The gradlecache volume is now created with a hostPath of "/gradle/$podName/$podIdx-$taskForExecuteName", which should allow having multiple pods on a single node.
* Restrict Gradle dependency locations so Gradle does not check Corda/Kotlin specific repositories for other dependencies, to save on wasted requests.
* Remove dependx plugin as it appears to be abandoned
* CORDA-3917 Update to Jackson 2.9.8 (#6493)
* Update to Jackson 2.9.8 to address multiple security issues, and update warning note about
updates to clarify that it refers to 2.10+. When the note was added 2.9.7 as the highest
available version in the 2.9.x series.
* Add PR code checks Jenkinsfile
* CORDA-3916 Update to BouncyCastle 1.61 (#6492)
Update to BouncyCastle 1.61. Updating one version at a time to mitigate risk of a complex breaking change being introduced.
* Added missing collection of JUnit tests and logs
Co-authored-by: Waldemar Zurowski <waldemar.zurowski@r3.com>
* CORDA-3845: Update BC to 1.64
* CORDA-3845: Upgraded log4j to 2.13.3
* We can remove the use of Manifests from the logging package so that when _it_ logs it doesn't error on the fact the stream was already closed by the default Java logger.
* Some more tidy up
* Remove the logging package as a plugin
* latest BC version
* Remove old test
* fix up
* Fix some rebased changes to log file handling
* Fix some rebased changes to log file handling
* Update slf4j too
Co-authored-by: Adel El-Beik <adel.el-beik@r3.com>
* Update to Jackson 2.9.8 to address multiple security issues, and update warning note about
updates to clarify that it refers to 2.10+. When the note was added 2.9.7 as the highest
available version in the 2.9.x series.
* Add PR code checks Jenkinsfile
* Use a virtual repo (corda-remotes) containing all Corda repositories with dependencies
* activated when CORDA_USE_CACHE environment variable is set
* Update Jenkins configuration to use new functionality
* it does *not* affect local builds as long as environment variable is not set!
* INFRA-331 increasing shard number and reintroducing pre allocation
* INFRA-331 removing preallocation
* INFRA-331 reintroducing preallocation as it cuts 10 mins from the build
* INFRA-331 test performance with 20 pods
* INFRA-331 test performance with 10 pods and preallocation
* INFRA-331 more tests on 15 pods + prealloc
* TM-168 reusable configurations for distributed testing
* TM-168 switching to class
* TM-168 switching to ext properties
* TM-168 large scale set is too aggressive and prone to failure so switching to general purpose
* Add dependx step to build, in monitor state
* Bump plugin version
* Update plugin version
Co-authored-by: Dimitris Gounaris <dimitrisgounaris@20LDN-MAC257.local>
* Remove unused dependencies from test-common
* Explicit imports and formatting
* Add core-test-utils project
* Add dependency
* Move Kryo serialization context to node-api (not serialization as we do not want to pull kryo into the serialization lib)
* Move AMQP server serialization scheme to node api
* Move serialization tests to node-api
* Move internal test helpers without further dependencies.
* Move out some types from RPCClientProxyHandler to node-api in preparation for moving the AMQP scheme
* Move client AMQP context to node-api so we can move the test serialization rule out.
* Move InternalSerializationTestHelpers to core-test-utils
* Moved testing.core to core-test-utils
* Make detekt happy
* Add api-scanner to core-test-utils
* Remove inlined package names introduced by IntelliJ refactoring
* Update api-current.txt to account for reordering.
* Add core-test-utils to list of published artifacts.
* Add missing import
* Location of things in api text has moved again (publish name of artefact?)
* Revert all additions to the API, leaving just the reordering
* Code review: fix up core-test-utils build.gradle and introduce kryo version constant.
* Remove OpenSsl flag from ssl config stub (can't be used from node-api)
* Suppress detekt warning
* Move core test util tests to the right module
* Expose kotlin test as a transient dependency - projects have come to rely on that.
* Fix typo in package name
* TM-204 attempting to fix regression builds
* TM-204 attempting to fix regression builds
* TM-204 reverting spring boot version and only removing missing dependency
* TM-204 reverting to original build.gradle
* TM-204 re applying dependency
* TM-204 consolidating dependencies
* TM-204 setting spring boot dependency
* TM-204 reverting and upgrading dependency management plugin version in parent gradle file
* TM-204 apply dependency plugin differently
* TM-204 new gradle files
* TM-204 try and fix corda rpc evaluation
* TM-204 try and fix corda rpc evaluation
* TM-204 separate slow integration and smoke test
* TM-204 modifying regression builds to separate slow integration tests and smoke tests as they sometimes result in a bad gradle dependency graph
* TM-204 separating slow integration tests from the rest
* TM-204 change to allow ci03 to run this jenkinsfile
* TM-204 switching to aks label to allow testing on ci03
* TM-204 now that test was successful, switching back to correct prod label
* TM-204 attempting to fix regression builds
* TM-204 attempting to fix regression builds
* TM-204 reverting spring boot version and only removing missing dependency
* TM-204 reverting to original build.gradle
* TM-204 re applying dependency
* TM-204 consolidating dependencies
* TM-204 setting spring boot dependency
* TM-204 reverting and upgrading dependency management plugin version in parent gradle file
* TM-204 apply dependency plugin differently
* TM-204 new gradle files
* TM-204 try and fix corda rpc evaluation
* TM-204 try and fix corda rpc evaluation
* TM-204 separate slow integration and smoke test
* [NOTICK] Add a custom detekt rule for tests with no timeout, and fix remaining missing timeouts
* [NOTICK] Add a test for custom detekt rules and tidying
* add timeout annotation to new test
Co-authored-by: Stefano Franz <roastario@gmail.com>
* TM-197 switching 4.3 to use local k8s instances and also make the maximum duration of builds 3 hours, fix 1 test and ignore 2 flaky ones
* update to use local-k8s version of the plugin
Co-authored-by: Stefano Franz <roastario@gmail.com>
* switch to new version of plugin
* change plugin version to force refresh
* try using pre-populated cache
* do not preallocate
* no daemon
* reduce cores per fork to increase parallelism
* even more aggresive cpu allocation
* CORDA-3520: Closing RPC connection on SSH disconnect
CORDA-3550: Remove support for outdated ciphers and algorithms from SSH
* CORDA-3550: Remove support for outdated ciphers and algorithms from SSH
* Print out local version when running install or publishToMavenLocal
* Just always print the current version - so we also see it when publishing to artifactory.