Skip to content

Security: upgrade unboundid ldapsdk to 4.0.8#34247

Merged
jaymode merged 3 commits intoelastic:masterfrom
jaymode:upgrade_unboundid
Oct 3, 2018
Merged

Security: upgrade unboundid ldapsdk to 4.0.8#34247
jaymode merged 3 commits intoelastic:masterfrom
jaymode:upgrade_unboundid

Conversation

@jaymode
Copy link
Copy Markdown
Member

@jaymode jaymode commented Oct 2, 2018

This commit upgrades the unboundid ldapsdk to version 4.0.8. The
primary driver for upgrading is a fix that prevents this library from
rewrapping Error instances that would normally bubble up to the
UncaughtExceptionHandler and terminate the JVM. Other notable changes
include some fixes related to connection handling in the library's
connection pool implementation.

Closes #33175

@jaymode
Security: upgrade unboundid ldapsdk to 4.0.8
f1caccc 
This commit upgrades the unboundid ldapsdk to version 4.0.8. The
primary driver for upgrading is a fix that prevents this library from
rewrapping Error instances that would normally bubble up to the
UncaughtExceptionHandler and terminate the JVM. Other notable changes
include some fixes related to connection handling in the library's
connection pool implementation.

Closes elastic#33175
@jaymode jaymode added >enhancement v7.0.0 :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.5.0 labels Oct 2, 2018
@jaymode jaymode requested review from jasontedor and jkakavas October 2, 2018 20:24
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Oct 2, 2018

Pinging @elastic/es-security

jasontedor
jasontedor approved these changes Oct 2, 2018
View reviewed changes
Copy link
Copy Markdown
Member

@jasontedor jasontedor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@jkakavas
Copy link
Copy Markdown
Contributor

jkakavas commented Oct 3, 2018

LGTM, there are a number of things changed in between 3.2.0 and 4.0.8 but I went through them and couldn't identify something that seems problematic or raises concerns.

jaymode
jaymode commented Oct 3, 2018
View reviewed changes
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackPlugin.java
public Void run() {
try {
Class.forName("com.unboundid.util.Debug");
Class.forName("com.unboundid.ldap.sdk.LDAPConnectionOptions");
Copy link
Copy Markdown
Member Author

@jaymode jaymode Oct 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened pingidentity/ldapsdk#51 with the upstream library for this. Ideally we'll be able to remove this hack in the future.

@jaymode jaymode merged commit a21a99d into elastic:master Oct 3, 2018
@jaymode jaymode deleted the upgrade_unboundid branch October 3, 2018 18:31
jaymode added a commit that referenced this pull request Oct 3, 2018
@jaymode
Security: upgrade unboundid ldapsdk to 4.0.8 (#34247)
3584e09 
This commit upgrades the unboundid ldapsdk to version 4.0.8. The
primary driver for upgrading is a fix that prevents this library from
rewrapping Error instances that would normally bubble up to the
UncaughtExceptionHandler and terminate the JVM. Other notable changes
include some fixes related to connection handling in the library's
connection pool implementation.

Closes #33175
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Oct 4, 2018
@jasontedor
Merge branch 'master' into rename-ccr-stats
6833ad7 
* master: (25 commits)
  HLRC: ML Adding get datafeed stats API (elastic#34271)
  Small fixes to the HLRC watcher documentation. (elastic#34306)
  Tasks: Document that status is not semvered (elastic#34270)
  HLRC: ML Add preview datafeed api (elastic#34284)
  [CI] Fix bogus ScheduleWithFixedDelayTests.testRunnableRunsAtMostOnceAfterCancellation
  Fix error in documentation for activete watch
  SCRIPTING: Terms set query expression (elastic#33856)
  Logging: Drop remaining Settings log ctor (elastic#34149)
  [ML] Remove unused last_data_time member from Job (elastic#34262)
  Docs: Allow skipping response assertions (elastic#34240)
  HLRC: Add activate watch action (elastic#33988)
  [Security] Multi Index Expression alias wildcard exclusion (elastic#34144)
  [ML] Label anomalies with  multi_bucket_impact (elastic#34233)
  Document smtp.ssl.trust configuration option (elastic#34275)
  Support PKCS#11 tokens as keystores and truststores  (elastic#34063)
  Fix sporadic failure in NestedObjectMapperTests
  [Authz] Allow update settings action for system user (elastic#34030)
  Replace version with reader cache key in IndicesRequestCache (elastic#34189)
  [TESTS] Set SO_LINGER and SO_REUSEADDR on the mock socket (elastic#34211)
  Security: upgrade unboundid ldapsdk to 4.0.8 (elastic#34247)
  ...
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Oct 4, 2018
@jasontedor
Merge branch 'rename-ccr-stats' into follow-stats-structure
11f4565 
* rename-ccr-stats: (25 commits)
  HLRC: ML Adding get datafeed stats API (elastic#34271)
  Small fixes to the HLRC watcher documentation. (elastic#34306)
  Tasks: Document that status is not semvered (elastic#34270)
  HLRC: ML Add preview datafeed api (elastic#34284)
  [CI] Fix bogus ScheduleWithFixedDelayTests.testRunnableRunsAtMostOnceAfterCancellation
  Fix error in documentation for activete watch
  SCRIPTING: Terms set query expression (elastic#33856)
  Logging: Drop remaining Settings log ctor (elastic#34149)
  [ML] Remove unused last_data_time member from Job (elastic#34262)
  Docs: Allow skipping response assertions (elastic#34240)
  HLRC: Add activate watch action (elastic#33988)
  [Security] Multi Index Expression alias wildcard exclusion (elastic#34144)
  [ML] Label anomalies with  multi_bucket_impact (elastic#34233)
  Document smtp.ssl.trust configuration option (elastic#34275)
  Support PKCS#11 tokens as keystores and truststores  (elastic#34063)
  Fix sporadic failure in NestedObjectMapperTests
  [Authz] Allow update settings action for system user (elastic#34030)
  Replace version with reader cache key in IndicesRequestCache (elastic#34189)
  [TESTS] Set SO_LINGER and SO_REUSEADDR on the mock socket (elastic#34211)
  Security: upgrade unboundid ldapsdk to 4.0.8 (elastic#34247)
  ...
kcm pushed a commit that referenced this pull request Oct 30, 2018
@jaymode @kcm
Security: upgrade unboundid ldapsdk to 4.0.8 (#34247)
18b2267 
This commit upgrades the unboundid ldapsdk to version 4.0.8. The
primary driver for upgrading is a fix that prevents this library from
rewrapping Error instances that would normally bubble up to the
UncaughtExceptionHandler and terminate the JVM. Other notable changes
include some fixes related to connection handling in the library's
connection pool implementation.

Closes #33175
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasontedor jasontedor jasontedor approved these changes

@jkakavas jkakavas Awaiting requested review from jkakavas

Assignees

No one assigned

Labels

>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.5.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

UnboundID SDK catches throwable and rewraps hiding a fatal error

5 participants

@jaymode @elasticmachine @jkakavas @jasontedor @colings86