Indexer merge requestshttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests2024-02-12T15:17:57Zhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/709[MS-34266] fix jetty vulnerability2024-02-12T15:17:57ZVidyaDharani Lokam[MS-34266] fix jetty vulnerability# Change details
* issue reference: https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/145
https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/144
* updated `jetty` dependency to `6.1...# Change details
* issue reference: https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/145
https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/144
* updated `jetty` dependency to `6.1.26` remediate vulnerability.
* excluded `jetty` from ibm csp as it is unused in it.
# Changes in:
* [x] Aws
* [x] Azure
* [x] GCP
* [x] IBM
* [x] Common codeM23 - Release 0.26VidyaDharani LokamVidyaDharani Lokamhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/692Merge branch 'lib-version-upgrade' into 'master'2024-01-05T08:44:43ZNikhil Patilnikhil.patil5@ibm.comMerge branch 'lib-version-upgrade' into 'master'updated ibm lib version
See merge request osdu/platform/system/indexer-service!690
(cherry picked from commit 9378051f04691afabffe7ff873652fd9347ffeb5)
40924b70 updated ibm lib version
708434db updated spring security dependency
5436a...updated ibm lib version
See merge request osdu/platform/system/indexer-service!690
(cherry picked from commit 9378051f04691afabffe7ff873652fd9347ffeb5)
40924b70 updated ibm lib version
708434db updated spring security dependency
5436aa9a Merge branch 'master' of...
a70e4070 added bom for security in pomM22 - Release 0.25Nikhil Patilnikhil.patil5@ibm.comNikhil Patilnikhil.patil5@ibm.comhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/690updated ibm lib version2024-01-05T08:36:20ZNikhil Patilnikhil.patil5@ibm.comupdated ibm lib versionupdated ibm lib versionupdated ibm lib versionM22 - Release 0.25Nikhil Patilnikhil.patil5@ibm.comNikhil Patilnikhil.patil5@ibm.comhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/676Cherry-pick 'Full Upgrade of First Party Library Dependencies for Release 0.2...2023-12-18T12:24:11ZChad LeongCherry-pick 'Full Upgrade of First Party Library Dependencies for Release 0.25' into release/0.25**Original MR**: !666
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !666
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/indexer-service/-/pipelines/new?ref=cherry-pick-for-666)M22 - Release 0.25David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/668Cherry-pick 'Fix Spring vulneraibilites' into release/0.252023-12-13T20:06:17ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Fix Spring vulneraibilites' into release/0.25**Original MR**: !659
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !659
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/indexer-service/-/pipelines/new?ref=cherry-pick-for-659)M22 - Release 0.25David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/666Full Upgrade of First Party Library Dependencies for Release 0.252023-12-18T12:18:16ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.25This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: master
SHA: 71df6f8e058f509017657b66c00a7bc2b395256f
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.25.0-rc2 | 0.24.0 |
| core-lib-gc | 0.24.0 | |
| os-core-lib-aws | 0.25.0-rc3 | 0.24.0 |
| oqm | 0.24.0 | |
| os-core-common | 0.24.0, 0.25.0-rc3 | 0.24.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |
### Dependency Information After the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: dependency-upgrade
SHA: 4d8f0d3f853647984e72d96975e808f15ef70661
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.25.0 | 0.25.0 |
| core-lib-gc | 0.25.0 | |
| os-core-lib-aws | 0.25.0 | 0.25.0 |
| oqm | 0.25.0 | |
| os-core-common | 0.25.0 | 0.25.0 |
| os-core-lib-ibm | 0.25.0 | 0.25.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |M22 - Release 0.25https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/659Fix Spring vulneraibilites2023-12-13T18:54:49ZSolomon AyalewFix Spring vulneraibilites* pull latest version os-core-common
* fix CVE-2023-20863,CVE-2023-20883, CVE-2023-34034 and other org.springframework:spring-core/security vulnerabilities* pull latest version os-core-common
* fix CVE-2023-20863,CVE-2023-20883, CVE-2023-34034 and other org.springframework:spring-core/security vulnerabilitiesM22 - Release 0.25https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/658Added indexer_openapi.yaml2023-12-04T08:39:08ZRiabokon Stanislav(EPAM)[GCP]Added indexer_openapi.yamlAdded indexer_openapi.yamlAdded indexer_openapi.yamlM23 - Release 0.26Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/642Cherry-pick 'Full Upgrade of First Party Library Dependencies' into release/0.242023-10-19T10:29:28ZChad LeongCherry-pick 'Full Upgrade of First Party Library Dependencies' into release/0.24**Original MR**: !641
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !641
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/indexer-service/-/pipelines/new?ref=cherry-pick-for-641)M21 - Release 0.24David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/641Full Upgrade of First Party Library Dependencies2023-10-19T10:24:24ZChad LeongFull Upgrade of First Party Library DependenciesThis generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the C...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 0d7aa6afb27b1b1ee89542eaaac134ddf73139fd
Maven: 0.25.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.23.2 | 0.23.2 |
| core-lib-gc | 0.23.1 | |
| os-core-lib-aws | 0.24.0 | 0.23.0 |
| oqm | 0.23.0 | |
| os-core-common | 0.23.3 | 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 3f491d13510c3c1ed50e64f3c16ea171743578e5
Maven: 0.25.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.24.0 | 0.24.0 |
| core-lib-gc | 0.24.0 | |
| os-core-lib-aws | 0.24.0 | 0.24.0 |
| oqm | 0.24.0 | |
| os-core-common | 0.24.0 | 0.24.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |M21 - Release 0.24https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/627Full Upgrade of First Party Library Dependencies2023-10-19T10:27:56ZChad LeongFull Upgrade of First Party Library DependenciesThis generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the C...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 535c51c821fc58850e524e086159de696808ae12
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.22.0-rc4 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 84c217f183243c2c0736eae6ad0f6e57ecf386c5
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.23.2 | 0.23.2 |
| core-lib-gc | 0.23.1 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.23.0 | |
| os-core-common | 0.23.3 | 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |M21 - Release 0.24Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/617To avoid conflict call, rename classes to make IBM indexer service up.2023-09-28T21:18:12ZAshwani PandeyTo avoid conflict call, rename classes to make IBM indexer service up.To avoid conflict call, rename classes to make IBM indexer service up.
See merge request osdu/platform/system/indexer-service!616To avoid conflict call, rename classes to make IBM indexer service up.
See merge request osdu/platform/system/indexer-service!616M20 - Release 0.23Ashwani PandeyAshwani Pandeyhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/616Ibm issue fix2023-09-21T07:27:16ZAshwani PandeyIbm issue fixM20 - Release 0.23Ashwani PandeyAshwani Pandeyhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/589JDK 17 migration (GONRG-7477)2024-01-25T13:47:32ZYurii Ruban [EPAM / GCP]JDK 17 migration (GONRG-7477)# Description:
Migration from Java 8 to Java 17.
# How to test:
Via Unit and Integration tests.
# Changes include:
- [x] Breaking change (a change that is not backward-compatible and/or changes current functionality).
# Changes in:...# Description:
Migration from Java 8 to Java 17.
# How to test:
Via Unit and Integration tests.
# Changes include:
- [x] Breaking change (a change that is not backward-compatible and/or changes current functionality).
# Changes in:
- [x] Common code
# Dev Checklist:
- [x] Added Unit Tests, wherever applicable.
- [x] Updated the Readme, if applicable.
- [x] Existing Tests pass
- [x] Verified functionality locally
- [x] Self Reviewed my code for formatting and complex business logic.
# Other comments:
* Upgraded 'lombok' & 'jacoco' plugin version
* Changed TestRunner 'PowerMockRunner' to 'MockitoJUnitRunner'
* Removed 'powermock-api-mockito2' & 'powermock-module-junit4' dependenciesM20 - Release 0.23Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/556Implement reindex records API2023-06-12T08:38:32ZMingyang ZhuImplement reindex records API1. Rename and refactor the old reindex function as reindexKind
2. Implement reindex records API which accepts a list of record ids
Refer to: https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/901. Rename and refactor the old reindex function as reindexKind
2. Implement reindex records API which accepts a list of record ids
Refer to: https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/90M19 - Release 0.22Mingyang ZhuMingyang Zhuhttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/555Cherry-pick 'Insert token prefix 'Bearer ' when it is missed' into release/0.212023-05-30T20:23:12ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Insert token prefix 'Bearer ' when it is missed' into release/0.21**Original MR**: !547
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !547
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/indexer-service/-/pipelines/new?ref=cherry-pick-for-547)M18 - Release 0.21David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/547Insert token prefix 'Bearer ' when it is missed2023-06-01T14:42:18ZZhibin MaiInsert token prefix 'Bearer ' when it is missedThe IServiceAccountJwtClient.getIdToken() has inconsistent implementation: Impl of GCP/AWS returns token with prefix 'Bearer' while Impl of Azure/IBM returns token only.
Given the [PartitionFeatureFlagImpl.java](https://community.openg...The IServiceAccountJwtClient.getIdToken() has inconsistent implementation: Impl of GCP/AWS returns token with prefix 'Bearer' while Impl of Azure/IBM returns token only.
Given the [PartitionFeatureFlagImpl.java](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/blob/master/src/main/java/org/opengroup/osdu/core/common/feature/PartitionFeatureFlagImpl.java) in the core common assumes that the method IServiceAccountJwtClient.getIdToken() returns a token with 'Bearer' prefix, the implementation of IServiceAccountJwtClient.getIdToken() for Azure/IBM in the indexer should return the token with 'Bearer' prefix.M18 - Release 0.21Zhibin MaiZhibin Maihttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/511add validation and ignore out of order message when kind is updated2023-03-29T15:30:50ZNeelesh Thakuradd validation and ignore out of order message when kind is updatedUsers have reported issue with data duplication with following scenario:
1. Trigger a re-index job for kinds: both raw and WKS kind at the same time
2. The triggering of the reindexing on raw kind also triggered WKS service to recreate ...Users have reported issue with data duplication with following scenario:
1. Trigger a re-index job for kinds: both raw and WKS kind at the same time
2. The triggering of the reindexing on raw kind also triggered WKS service to recreate the WKS instances derived from them
3. The target schema mapping for these raw records had been updated (e.g. version 1.0 to 1.1), meaning the new versions of these records created by WKS changed the schema.
4. Index therefore received 2 events for the same WKS record instances at similar times, one to re-index the original and another to create the new one
5. If the one to create the new instance for WKS was processed first that would lead to duplicates appearing.
This changes-set adds validation to avoid duplication by ignoring the event when kind is updated in such cases.M17 - Release 0.20https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/510Vulnerability fix for IBM2023-07-25T07:11:22ZDevdatta SantraVulnerability fix for IBMVulnerability fix for IBM for tomcat and netty libs
| CVE-2022-41881 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 |
|----------------|-------------------------------------------------|
| CVE-2022-45143 | https://nvd.nist.gov/vuln/d...Vulnerability fix for IBM for tomcat and netty libs
| CVE-2022-41881 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 |
|----------------|-------------------------------------------------|
| CVE-2022-45143 | https://nvd.nist.gov/vuln/detail/CVE-2022-45143 |M17 - Release 0.20Devdatta SantraDevdatta Santrahttps://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/445Vulnerability fix ibm indexer service2023-03-30T08:07:20ZPintu GuptaVulnerability fix ibm indexer serviceFollowing CVE has been fix into this MR :
| cve | link |
|----------------|-------------------------------------------------|
| CVE-2022-42003 | https://nvd.nist.gov/vuln/detail/CVE-2...Following CVE has been fix into this MR :
| cve | link |
|----------------|-------------------------------------------------|
| CVE-2022-42003 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 |
| CVE-2022-42004 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 |
| CVE-2022-25857 | https://nvd.nist.gov/vuln/detail/CVE-2022-25857 |
| CVE-2022-42252 | https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |M16 - Release 0.19Pintu GuptaPintu Gupta