Tommy Ludwig

The blog post mentions the conditions for being impacted by the vulnerability. I don't think Zipkin Server is vulnerable because it is packaged as a jar and does not even...

When running Zipkin via the docker image, it is also not packaged as a war file and it is not run on a standalone Tomcat, so I don't see how...

From the CVE you linked: > These are the prerequisites for the exploit: > - JDK 9 or higher > - Apache Tomcat as the Servlet container > - Packaged...

In troubleshooting user-reported issues, I think some of the actuator endpoints have been invaluable. We usually start troubleshooting by asking users to check `/info` for the Zipkin version. Then, once...

> In our company also requirement is for monthly or weekly zipkin index. It would be great if you add this support. @singhabhinav03 could you elaborate on what you're trying...

Zipkin Server shouldn't be vulnerable since it is packaged as a jar file and uses Armeria's embedded server. Likewise, zipkin-gcp would not be affected. Upgrading the Spring Boot version two...

Thanks for the continued effort and design work here, @tacigar. Great stuff! In a lot of ways, I like this much more. I worry, though, if we don't make it...

For context, here is the thread on the Micrometer slack: https://micrometer-metrics.slack.com/archives/C662HUJC9/p1547124725097800 I don't know how this would be generically achieved currently. Metrics can be registered via `MeterBinder`s and also directly,...

The commit that added it goes back to https://github.com/openzipkin/zipkin-reporter-java/commit/fd6ab101f238a077b3034784f49ef4c37a2afc9e. Off the top of my head, I suppose 1% of the max heap probably makes more sense than the somewhat arbitrary...

Looks like this is probably because the hourly/daily scripts are owned by root. Here's the output from a local run I just did: ``` $ docker run --rm --env STORAGE_TYPE=elasticsearch...