Zipkin 3.0.5 cleans up CVEs and supports Eureka authentication. We also allow those testing with Cassandra to disable SSL hostname verification. While this is a point version, quite a lot of work went into this. Please thank volunteers involved on gitter or otherwise!
Dependency updates
Most notably, this updates our docker image to use JRE 21.0.2_p13, and all recent java libraries. We audited the UI and were able to fix all CVEs identified by Trivy and used at runtime, with special thanks to @anuraaga on this. We also test with latest Elasticsearch 8.12.0, now. This was trickier than usual due to a JRE compatibility issue @reta discovered a workaround for, and will be resolved when ES 8.12.1 is out. Rag and Andriy made themselves available and are the reason this release is all polished.
Eureka authentication
Zipkin 2.27 added Eureka discovery support, but we missed a spot. Eureka supports BASIC authentication via user info embedded in the service url. e.g. http://user:password@localhost:8761/eureka/v2. This is also handled the same way in spring-cloud-netflix. By also allowing url-embedded credentials, folks can use the same properties with zipkin as they do elsewhere.
To achieve this, and test it fully, we updated the following:
- Our test eureka server image, ghcr.io/openzipkin/zipkin-eureka, to require authentication via
EUREKA_USERNAMEandEUREKA_PASSWORD - Our test armeria client image, ghcr.io/openzipkin/brave-example:armeria, to pass embedded credentials when looking up zipkin via
EUREKA_SERVICE_URL - Our main code (applicable to all zipkin packaging) to use embedded credentials when registering via
EUREKA_SERVICE_URL - Our docker-compose example to suggest how you can try the whole thing integrated.
Thanks for your patience with supporting this option, we hope you can tell that doing it right was a lot of work, and why we didn't just "wing it" earlier!
Disabling Cassandra hostname verification
Cassandra includes a setting for disabling hostname validation when using SSL, which is helpful for self-signed certificates.
Thanks to @priyavivek2307 and @ankit-gautam23 for review, you can disable this now, by setting the env CASSANDRA_SSL_HOSTNAME_VALIDATION=false
Full Changelog: https://github.com/openzipkin/zipkin/compare/3.0.4..3.0.5