search

greenbone / ospd-openvas

ospd-openvas is an OSP server implementation to allow GVM to remotely control an OpenVAS Scanner
GNU Affero General Public License v3.0
67 stars 58 forks source link

Allow redis >=5.0.0 for redis 7.2 support #921

Closed tgurr closed 1 year ago

tgurr commented 1 year ago

Expected behavior

Work with current stable/GA redis version which is now at 7.2 for which python redis >=5.0.0 added support, https://github.com/redis/redis-py/releases/tag/v5.0.0.

Actual behavior

https://github.com/greenbone/ospd-openvas/blob/main/pyproject.toml#L47 restricts redis to <5.0.0:

redis = ">=3.5.3,<5.0.0"

Steps to reproduce

  1. Try to update to latest stable redis 7.2

GVM versions

gsa: 22.05.2

gvm: 22.8.0

openvas-scanner: 22.7.3

gvm-libs: 22.7.0

Environment

Operating system: Exherbo Linux

Installation method / source: source installation

Logfiles

-

ArnoStiefvater commented 1 year ago

Hey @tgurr,

Thanks for creating this issue. I remember that when we tried to migrate to python redis >=5.0.0 in the past we encountered some problems and as we use debian bullseye/bookworm as base system there is no problem currently. Maybe the situation is better now. We will look into it again although I can not guarantee a timely resolve.

Alternatively you can try creating a PR for it and we will review it in a timely manner. Most if not all redis implementation should reside in https://github.com/greenbone/ospd-openvas/blob/main/ospd_openvas/db.py. Just tell me when you start so we don't do the same work in parallel.

tgurr commented 1 year ago

Hey @tgurr,

Thanks for creating this issue. I remember that when we tried to migrate to python redis >=5.0.0 in the past we encountered some problems and as we use debian bullseye/bookworm as base system there is no problem currently. Maybe the situation is better now. We will look into it again although I can not guarantee a timely resolve.

Alternatively you can try creating a PR for it and we will review it in a timely manner. Most if not all redis implementation should reside in https://github.com/greenbone/ospd-openvas/blob/main/ospd_openvas/db.py. Just tell me when you start so we don't do the same work in parallel.

Thanks for the explanation. I'm most probably not able to contribute to anything in regards to acual coding here comming from a distribution maintainers perspective (Exherbo Linux) and not being a programmer at all. I'm trying to get an overview of what's needed to progress to the latest stable GA redis version which is 7.2 just having been released on 15 Aug 2023.

As python redis <5.0.0 only supports redis <7.2.0 at least judging from the official documentation: Library version Supported redis versions
3.5.3 <= 6.2 Family of releases
>= 4.5.0 Version 5.0 to 7.0
>= 5.0.0 Version 5.0 to current

and ospd-openvas being one of the packages I've come across restricting the python redis dep to <5.0.0, that is a blocker for now. Not that severe as redis 6.0.x and 6.2.x also are at least still on security support however it would of course be nice to see this adressed.

Sometimes it's just a matter of precaution of projects restricting versions of deps and a newer version will work right away after just relaxing the version restriction check, but since you mentioned already experiencing problem this sadly appears not to be the case here then.

ArnoStiefvater commented 1 year ago

Thanks a lot for the additional information!

ArnoStiefvater commented 1 year ago

We looked into it and it was actually easy to update because our reference system supports the new version now.

We use python redis 5.0.0 now. A new ospd-openvas release is now available.