You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by gi...@apache.org on 2020/01/15 16:17:52 UTC
[beam] branch asf-site updated: Publishing website 2020/01/15
16:17:44 at commit 2b07e0e
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/asf-site by this push:
new fee8761 Publishing website 2020/01/15 16:17:44 at commit 2b07e0e
fee8761 is described below
commit fee876149279270715efab15ca1880a4dfea6d4d
Author: jenkins <bu...@apache.org>
AuthorDate: Wed Jan 15 16:17:44 2020 +0000
Publishing website 2020/01/15 16:17:44 at commit 2b07e0e
---
.../blog/2020/01/06/beam-2.17.0.html | 6 ++-
website/generated-content/blog/index.html | 4 +-
website/generated-content/feed.xml | 4 +-
.../get-started/beam-overview/index.html | 2 +-
.../get-started/downloads/index.html | 2 +-
website/generated-content/get-started/index.html | 2 +-
.../get-started/mobile-gaming-example/index.html | 2 +-
.../get-started/quickstart-go/index.html | 2 +-
.../get-started/quickstart-java/index.html | 2 +-
.../get-started/quickstart-py/index.html | 2 +-
.../get-started/try-apache-beam/index.html | 2 +-
.../get-started/wordcount-example/index.html | 2 +-
.../security/CVE-2020-1929/index.html | 10 ++++
.../{get-started => security}/index.html | 56 ++++++++++++++--------
14 files changed, 64 insertions(+), 34 deletions(-)
diff --git a/website/generated-content/blog/2020/01/06/beam-2.17.0.html b/website/generated-content/blog/2020/01/06/beam-2.17.0.html
index af76da5..f133657 100644
--- a/website/generated-content/blog/2020/01/06/beam-2.17.0.html
+++ b/website/generated-content/blog/2020/01/06/beam-2.17.0.html
@@ -29,7 +29,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Apache Beam 2.17.0</title>
- <meta name="description" content="We are happy to present the new 2.17.0 release of Beam. This release includes both improvements and new functionality.See the download page for this release.">
+ <meta name="description" content="We are happy to present the new 2.17.0 release of Beam. This release includes both improvements and new functionality.Users of the MongoDbIO connector are en...">
<link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400" rel="stylesheet">
<link rel="stylesheet" href="/css/site.css">
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
@@ -192,7 +192,9 @@ limitations under the License.
-->
<p>We are happy to present the new 2.17.0 release of Beam. This release includes both improvements and new functionality.
-See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a> for this release.<!--more-->
+Users of the MongoDbIO connector are encouraged to upgrade to this release to address a <a href="/security/CVE-2020-1929/">security vulnerability</a>.</p>
+
+<p>See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a> for this release.<!--more-->
For more information on changes in 2.17.0, check out the
<a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12345970&projectId=12319527">detailed release notes</a>.</p>
diff --git a/website/generated-content/blog/index.html b/website/generated-content/blog/index.html
index 7ab1cc3..731ade7 100644
--- a/website/generated-content/blog/index.html
+++ b/website/generated-content/blog/index.html
@@ -192,7 +192,9 @@ limitations under the License.
-->
<p>We are happy to present the new 2.17.0 release of Beam. This release includes both improvements and new functionality.
-See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a> for this release.</p>
+Users of the MongoDbIO connector are encouraged to upgrade to this release to address a <a href="/security/CVE-2020-1929/">security vulnerability</a>.</p>
+
+<p>See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a> for this release.</p>
<!-- Render a "read more" button if the post is longer than the excerpt -->
diff --git a/website/generated-content/feed.xml b/website/generated-content/feed.xml
index 3999c1e..f78451e 100644
--- a/website/generated-content/feed.xml
+++ b/website/generated-content/feed.xml
@@ -36,7 +36,9 @@ limitations under the License.
-->
<p>We are happy to present the new 2.17.0 release of Beam. This release includes both improvements and new functionality.
-See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a> for this release.<!--more-->
+Users of the MongoDbIO connector are encouraged to upgrade to this release to address a <a href="/security/CVE-2020-1929/">security vulnerability</a>.</p>
+
+<p>See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a> for this release.<!--more-->
For more information on changes in 2.17.0, check out the
<a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12345970&amp;projectId=12319527">detailed release notes</a>.</p>
diff --git a/website/generated-content/get-started/beam-overview/index.html b/website/generated-content/get-started/beam-overview/index.html
index 548d1cb..0c361e0 100644
--- a/website/generated-content/get-started/beam-overview/index.html
+++ b/website/generated-content/get-started/beam-overview/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/downloads/index.html b/website/generated-content/get-started/downloads/index.html
index 24de743..5dc931c 100644
--- a/website/generated-content/get-started/downloads/index.html
+++ b/website/generated-content/get-started/downloads/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/index.html b/website/generated-content/get-started/index.html
index 4499cfe..a44072b 100644
--- a/website/generated-content/get-started/index.html
+++ b/website/generated-content/get-started/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/mobile-gaming-example/index.html b/website/generated-content/get-started/mobile-gaming-example/index.html
index 7bd7a53..1468ef1 100644
--- a/website/generated-content/get-started/mobile-gaming-example/index.html
+++ b/website/generated-content/get-started/mobile-gaming-example/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/quickstart-go/index.html b/website/generated-content/get-started/quickstart-go/index.html
index dc13f66..58822bc 100644
--- a/website/generated-content/get-started/quickstart-go/index.html
+++ b/website/generated-content/get-started/quickstart-go/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/quickstart-java/index.html b/website/generated-content/get-started/quickstart-java/index.html
index b494c23..b6dfa02 100644
--- a/website/generated-content/get-started/quickstart-java/index.html
+++ b/website/generated-content/get-started/quickstart-java/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/quickstart-py/index.html b/website/generated-content/get-started/quickstart-py/index.html
index 2dcae86..2429bcb 100644
--- a/website/generated-content/get-started/quickstart-py/index.html
+++ b/website/generated-content/get-started/quickstart-py/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/try-apache-beam/index.html b/website/generated-content/get-started/try-apache-beam/index.html
index 4514be9..d2018f4 100644
--- a/website/generated-content/get-started/try-apache-beam/index.html
+++ b/website/generated-content/get-started/try-apache-beam/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/wordcount-example/index.html b/website/generated-content/get-started/wordcount-example/index.html
index 6e75783..38d2e4c 100644
--- a/website/generated-content/get-started/wordcount-example/index.html
+++ b/website/generated-content/get-started/wordcount-example/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/security/CVE-2020-1929/index.html b/website/generated-content/security/CVE-2020-1929/index.html
new file mode 100644
index 0000000..3101ead
--- /dev/null
+++ b/website/generated-content/security/CVE-2020-1929/index.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en-US">
+<meta charset="utf-8">
+<title>Redirecting…</title>
+<link rel="canonical" href="/security/index.html#cve-2020-1929">
+<meta http-equiv="refresh" content="0; url=/security/index.html#cve-2020-1929">
+<h1>Redirecting…</h1>
+<a href="/security/index.html#cve-2020-1929">Click here if you are not redirected.</a>
+<script>location="/security/index.html#cve-2020-1929"</script>
+</html>
diff --git a/website/generated-content/get-started/index.html b/website/generated-content/security/index.html
similarity index 88%
copy from website/generated-content/get-started/index.html
copy to website/generated-content/security/index.html
index 4499cfe..a020fa2 100644
--- a/website/generated-content/get-started/index.html
+++ b/website/generated-content/security/index.html
@@ -28,7 +28,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
- <title>Use Beam</title>
+ <title>Beam Security</title>
<meta name="description" content="Apache Beam is an open source, unified model and set of language-specific SDKs for defining and executing data processing workflows, and also data ingestion and integration flows, supporting Enterprise Integration Patterns (EIPs) and Domain Specific Languages (DSLs). Dataflow pipelines simplify the mechanics of large-scale batch and streaming data processing and can run on a number of runtimes like Apache Flink, Apache Spark, and Google Cloud Dataflow [...]
">
<link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400" rel="stylesheet">
@@ -42,7 +42,7 @@
<script src="/js/fix-menu.js"></script>
<script src="/js/section-nav.js"></script>
<script src="/js/page-nav.js"></script>
- <link rel="canonical" href="https://beam.apache.org/get-started/" data-proofer-ignore>
+ <link rel="canonical" href="https://beam.apache.org/security/" data-proofer-ignore>
<link rel="shortcut icon" type="image/x-icon" href="/images/favicon.ico">
<link rel="alternate" type="application/rss+xml" title="Apache Beam" href="https://beam.apache.org/feed.xml">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.4.1/css/all.css" integrity="sha384-5sAR7xN1Nv6T6+dT2mhtzEpVJvfS3NScPQTrOxhwjIuvcA67KV2R5Jz6kr4abQsz" crossorigin="anonymous">
@@ -144,7 +144,7 @@
GitHub links will not resolve until the markdown source is available on the master branch.
New pages would fail validation during development / PR test automation.
-->
- <a href="https://github.com/apache/beam/edit/master/website/src/get-started/index.md" data-proofer-ignore>
+ <a href="https://github.com/apache/beam/edit/master/website/src/security/index.md" data-proofer-ignore>
<i class="far fa-edit fa-lg" alt="Edit on GitHub" title="Edit on GitHub"></i>
</a>
</li>
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
@@ -210,6 +210,9 @@
+<ul class="nav">
+ <li><a href="#cve-2020-1929">CVE-2020-1929</a></li>
+</ul>
</nav>
@@ -229,33 +232,44 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-<h1 id="get-started-with-apache-beam">Get Started with Apache Beam</h1>
-<p>Learn to use Beam to create data processing pipelines that run on supported processing back-ends:</p>
+<h1 id="reporting-security-issues">Reporting Security Issues</h1>
-<h4 id="beam-overview"><a href="/get-started/beam-overview">Beam Overview</a></h4>
+<p>Apache Beam uses the standard process outlined by the <a href="https://www.apache.org/security/">Apache Security
+Team</a> for reporting vulnerabilities. Note
+that vulnerabilities should not be publicly disclosed until the project has
+responded.</p>
-<p>Learn about the Beam model, the currently available Beam SDKs and Runners, and Beam’s native I/O connectors.</p>
+<p>To report a possible security vulnerability, please email
+<code class="highlighter-rouge">security@apache.org</code> and <code class="highlighter-rouge">pmc@beam.apache.org</code>. This is a non-public list
+that will reach the Beam PMC.</p>
-<h4 id="quickstart-for-java-python-or-go">Quickstart for <a href="/get-started/quickstart-java">Java</a>, <a href="/get-started/quickstart-py">Python</a> or <a href="/get-started/quickstart-go">Go</a></h4>
+<h1 id="known-security-issues">Known Security Issues</h1>
-<p>Learn how to set up a Beam project and run a simple example Beam pipeline on your local machine.</p>
+<h2 id="cve-2020-1929">CVE-2020-1929</h2>
-<h4 id="example-walkthroughs">Example Walkthroughs</h4>
+<p>[CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verification</p>
-<p>See detailed walkthroughs of complete Beam pipelines.</p>
+<p>Severity: Major<br />
+Vendor: The Apache Software Foundation</p>
-<ul>
- <li><a href="/get-started/wordcount-example">WordCount</a>: Simple example pipelines that demonstrate basic Beam programming, including debugging and testing</li>
- <li><a href="/get-started/mobile-gaming-example">Mobile Gaming</a>: A series of more advanced pipelines that demonstrate use cases in the mobile gaming domain</li>
-</ul>
+<p>Versions Affected:<br />
+Apache Beam 2.10.0 to 2.16.0</p>
-<h4 id="downloads-and-releases"><a href="/get-started/downloads">Downloads and Releases</a></h4>
+<p>Description:<br />
+The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to
+disable SSL trust verification. However this configuration is not respected and
+the certificate verification disables trust verification in every case. This
+exclusion also gets registered globally which disables trust checking for any
+code running in the same JVM.</p>
-<p>Find download links and information on the latest Beam releases, including versioning and release notes.</p>
-
-<h4 id="support"><a href="/get-started/support">Support</a></h4>
+<p>Mitigation:<br />
+Users of the affected versions should apply one of the following mitigations:</p>
+<ul>
+ <li>Upgrade to Apache Beam 2.17.0 or later</li>
+</ul>
-<p>Find resources, such as mailing lists and issue tracking, to help you use Beam. Ask questions and discuss topics via <a href="http://stackoverflow.com/questions/tagged/apache-beam">Stack Overflow</a> or on Beam’s <a href="http://apachebeam.slack.com">Slack Channel</a>.</p>
+<p>Acknowledgements:<br />
+This issue was reported (and fixed) by Colm Ó hÉigeartaigh.</p>
</div>
</div>