You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@usergrid.apache.org by Arun Ram <Ar...@spartasystems.com> on 2015/07/07 15:56:55 UTC
Usergrid REST API issue
Hi,
My name is Arun Ram and work for Sparta systems. We have discovered a potential security issue with the usergrid REST API where a script could be injected into the response. I would like to propose and implement a fix.
Please let me know what is the appropriate forum to discuss my fix and find out the procedure to commit to the code base.
Thanks.
Arun
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.
RE: Usergrid REST API issue
Posted by Arun Ram <Ar...@spartasystems.com>.
I just signed and sent a scanned copy of the ICLA to secretary@apache.org.
Arun
-----Original Message-----
From: Shawn Feldman [mailto:shawn.feldman@gmail.com]
Sent: Tuesday, July 07, 2015 11:26 AM
To: dev@usergrid.incubator.apache.org
Subject: Re: Usergrid REST API issue
have you signed an icla? https://www.apache.org/licenses/icla.txt
On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com> wrote:
> Thank you for the quick response. I have created a pull request.
>
> https://github.com/apache/incubator-usergrid/pull/300
>
> Arun
>
> -----Original Message-----
> From: Rod Simpson [mailto:rod@rodsimpson.com]
> Sent: Tuesday, July 07, 2015 10:49 AM
> To: dev@usergrid.incubator.apache.org
> Subject: Re: Usergrid REST API issue
>
> You are in the right place.
>
> Here is the website:
> http://usergrid.incubator.apache.org/
>
> Here is the github repo:
> https://github.com/apache/incubator-usergrid
>
> Just send a PR and the team will be happy to review it.
>
>
>
>
> Rod
>
>
>
> --
> Rod Simpson
>
>
> On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> wrote:
>
> Hi,
>
> My name is Arun Ram and work for Sparta systems. We have discovered a
> potential security issue with the usergrid REST API where a script
> could be injected into the response. I would like to propose and implement a fix.
>
> Please let me know what is the appropriate forum to discuss my fix and
> find out the procedure to commit to the code base.
>
> Thanks.
>
> Arun
> ________________________________
> NOTICE: This e-mail message and any attachments may contain
> confidential, proprietary, and/or privileged information which should
> be treated accordingly. If you are not the intended recipient, please
> notify the sender immediately by return e-mail, delete this message,
> and destroy all physical and electronic copies. Thank you.
> ________________________________
> NOTICE: This e-mail message and any attachments may contain
> confidential, proprietary, and/or privileged information which should
> be treated accordingly. If you are not the intended recipient, please
> notify the sender immediately by return e-mail, delete this message,
> and destroy all physical and electronic copies. Thank you.
>
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.
Re: Usergrid REST API issue
Posted by "John D. Ament" <jo...@apache.org>.
But don't worry, filling this out is rather painless. I'll pull your
branch and test locally as well. Thanks for the contrib Arunram!
On Jul 7, 2015 2:57 PM, "Rod Simpson" <ro...@rodsimpson.com> wrote:
> Thank you, Shawn. Yes, you must fill out an ICLA with the Apache Software
> Foundation.
>
>
>
> --
> Rod Simpson
> T @rockerston
> W rodsimpson.com
>
> On July 7, 2015 at 9:26:07 AM, Shawn Feldman (shawn.feldman@gmail.com)
> wrote:
>
> have you signed an icla? https://www.apache.org/licenses/icla.txt
>
> On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com>
> wrote:
>
> > Thank you for the quick response. I have created a pull request.
> >
> > https://github.com/apache/incubator-usergrid/pull/300
> >
> > Arun
> >
> > -----Original Message-----
> > From: Rod Simpson [mailto:rod@rodsimpson.com]
> > Sent: Tuesday, July 07, 2015 10:49 AM
> > To: dev@usergrid.incubator.apache.org
> > Subject: Re: Usergrid REST API issue
> >
> > You are in the right place.
> >
> > Here is the website:
> > http://usergrid.incubator.apache.org/
> >
> > Here is the github repo:
> > https://github.com/apache/incubator-usergrid
> >
> > Just send a PR and the team will be happy to review it.
> >
> >
> >
> >
> > Rod
> >
> >
> >
> > --
> > Rod Simpson
> >
> >
> > On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> > wrote:
> >
> > Hi,
> >
> > My name is Arun Ram and work for Sparta systems. We have discovered a
> > potential security issue with the usergrid REST API where a script could
> be
> > injected into the response. I would like to propose and implement a fix.
> >
> > Please let me know what is the appropriate forum to discuss my fix and
> > find out the procedure to commit to the code base.
> >
> > Thanks.
> >
> > Arun
> > ________________________________
> > NOTICE: This e-mail message and any attachments may contain confidential,
> > proprietary, and/or privileged information which should be treated
> > accordingly. If you are not the intended recipient, please notify the
> > sender immediately by return e-mail, delete this message, and destroy all
> > physical and electronic copies. Thank you.
> > ________________________________
> > NOTICE: This e-mail message and any attachments may contain confidential,
> > proprietary, and/or privileged information which should be treated
> > accordingly. If you are not the intended recipient, please notify the
> > sender immediately by return e-mail, delete this message, and destroy all
> > physical and electronic copies. Thank you.
> >
>
Re: Usergrid REST API issue
Posted by Rod Simpson <ro...@rodsimpson.com>.
Thank you, Shawn. Yes, you must fill out an ICLA with the Apache Software Foundation.
--
Rod Simpson
T @rockerston
W rodsimpson.com
On July 7, 2015 at 9:26:07 AM, Shawn Feldman (shawn.feldman@gmail.com) wrote:
have you signed an icla? https://www.apache.org/licenses/icla.txt
On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com> wrote:
> Thank you for the quick response. I have created a pull request.
>
> https://github.com/apache/incubator-usergrid/pull/300
>
> Arun
>
> -----Original Message-----
> From: Rod Simpson [mailto:rod@rodsimpson.com]
> Sent: Tuesday, July 07, 2015 10:49 AM
> To: dev@usergrid.incubator.apache.org
> Subject: Re: Usergrid REST API issue
>
> You are in the right place.
>
> Here is the website:
> http://usergrid.incubator.apache.org/
>
> Here is the github repo:
> https://github.com/apache/incubator-usergrid
>
> Just send a PR and the team will be happy to review it.
>
>
>
>
> Rod
>
>
>
> --
> Rod Simpson
>
>
> On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> wrote:
>
> Hi,
>
> My name is Arun Ram and work for Sparta systems. We have discovered a
> potential security issue with the usergrid REST API where a script could be
> injected into the response. I would like to propose and implement a fix.
>
> Please let me know what is the appropriate forum to discuss my fix and
> find out the procedure to commit to the code base.
>
> Thanks.
>
> Arun
> ________________________________
> NOTICE: This e-mail message and any attachments may contain confidential,
> proprietary, and/or privileged information which should be treated
> accordingly. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this message, and destroy all
> physical and electronic copies. Thank you.
> ________________________________
> NOTICE: This e-mail message and any attachments may contain confidential,
> proprietary, and/or privileged information which should be treated
> accordingly. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this message, and destroy all
> physical and electronic copies. Thank you.
>
Re: Usergrid REST API issue
Posted by Shawn Feldman <sh...@gmail.com>.
have you signed an icla? https://www.apache.org/licenses/icla.txt
On Tue, Jul 7, 2015 at 9:23 AM Arun Ram <Ar...@spartasystems.com> wrote:
> Thank you for the quick response. I have created a pull request.
>
> https://github.com/apache/incubator-usergrid/pull/300
>
> Arun
>
> -----Original Message-----
> From: Rod Simpson [mailto:rod@rodsimpson.com]
> Sent: Tuesday, July 07, 2015 10:49 AM
> To: dev@usergrid.incubator.apache.org
> Subject: Re: Usergrid REST API issue
>
> You are in the right place.
>
> Here is the website:
> http://usergrid.incubator.apache.org/
>
> Here is the github repo:
> https://github.com/apache/incubator-usergrid
>
> Just send a PR and the team will be happy to review it.
>
>
>
>
> Rod
>
>
>
> --
> Rod Simpson
>
>
> On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com)
> wrote:
>
> Hi,
>
> My name is Arun Ram and work for Sparta systems. We have discovered a
> potential security issue with the usergrid REST API where a script could be
> injected into the response. I would like to propose and implement a fix.
>
> Please let me know what is the appropriate forum to discuss my fix and
> find out the procedure to commit to the code base.
>
> Thanks.
>
> Arun
> ________________________________
> NOTICE: This e-mail message and any attachments may contain confidential,
> proprietary, and/or privileged information which should be treated
> accordingly. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this message, and destroy all
> physical and electronic copies. Thank you.
> ________________________________
> NOTICE: This e-mail message and any attachments may contain confidential,
> proprietary, and/or privileged information which should be treated
> accordingly. If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this message, and destroy all
> physical and electronic copies. Thank you.
>
RE: Usergrid REST API issue
Posted by Arun Ram <Ar...@spartasystems.com>.
Thank you for the quick response. I have created a pull request.
https://github.com/apache/incubator-usergrid/pull/300
Arun
-----Original Message-----
From: Rod Simpson [mailto:rod@rodsimpson.com]
Sent: Tuesday, July 07, 2015 10:49 AM
To: dev@usergrid.incubator.apache.org
Subject: Re: Usergrid REST API issue
You are in the right place.
Here is the website:
http://usergrid.incubator.apache.org/
Here is the github repo:
https://github.com/apache/incubator-usergrid
Just send a PR and the team will be happy to review it.
Rod
--
Rod Simpson
On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com) wrote:
Hi,
My name is Arun Ram and work for Sparta systems. We have discovered a potential security issue with the usergrid REST API where a script could be injected into the response. I would like to propose and implement a fix.
Please let me know what is the appropriate forum to discuss my fix and find out the procedure to commit to the code base.
Thanks.
Arun
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.
Re: Usergrid REST API issue
Posted by Rod Simpson <ro...@rodsimpson.com>.
You are in the right place.
Here is the website:
http://usergrid.incubator.apache.org/
Here is the github repo:
https://github.com/apache/incubator-usergrid
Just send a PR and the team will be happy to review it.
Rod
--
Rod Simpson
On July 7, 2015 at 7:57:06 AM, Arun Ram (arun.ram@spartasystems.com) wrote:
Hi,
My name is Arun Ram and work for Sparta systems. We have discovered a potential security issue with the usergrid REST API where a script could be injected into the response. I would like to propose and implement a fix.
Please let me know what is the appropriate forum to discuss my fix and find out the procedure to commit to the code base.
Thanks.
Arun
________________________________
NOTICE: This e-mail message and any attachments may contain confidential, proprietary, and/or privileged information which should be treated accordingly. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this message, and destroy all physical and electronic copies. Thank you.