You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2019/05/28 20:50:00 UTC

[jira] [Updated] (TEZ-4072) find and remove insecure URLs in Tez

     [ https://issues.apache.org/jira/browse/TEZ-4072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thejas M Nair updated TEZ-4072:
-------------------------------
    Description:     (was: {quote}We request that you review any build scripts and configurations for
insecure urls where appropriate to your projects, fix them asap, and
report back if you had to change anything to [security@apache.org|mailto:security@apache.org] by
the 31st May 2019.

The most common finding was HTTP references to repos like [maven.org|http://maven.org/] in
build files (Gradle, Maven, SBT, or other tools).  Here is an example
showing repositories being used with http urls that should be changed
to https:

[https://github.com/apache/flink/blob/d1542e9561c6235feb902c9c6d781ba416b8f784/pom.xml#L1017-L1038]

Note that searching for http:// might not be enough, look for http\://
too due to escaping.{quote})

> find and remove insecure URLs in Tez
> ------------------------------------
>
>                 Key: TEZ-4072
>                 URL: https://issues.apache.org/jira/browse/TEZ-4072
>             Project: Apache Tez
>          Issue Type: Bug
>    Affects Versions: 0.9.2
>            Reporter: Sam An
>            Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)