You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/04/01 20:19:25 UTC
[GitHub] [druid] jon-wei opened a new pull request #9600: Fix for
[CVE-2020-1958] Apache Druid LDAP injection vulnerability
jon-wei opened a new pull request #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability
URL: https://github.com/apache/druid/pull/9600
This is the fix for CVE-2020-1958 (https://lists.apache.org/thread.html/r9d437371793b410f8a8e18f556d52d4bb68e18c537962f6a97f4945e%40%3Cdev.druid.apache.org%3E) which was included in the 0.17.1 release, this PR adds the fix to master.
This PR has:
- [x] been self-reviewed.
- [ ] added documentation for new or modified features or behaviors.
- [ ] added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
- [x] added or updated version, license, or notice information in [licenses.yaml](https://github.com/apache/druid/blob/master/licenses.yaml)
- [ ] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
- [x] added unit tests or modified existing tests to cover new code paths.
- [ ] added integration tests.
- [x] been tested in a test Druid cluster.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] lgtm-com[bot] commented on issue #9600: Fix for
[CVE-2020-1958] Apache Druid LDAP injection vulnerability
Posted by GitBox <gi...@apache.org>.
lgtm-com[bot] commented on issue #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability
URL: https://github.com/apache/druid/pull/9600#issuecomment-607497875
This pull request **fixes 1 alert** when merging 74875a3d89ad9cc10a3521bfb9cfd11de9bac82b into e855c7fe1bd481cdc79d38343563db661a1ccc43 - [view on LGTM.com](https://lgtm.com/projects/g/apache/druid/rev/pr-01b6db9bc548fa10c294451189c645487a62f408)
**fixed alerts:**
* 1 for LDAP query built from user\-controlled sources
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] jihoonson merged pull request #9600: Fix for
[CVE-2020-1958] Apache Druid LDAP injection vulnerability
Posted by GitBox <gi...@apache.org>.
jihoonson merged pull request #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability
URL: https://github.com/apache/druid/pull/9600
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org