You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by ri...@apache.org on 2017/02/10 17:04:26 UTC
svn commit: r1782490 [1/4] - in /brooklyn/site: ./ community/
community/security/ contributing/ developers/ developers/code/
developers/committers/ developers/committers/release-process/
documentation/ download/ learnmore/ learnmore/catalog/ learnmore/...
Author: richard
Date: Fri Feb 10 17:04:25 2017
New Revision: 1782490
URL: http://svn.apache.org/viewvc?rev=1782490&view=rev
Log:
Update brooklyn website to brooklyn-docs master rev 9ce71a4a0f99b290eeff335af721adffe267fca3
Added:
brooklyn/site/community/security/
brooklyn/site/community/security/CVE-2016-8737.html
brooklyn/site/community/security/CVE-2016-8744.html
brooklyn/site/community/security/CVE-2017-3165.html
brooklyn/site/community/security/index.html
brooklyn/site/developers/committers/release-process/prepare-for-release.html
Modified:
brooklyn/site/community/how-to-contribute-docs.html
brooklyn/site/community/index.html
brooklyn/site/community/irc.html
brooklyn/site/community/mailing-lists.html
brooklyn/site/contributing/index.html
brooklyn/site/developers/code-standards.html
brooklyn/site/developers/code/git-more.html
brooklyn/site/developers/code/index.html
brooklyn/site/developers/committers/index.html
brooklyn/site/developers/committers/merging-contributed-code.html
brooklyn/site/developers/committers/release-process/announce.html
brooklyn/site/developers/committers/release-process/environment-variables.html
brooklyn/site/developers/committers/release-process/fix-release.html
brooklyn/site/developers/committers/release-process/index.html
brooklyn/site/developers/committers/release-process/make-release-artifacts.html
brooklyn/site/developers/committers/release-process/prerequisites.html
brooklyn/site/developers/committers/release-process/publish-temp.html
brooklyn/site/developers/committers/release-process/publish.html
brooklyn/site/developers/committers/release-process/release-version.html
brooklyn/site/developers/committers/release-process/verify-release-artifacts.html
brooklyn/site/developers/committers/release-process/vote.html
brooklyn/site/developers/how-to-contribute.html
brooklyn/site/developers/index.html
brooklyn/site/developers/links.html
brooklyn/site/documentation/faq.html
brooklyn/site/documentation/glossary.html
brooklyn/site/documentation/index.html
brooklyn/site/documentation/other-docs.html
brooklyn/site/download/index.html
brooklyn/site/download/verify.html
brooklyn/site/index.html
brooklyn/site/learnmore/blueprint-tour.html
brooklyn/site/learnmore/catalog/catalog-item.html
brooklyn/site/learnmore/catalog/index.html
brooklyn/site/learnmore/features/index.html
brooklyn/site/learnmore/index.html
brooklyn/site/learnmore/theory.html
brooklyn/site/meta/license.html
brooklyn/site/meta/sitemap.html
brooklyn/site/meta/versions.html
brooklyn/site/zoneMergeManual.html
brooklyn/site/zoneMergeStarted.html
Modified: brooklyn/site/community/how-to-contribute-docs.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/how-to-contribute-docs.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/community/how-to-contribute-docs.html (original)
+++ brooklyn/site/community/how-to-contribute-docs.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
@@ -468,6 +475,13 @@ in the <code>docs</code> folder; see tho
</a>
+
+
+
+ <a href="/community/security/index.html" class="list-group-item">Security Advisories
+ </a>
+
+
Modified: brooklyn/site/community/index.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/index.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/community/index.html (original)
+++ brooklyn/site/community/index.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
@@ -425,6 +432,25 @@ about the future of Brooklyn happen.</p>
</div>
</div><!-- col -->
+
+<div class="col-md-6">
+ <div class="panel panel-default">
+ <div class="panel-heading">
+ <h4 id="security-advisoriessecurityindexhtml"><a href="security/index.html">Security advisories</a></h4>
+ </div>
+ <div class="panel-body">
+ <p>A list of security advisories covering Apache Brooklyn</p>
+
+ <div class="text-center"><a class="btn btn-primary" href="security/index.html" role="button">Security Advisories</a></div>
+ </div>
+</div>
+
+ </div><!-- col -->
+</div>
+<!-- row -->
+
+<div class="row">
+<div class="col-md-3"></div>
<div class="col-md-6">
<div class="panel panel-default">
@@ -439,6 +465,7 @@ about the future of Brooklyn happen.</p>
</div>
</div><!-- col -->
+<div class="col-md-3"></div>
</div>
<!-- row -->
@@ -464,6 +491,9 @@ about the future of Brooklyn happen.</p>
<a href="/community/irc.html" class="list-group-item">IRC
</a>
+ <a href="/community/security/index.html" class="list-group-item">Security Advisories
+ </a>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN" class="list-group-item">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/community/irc.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/irc.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/community/irc.html (original)
+++ brooklyn/site/community/irc.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
@@ -416,6 +423,13 @@ around European daylight hours.</p>
</a>
+
+
+
+ <a href="/community/security/index.html" class="list-group-item">Security Advisories
+ </a>
+
+
Modified: brooklyn/site/community/mailing-lists.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/mailing-lists.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/community/mailing-lists.html (original)
+++ brooklyn/site/community/mailing-lists.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
@@ -383,7 +390,7 @@ questions about Brooklyn’s internal
<p>To subscribe, send an email to:
<a href="mailto:dev-subscribe@brooklyn.apache.org">dev-subscribe@brooklyn.apache.org</a></p>
-<p>You can also <a href="https://mail-archives.apache.org/mod_mbox/brooklyn-dev/">read the dev list
+<p>You can also <a href="https://lists.apache.org/list.html?dev@brooklyn.apache.org">read the dev list
archives</a> on
Apache’s list archiver.</p>
@@ -392,7 +399,7 @@ Apache’s list archiver.</p>
<p>We also have a <em>commits</em> list - a read-only list which automatically posts as
commits are made to our source repositories. Subscribe by sending an email to
<a href="mailto:commits-subscribe@brooklyn.apache.org">commits-subscribe@brooklyn.apache.org</a>,
-and <a href="https://mail-archives.apache.org/mod_mbox/brooklyn-commits/">read the archives here</a>.</p>
+and <a href="https://lists.apache.org/list.html?commits@brooklyn.apache.org">read the archives here</a>.</p>
<h3 id="search-archives">Search archives</h3>
@@ -450,6 +457,13 @@ lists to receive new messages.</p>
</a>
+
+
+
+ <a href="/community/security/index.html" class="list-group-item">Security Advisories
+ </a>
+
+
Added: brooklyn/site/community/security/CVE-2016-8737.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/security/CVE-2016-8737.html?rev=1782490&view=auto
==============================================================================
--- brooklyn/site/community/security/CVE-2016-8737.html (added)
+++ brooklyn/site/community/security/CVE-2016-8737.html Fri Feb 10 17:04:25 2017
@@ -0,0 +1,807 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+
+<head>
+
+
+<title>CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn - Apache Brooklyn</title>
+
+<meta http-equiv="content-type" content="text/html; charset=utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
+<link href="/style/deps/octicons/octicons.css" rel="stylesheet">
+<link href="/style/deps/bootstrap-theme.css" rel="stylesheet">
+
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
+<script src="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+<script type="text/javascript" src="/style/deps/jquery.cookie.js"></script>
+
+
+
+<link rel="stylesheet" href="/style/css/code.css" type="text/css" media="screen" />
+<link href="/style/css/website.css" rel="stylesheet">
+
+
+
+</head>
+
+
+<body>
+
+<nav class="navbar navbar-default navbar-fixed-top" id="header" role="navigation">
+ <div class="container-and-sidebars">
+
+ <div class="container-sidebar-left feather">
+ <a href="http://www.apache.org/">
+ <img src="/style/img/feather.png" alt="[Apache]" width="80" class="flip navbar-feather">
+ </a>
+ </div>
+
+ <div class="container container-between-sidebars top-menu">
+ <div class="container-fluid">
+ <!-- Brand and toggle get grouped for better mobile display -->
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/"><img src="/style/img/apache-brooklyn-logo-244px-wide.png" alt="brooklyn"></a>
+ </div>
+
+ <!-- Collect the nav links, forms, and other content for toggling -->
+ <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
+ <ul class="nav navbar-nav navbar-right">
+
+
+ <li class="dropdown">
+ <a href="/learnmore/index.html">learn more</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/learnmore/index.html">Learn More</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/learnmore/blueprint-tour.html">Blueprint Tour
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/features/index.html">Features
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/theory.html">Theory
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/catalog/index.html">Browse Catalog
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="">
+ <a href="/download/index.html">download</a>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/v/latest/start/index.html">get started</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/v/latest/start/index.html">Get Started</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/start/running.html">Running Apache Brooklyn
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/blueprints.html">Deploying Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/managing.html">Monitoring and Managing Applications
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/policies.html">Policies
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/concept-quickstart.html">Brooklyn Concepts Quickstart
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/documentation/index.html">documentation</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/documentation/index.html">Documentation</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/index.html">User Guide
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/yaml/creating-yaml.html">YAML Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/java/index.html">Java Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/ops/index.html">Operations
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <div class="dropdown_new_section"><hr></div>
+
+ <a href="/meta/versions.html">Versions
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/documentation/other-docs.html">Other Resources
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/community/index.html">community</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/community/index.html">Community</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/community/mailing-lists.html">Mailing Lists
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/irc.html">IRC
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/how-to-contribute-docs.html">Contributing Documentation
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/developers/index.html">developers</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/developers/index.html">Developers</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/developers/code/index.html">Get the Code
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/how-to-contribute.html">How to Contribute
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/committers/index.html">Committer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/code-standards.html">Code Standards
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/links.html">Handy Places
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="http://github.com/apache/brooklyn">GitHub
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+ </ul>
+ </div><!-- /.navbar-collapse -->
+ </div><!-- /.container-fluid -->
+ </div><!-- /.container -->
+
+ <div class="container-sidebar-right">
+ <div class="navbar-sidebar-right-icons">
+ <a href="https://github.com/apache/brooklyn" class="navbar-icon navbar-icon-shift icon-github"
+ data-toggle="tooltip" data-placement="bottom" title="GitHub: apache/brooklyn"/>
+ <a href="https://twitter.com/#!/search?q=brooklyncentral" class="navbar-icon navbar-icon-shift icon-twitter"
+ data-toggle="tooltip" data-placement="bottom" title="Twitter: @brooklyncentral"/>
+ <a href="http://webchat.freenode.net/?channels=brooklyncentral" class="navbar-icon icon-irc"
+ data-toggle="tooltip" data-placement="bottom" title="IRC: freenode #brooklyncentral"/>
+ <!-- extra a element seems needed as landing page seems to copy the last element here (!?)
+ -->
+ <a href="/" style="width: 0px; height: 0px;"></a>
+ </div>
+ </div>
+
+ </div>
+</nav>
+
+
+<div class="container" id="main_container">
+ <div class="row">
+ <div class="col-md-9" id="content_container">
+ <div id="page_notes"></div>
+ <h1>CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn</h1>
+ <h2 id="severity">Severity</h2>
+<p>Major</p>
+
+<h2 id="vendor">Vendor</h2>
+<p>The Apache Software Foundation</p>
+
+<h2 id="versions-affected">Versions Affected</h2>
+<p>Apache Brooklyn 0.9.0 and all prior versions</p>
+
+<h2 id="description">Description</h2>
+<p>Apache Brooklyn’s REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker’s commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.</p>
+
+<h2 id="solution">Solution</h2>
+<p>Upgrade to Apache Brooklyn 0.10.0. This includes commit <a href="https://github.com/apache/brooklyn-server/pull/430">1</a> adding opt-in CSRF protection server-side and commit <a href="https://github.com/apache/brooklyn-ui/pull/37">2</a> where the JS client opts-in. </p>
+
+<h2 id="temporary-mitigation-if-you-cannot-upgrade-to-0100">Temporary mitigation if you cannot upgrade to 0.10.0</h2>
+<p>Do not visit websites with possible malicious content targeted at you in the same browser instance logged in to Brooklyn unless you have CSRF-POST protection installed in the browser (see <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery#Client_side_safeguards">3</a>). Do not share a Brooklyn server with untrusted users without an enhanced entitlements scheme. Do not publicize the address of Brooklyn-based UIs. If a link you click on takes you to Brooklyn unexpectedly, contact your security team immediately.</p>
+
+<h2 id="example-exploit">Example exploit</h2>
+<p>Attacker puts something like this into their malicious site:</p>
+
+<pre><code><form action="http://<Brooklyn>/v1/applications/oadP4rZU/entities/oadP4rZU/name?name=hacked" method="POST">
+</code></pre>
+
+<p>If the user clicks on this when logged in, the name of that entity will be changed by the attacker.</p>
+
+<h2 id="credit">Credit</h2>
+<p>This vulnerability was discovered by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc., and reported to JPCERT/CC who reported them to the Apache Software Foundation on his behalf.</p>
+
+<h2 id="references">References</h2>
+<ol>
+ <li><a href="https://github.com/apache/brooklyn-server/pull/430">https://github.com/apache/brooklyn-server/pull/430</a></li>
+ <li><a href="https://github.com/apache/brooklyn-ui/pull/37">https://github.com/apache/brooklyn-ui/pull/37</a></li>
+ <li><a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery#Client_side_safeguards">https://en.wikipedia.org/wiki/Cross-site_request_forgery#Client_side_safeguards</a></li>
+</ol>
+
+<h2 id="other-references">Other references</h2>
+<p>JPCERT/CC JVN#55489964</p>
+
+ </div>
+
+ <div class="col-md-3">
+ <div class="list-group side-menu" id="side-menu">
+
+
+
+
+
+
+
+
+
+
+
+
+</div>
+<div id="width_reference"></div>
+
+
+<script language="JavaScript" type="application/javascript">
+
+
+sidemenu_x_sizer=function(){ $('#side-menu').width($('#side-menu').parent().find('#width_reference').outerWidth()); };
+$(sidemenu_x_sizer);
+$(window).resize(sidemenu_x_sizer);
+
+
+sidemenu_y_nonfloater=function(){
+ if ($('#side-menu').outerHeight(true) + $('#header').outerHeight(true) + $('#footer').outerHeight(true) > window.innerHeight ||
+ $('#side-menu').width() >= $('#content_container').width()/2) {
+ $('#side-menu').css('position', 'inherit');
+ } else {
+ // restore if screen has grown
+ $('#side-menu').css('position', 'fixed');
+ }
+};
+$(sidemenu_y_nonfloater);
+$(window).resize(sidemenu_y_nonfloater);
+
+
+
+var sideMenu = $("#side-menu"),
+ sideItems = sideMenu.find("a"),
+ // Anchors corresponding to menu items
+ scrollItems = sideItems.map(function(){
+ var item = $(this).attr("section-target");
+ if (item && item.length) { return item; }
+ });
+
+var highlight_section_last_top = -1;
+var highlight_section_completed = false;
+
+var highlight_section = function() {
+ // Get container scroll position
+ var highlight_section_new_top = $(this).scrollTop();
+ if (highlight_section_new_top == highlight_section_last_top) return;
+ var highlight_section_new_bottom = highlight_section_new_top + $(window).height();
+ var scroll_advancing = (highlight_section_new_top > highlight_section_last_top);
+
+ var last_item = null, active_item = $("#side-menu a.section#active");
+
+ var found_top = false;
+ var displayable_items = scrollItems.map(function(itemI){
+ item = $(scrollItems[itemI]);
+ if (item && item.length) {
+ if (highlight_section_last_top == -1 || !highlight_section_completed) {
+ // just opening page - take item matching hash, or otherwise the first item visible
+ if (item.selector === window.location.hash || (item.offset().top > highlight_section_new_top - 20 && !found_top)) {
+ found_top = true;
+ if (item.selector === window.location.hash && item.offset().top < highlight_section_new_top + 60) {
+ // because of our top header, we need to scroll 64px down from any link
+ $('html, body').animate({scrollTop: item.offset().top - 64}, 0);
+ }
+ return item;
+ }
+ } else if (scroll_advancing) {
+ // if scrolling advance, pick up a section when title starts before 1/3 height
+ if (item.offset().top < highlight_section_new_top + $(window).height()/3)
+ return item;
+
+ // or if containing div is finished (usu the whole main content)
+ div_containing_item = item.closest("div");
+ if (div_containing_item.offset().top + div_containing_item.height() < highlight_section_new_bottom + 15)
+ return item;
+ // or when next title is visible
+ if (last_item && item.offset().top < highlight_section_new_bottom + 15)
+ return last_item;
+ } else {
+ // if scrolling back, pick up a section as soon as the title is visible,
+ if (item.offset().top < highlight_section_new_top)
+ return item;
+ // or if title is before the 2/3 point
+ // (not sure about this, probably want also to have
+ // "AND the id.top is <= displayable_itemsrent_active_it.top" so we don't jump FORWARD a section
+ // when scrolling BACK, with lots of tiny sections)
+ if ((item.offset().top < highlight_section_new_top + 2*$(window).height()/3)
+ && (!active_item || !active_item.offset() || active_item.offset().top >= item.offset().top))
+ return item;
+
+ }
+ last_item = item;
+ }
+ });
+ if (!highlight_section_completed && document.readyState === "complete") {
+ highlight_section_completed = true;
+ }
+ if (!displayable_items.length) {
+ $("#side-menu a.section").removeClass("active");
+ } else {
+ displayable_items = displayable_items[displayable_items.length-1];
+ var id = displayable_items && displayable_items.length ? displayable_items[0].id : "";
+ // Set/remove active class
+ new_active = $("#side-menu a.section").filter("[section-target='#"+id+"']");
+ if (new_active.hasClass("active")) {
+ // nothing needed
+ } else {
+ $("#side-menu a.section").removeClass("active");
+ $("#side-menu a.section").filter("[section-target='#"+id+"']").addClass("active");
+ }
+ }
+
+ highlight_section_last_top = highlight_section_new_top;
+};
+var highlight_new_section = function() {
+ highlight_section_completed = false;
+ highlight_section_last_top = -1;
+ highlight_section();
+}
+
+$(window).scroll(highlight_section);
+$(highlight_new_section);
+
+// detect link change - courtesy http://www.bennadel.com/blog/1520-binding-events-to-non-dom-objects-with-jquery.htm
+ (
+ function( $ ){
+ // Default to the current location.
+ var strLocation = window.location.href;
+ var strHash = window.location.hash;
+ var strPrevLocation = "";
+ var strPrevHash = "";
+
+ // This is how often we will be checkint for
+ // changes on the location.
+ var intIntervalTime = 100;
+
+ // This method removes the pound from the hash.
+ var fnCleanHash = function( strHash ){
+ return(
+ strHash.substring( 1, strHash.length )
+ );
+ }
+
+ // This will be the method that we use to check
+ // changes in the window location.
+ var fnCheckLocation = function(){
+ // Check to see if the location has changed.
+ if (strLocation != window.location.href){
+
+ // Store the new and previous locations.
+ strPrevLocation = strLocation;
+ strPrevHash = strHash;
+ strLocation = window.location.href;
+ strHash = window.location.hash;
+
+ // The location has changed. Trigger a
+ // change event on the location object,
+ // passing in the current and previous
+ // location values.
+ $( window.location ).trigger(
+ "change",
+ {
+ currentHref: strLocation,
+ currentHash: fnCleanHash( strHash ),
+ previousHref: strPrevLocation,
+ previousHash: fnCleanHash( strPrevHash )
+ }
+ );
+
+ }
+ }
+
+ // Set an interval to check the location changes.
+ setInterval( fnCheckLocation, intIntervalTime );
+ }
+ )( jQuery );
+// and trigger highlight section on link change
+$(window.location).bind("change", highlight_new_section);
+
+</script>
+
+ </div>
+ </div>
+</div>
+
+<div id="footer">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-10 text-muted">
+ Apache Brooklyn is distributed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License v2.0</a>.
+ </div>
+ <div class="col-md-2">
+ <a class="btn btn-sm btn-default" href="https://github.com/apache/brooklyn-docs/edit/master/website/community/security/CVE-2016-8737.md">Edit This Page</a>
+ <a href="https://brooklyn.apache.org/community/how-to-contribute-docs.html"
+ data-toggle="tooltip" data-placement="top" title="How to Edit Documentation" data-delay="400"/>
+ <span class="octicon octicon-question octicon-footer"></span>
+ </a>
+ </div>
+ </div>
+ </div>
+</div>
+
+
+
+
+<script language="JavaScript" type="application/javascript">
+
+ fix_padding_function = function () {
+ $('body').css('padding-top', parseInt($('#header').css("height"))+10);
+ $('body').css('padding-bottom', parseInt($('#footer').css("height"))+10);
+ };
+ $(window).resize(fix_padding_function);
+ $(window).load(fix_padding_function);
+
+ $(function () {
+ $('[data-toggle="tooltip"]').tooltip({ delay: { show: 600, hide: 100 }})
+ });
+
+/* generate anchors for headers, a la github and http://blog.parkermoore.de/2014/08/01/header-anchor-links-in-vanilla-javascript-for-github-pages-and-jekyll/ */
+var anchorForId = function (id, text) {
+ var anchor = document.createElement("a");
+ anchor.className = "header-link";
+ anchor.href = "#" + id;
+ anchor.innerHTML = "<i class=\"fa fa-link\"></i>";
+ return anchor;
+};
+
+var linkifyAnchors = function (level, containingElement) {
+ var headers = contentBlock.find("h" + level);
+ for (var h = 0; h < headers.length; h++) {
+ var header = headers[h];
+ if (typeof header.id !== "undefined" && header.id !== "") {
+ header.appendChild(anchorForId(header.id, $(header).text()));
+ }
+ }
+};
+
+$(function () {
+ contentBlock = $("#content_container");
+ if (!contentBlock) return;
+ for (var level = 1; level <= 6; level++) {
+ linkifyAnchors(level, contentBlock);
+ }
+});
+
+<!-- Copying and clipboard support -->
+
+// first make the $% line starts not selectable
+
+$(function() {
+ $('div.highlight').attr('oncopy', 'handleHideCopy(this)');
+ $('div.highlight').each(function(index,target) {
+ if ($(target).find('code.bash')) {
+ // Mark bash prompts from the start of each line (i.e. '$' or '%' characters
+ // at the very start, or immediately following any newline) as not-selectable.
+ // Handle continuation lines where a leading '$' or '%' is *not* a prompt character.
+ // (If example wants to exclude output, it can manually use class="nocopy".)
+ target.innerHTML = target.innerHTML.replace(/(^\s*|[^\\]\n)(<.*>)?([$%]|>) /g, '$1$2<span class="nocopy bash_prompt">$3 </span>');
+ }
+ });
+});
+
+// normal cmd-C (non-icon) copying
+
+function handleHideCopy(el) {
+// var origHtml = $(el).clone();
+ console.log("handling copy", el);
+ $(el).addClass('copying');
+ $(el).find('.nocopy').hide();
+ $(el).find('.clipboard_button').addClass('manual-clipboard-is-active');
+ setTimeout(function(){
+ $(el).removeClass('copying');
+ $(el).find('.clipboard_button').removeClass('manual-clipboard-is-active');
+ $(el).find('.nocopy').show();
+// $(el).html(origHtml);
+ }, 600);
+}
+
+// and icon (flash) copying
+
+</script>
+
+<script src="/style/js/zeroclipboard/ZeroClipboard.min.js"></script>
+
+<script language="JavaScript" type="application/javascript">
+
+ZeroClipboard.config({ moviePath: '/style/js/zeroclipboard/ZeroClipboard.swf' });
+
+$(function() {
+ $('div.highlight').prepend(
+ $('<div class="clipboard_container" title="Copy to Clipboard">'+
+ '<div class="fa clipboard_button">'+
+ '<div class="on-active"><div>Copied to Clipboard</div></div>'+
+ '</div></div>'));
+ $('div.clipboard_container').each(function(index) {
+ var clipboard = new ZeroClipboard();
+ clipboard.clip( $(this).find(":first")[0], $(this)[0] );
+ var target0 = $(this).next();
+ var target = target0.clone();
+ target.find('.nocopy').remove();
+ var txt = target.text();
+ clipboard.on( 'dataRequested', function (client, args) {
+ handleHideCopy( target0.closest('div.highlight') ); //not necessary but nicer feedback
+ client.setText( txt );
+ });
+ });
+});
+
+
+<!-- search -->
+ $(function() {
+ $('#simple_google')
+ .submit(function() {
+ $('input[name="q"]').val("site:" + document.location.hostname + " " + $('input[name="brooklyn-search"]').val());
+ return true;
+ });
+ $('input[name="brooklyn-search"]').focus(function() {
+ if ($(this).val() === $(this).attr('placeholder')) {
+ $(this).val('');
+ }
+ })
+ .blur(function() {
+ if ($(this).val() === '') {
+ $(this).val($(this).attr('placeholder'));
+ }
+ })
+ .blur();
+ });
+
+
+ <!-- analytics -->
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-30530918-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+
+
+<!-- page warning (for archive pages) -->
+
+
+ function get_user_versions() {
+ return $.cookie("brooklyn_versions") ? $.cookie("brooklyn_versions").split(",") : [];
+ };
+ function set_user_version(version) {
+ var version_cookie = get_user_versions();
+ version_cookie.push(version);
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function set_user_versions_all() {
+ var version_cookie = get_user_versions();
+ version_cookie.push("ALL");
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function clear_user_versions() {
+ $.removeCookie('brooklyn_versions', { path: '/' });
+ $('#page_notes').fadeIn('slow');
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+
+</script>
+
+</body>
+
+</html>
Added: brooklyn/site/community/security/CVE-2016-8744.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/security/CVE-2016-8744.html?rev=1782490&view=auto
==============================================================================
--- brooklyn/site/community/security/CVE-2016-8744.html (added)
+++ brooklyn/site/community/security/CVE-2016-8744.html Fri Feb 10 17:04:25 2017
@@ -0,0 +1,803 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+
+<head>
+
+
+<title>CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution - Apache Brooklyn</title>
+
+<meta http-equiv="content-type" content="text/html; charset=utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
+<link href="/style/deps/octicons/octicons.css" rel="stylesheet">
+<link href="/style/deps/bootstrap-theme.css" rel="stylesheet">
+
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
+<script src="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+<script type="text/javascript" src="/style/deps/jquery.cookie.js"></script>
+
+
+
+<link rel="stylesheet" href="/style/css/code.css" type="text/css" media="screen" />
+<link href="/style/css/website.css" rel="stylesheet">
+
+
+
+</head>
+
+
+<body>
+
+<nav class="navbar navbar-default navbar-fixed-top" id="header" role="navigation">
+ <div class="container-and-sidebars">
+
+ <div class="container-sidebar-left feather">
+ <a href="http://www.apache.org/">
+ <img src="/style/img/feather.png" alt="[Apache]" width="80" class="flip navbar-feather">
+ </a>
+ </div>
+
+ <div class="container container-between-sidebars top-menu">
+ <div class="container-fluid">
+ <!-- Brand and toggle get grouped for better mobile display -->
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/"><img src="/style/img/apache-brooklyn-logo-244px-wide.png" alt="brooklyn"></a>
+ </div>
+
+ <!-- Collect the nav links, forms, and other content for toggling -->
+ <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
+ <ul class="nav navbar-nav navbar-right">
+
+
+ <li class="dropdown">
+ <a href="/learnmore/index.html">learn more</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/learnmore/index.html">Learn More</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/learnmore/blueprint-tour.html">Blueprint Tour
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/features/index.html">Features
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/theory.html">Theory
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/catalog/index.html">Browse Catalog
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="">
+ <a href="/download/index.html">download</a>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/v/latest/start/index.html">get started</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/v/latest/start/index.html">Get Started</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/start/running.html">Running Apache Brooklyn
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/blueprints.html">Deploying Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/managing.html">Monitoring and Managing Applications
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/policies.html">Policies
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/concept-quickstart.html">Brooklyn Concepts Quickstart
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/documentation/index.html">documentation</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/documentation/index.html">Documentation</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/index.html">User Guide
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/yaml/creating-yaml.html">YAML Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/java/index.html">Java Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/ops/index.html">Operations
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <div class="dropdown_new_section"><hr></div>
+
+ <a href="/meta/versions.html">Versions
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/documentation/other-docs.html">Other Resources
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/community/index.html">community</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/community/index.html">Community</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/community/mailing-lists.html">Mailing Lists
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/irc.html">IRC
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/how-to-contribute-docs.html">Contributing Documentation
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/developers/index.html">developers</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/developers/index.html">Developers</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/developers/code/index.html">Get the Code
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/how-to-contribute.html">How to Contribute
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/committers/index.html">Committer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/code-standards.html">Code Standards
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/links.html">Handy Places
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="http://github.com/apache/brooklyn">GitHub
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+ </ul>
+ </div><!-- /.navbar-collapse -->
+ </div><!-- /.container-fluid -->
+ </div><!-- /.container -->
+
+ <div class="container-sidebar-right">
+ <div class="navbar-sidebar-right-icons">
+ <a href="https://github.com/apache/brooklyn" class="navbar-icon navbar-icon-shift icon-github"
+ data-toggle="tooltip" data-placement="bottom" title="GitHub: apache/brooklyn"/>
+ <a href="https://twitter.com/#!/search?q=brooklyncentral" class="navbar-icon navbar-icon-shift icon-twitter"
+ data-toggle="tooltip" data-placement="bottom" title="Twitter: @brooklyncentral"/>
+ <a href="http://webchat.freenode.net/?channels=brooklyncentral" class="navbar-icon icon-irc"
+ data-toggle="tooltip" data-placement="bottom" title="IRC: freenode #brooklyncentral"/>
+ <!-- extra a element seems needed as landing page seems to copy the last element here (!?)
+ -->
+ <a href="/" style="width: 0px; height: 0px;"></a>
+ </div>
+ </div>
+
+ </div>
+</nav>
+
+
+<div class="container" id="main_container">
+ <div class="row">
+ <div class="col-md-9" id="content_container">
+ <div id="page_notes"></div>
+ <h1>CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution</h1>
+ <h2 id="severity">Severity</h2>
+<p>Major</p>
+
+<h2 id="vendor">Vendor</h2>
+<p>The Apache Software Foundation</p>
+
+<h2 id="versions-affected">Versions Affected</h2>
+<p>Apache Brooklyn 0.9.0 and all prior versions</p>
+
+<h2 id="description">Description</h2>
+<p>Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.</p>
+
+<h2 id="solution">Solution</h2>
+<p>Upgrade to Apache Brooklyn 0.10.0. This changes the SnakeYAML configuration to limit unmarshalling to a white list of safe, basic, Java types. This change blocks YAML document inputs that use unsafe Java types.</p>
+
+<h2 id="temporary-mitigation-if-you-cannot-upgrade-to-0100">Temporary mitigation if you cannot upgrade to 0.10.0</h2>
+<p>Ensure your Apache Brooklyn instance is properly secured so that untrusted users cannot access Brooklyn’s API. User authentication should be configured with strong passwords, and access limited to known trusted individuals. Configure SSL/TLS. Installations of Apache Brooklyn should not be exposed to the Internet without considering the security implications. (This is general good practice for Apache Brooklyn installations.)</p>
+
+<h2 id="example-exploit">Example exploit</h2>
+<p>Consider this fragment of YAML:</p>
+
+<pre><code>!!java.util.Date
+date: 25
+month: 12
+year: 2016
+</code></pre>
+
+<p>If embedded into a YAML document and given to Apache Brooklyn’s API endpoint for new applications, it would cause SnakeYAML to instantiate java.util.Date and call setter methods on the instance. Although the Date type in this example is relatively benign, Date could be replaced by any other class available on Brooklyn’s classpath, which include classes that pose a security risk.</p>
+
+<h2 id="credit">Credit</h2>
+<p>This issue was discovered by Moritz Bechler of AgNO3 GmbH & Co. KG.</p>
+
+<h2 id="references">References</h2>
+<p><a href="http://www.apache.org/security/index.html">http://www.apache.org/security/index.html</a></p>
+
+ </div>
+
+ <div class="col-md-3">
+ <div class="list-group side-menu" id="side-menu">
+
+
+
+
+
+
+
+
+
+
+
+
+</div>
+<div id="width_reference"></div>
+
+
+<script language="JavaScript" type="application/javascript">
+
+
+sidemenu_x_sizer=function(){ $('#side-menu').width($('#side-menu').parent().find('#width_reference').outerWidth()); };
+$(sidemenu_x_sizer);
+$(window).resize(sidemenu_x_sizer);
+
+
+sidemenu_y_nonfloater=function(){
+ if ($('#side-menu').outerHeight(true) + $('#header').outerHeight(true) + $('#footer').outerHeight(true) > window.innerHeight ||
+ $('#side-menu').width() >= $('#content_container').width()/2) {
+ $('#side-menu').css('position', 'inherit');
+ } else {
+ // restore if screen has grown
+ $('#side-menu').css('position', 'fixed');
+ }
+};
+$(sidemenu_y_nonfloater);
+$(window).resize(sidemenu_y_nonfloater);
+
+
+
+var sideMenu = $("#side-menu"),
+ sideItems = sideMenu.find("a"),
+ // Anchors corresponding to menu items
+ scrollItems = sideItems.map(function(){
+ var item = $(this).attr("section-target");
+ if (item && item.length) { return item; }
+ });
+
+var highlight_section_last_top = -1;
+var highlight_section_completed = false;
+
+var highlight_section = function() {
+ // Get container scroll position
+ var highlight_section_new_top = $(this).scrollTop();
+ if (highlight_section_new_top == highlight_section_last_top) return;
+ var highlight_section_new_bottom = highlight_section_new_top + $(window).height();
+ var scroll_advancing = (highlight_section_new_top > highlight_section_last_top);
+
+ var last_item = null, active_item = $("#side-menu a.section#active");
+
+ var found_top = false;
+ var displayable_items = scrollItems.map(function(itemI){
+ item = $(scrollItems[itemI]);
+ if (item && item.length) {
+ if (highlight_section_last_top == -1 || !highlight_section_completed) {
+ // just opening page - take item matching hash, or otherwise the first item visible
+ if (item.selector === window.location.hash || (item.offset().top > highlight_section_new_top - 20 && !found_top)) {
+ found_top = true;
+ if (item.selector === window.location.hash && item.offset().top < highlight_section_new_top + 60) {
+ // because of our top header, we need to scroll 64px down from any link
+ $('html, body').animate({scrollTop: item.offset().top - 64}, 0);
+ }
+ return item;
+ }
+ } else if (scroll_advancing) {
+ // if scrolling advance, pick up a section when title starts before 1/3 height
+ if (item.offset().top < highlight_section_new_top + $(window).height()/3)
+ return item;
+
+ // or if containing div is finished (usu the whole main content)
+ div_containing_item = item.closest("div");
+ if (div_containing_item.offset().top + div_containing_item.height() < highlight_section_new_bottom + 15)
+ return item;
+ // or when next title is visible
+ if (last_item && item.offset().top < highlight_section_new_bottom + 15)
+ return last_item;
+ } else {
+ // if scrolling back, pick up a section as soon as the title is visible,
+ if (item.offset().top < highlight_section_new_top)
+ return item;
+ // or if title is before the 2/3 point
+ // (not sure about this, probably want also to have
+ // "AND the id.top is <= displayable_itemsrent_active_it.top" so we don't jump FORWARD a section
+ // when scrolling BACK, with lots of tiny sections)
+ if ((item.offset().top < highlight_section_new_top + 2*$(window).height()/3)
+ && (!active_item || !active_item.offset() || active_item.offset().top >= item.offset().top))
+ return item;
+
+ }
+ last_item = item;
+ }
+ });
+ if (!highlight_section_completed && document.readyState === "complete") {
+ highlight_section_completed = true;
+ }
+ if (!displayable_items.length) {
+ $("#side-menu a.section").removeClass("active");
+ } else {
+ displayable_items = displayable_items[displayable_items.length-1];
+ var id = displayable_items && displayable_items.length ? displayable_items[0].id : "";
+ // Set/remove active class
+ new_active = $("#side-menu a.section").filter("[section-target='#"+id+"']");
+ if (new_active.hasClass("active")) {
+ // nothing needed
+ } else {
+ $("#side-menu a.section").removeClass("active");
+ $("#side-menu a.section").filter("[section-target='#"+id+"']").addClass("active");
+ }
+ }
+
+ highlight_section_last_top = highlight_section_new_top;
+};
+var highlight_new_section = function() {
+ highlight_section_completed = false;
+ highlight_section_last_top = -1;
+ highlight_section();
+}
+
+$(window).scroll(highlight_section);
+$(highlight_new_section);
+
+// detect link change - courtesy http://www.bennadel.com/blog/1520-binding-events-to-non-dom-objects-with-jquery.htm
+ (
+ function( $ ){
+ // Default to the current location.
+ var strLocation = window.location.href;
+ var strHash = window.location.hash;
+ var strPrevLocation = "";
+ var strPrevHash = "";
+
+ // This is how often we will be checkint for
+ // changes on the location.
+ var intIntervalTime = 100;
+
+ // This method removes the pound from the hash.
+ var fnCleanHash = function( strHash ){
+ return(
+ strHash.substring( 1, strHash.length )
+ );
+ }
+
+ // This will be the method that we use to check
+ // changes in the window location.
+ var fnCheckLocation = function(){
+ // Check to see if the location has changed.
+ if (strLocation != window.location.href){
+
+ // Store the new and previous locations.
+ strPrevLocation = strLocation;
+ strPrevHash = strHash;
+ strLocation = window.location.href;
+ strHash = window.location.hash;
+
+ // The location has changed. Trigger a
+ // change event on the location object,
+ // passing in the current and previous
+ // location values.
+ $( window.location ).trigger(
+ "change",
+ {
+ currentHref: strLocation,
+ currentHash: fnCleanHash( strHash ),
+ previousHref: strPrevLocation,
+ previousHash: fnCleanHash( strPrevHash )
+ }
+ );
+
+ }
+ }
+
+ // Set an interval to check the location changes.
+ setInterval( fnCheckLocation, intIntervalTime );
+ }
+ )( jQuery );
+// and trigger highlight section on link change
+$(window.location).bind("change", highlight_new_section);
+
+</script>
+
+ </div>
+ </div>
+</div>
+
+<div id="footer">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-10 text-muted">
+ Apache Brooklyn is distributed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License v2.0</a>.
+ </div>
+ <div class="col-md-2">
+ <a class="btn btn-sm btn-default" href="https://github.com/apache/brooklyn-docs/edit/master/website/community/security/CVE-2016-8744.md">Edit This Page</a>
+ <a href="https://brooklyn.apache.org/community/how-to-contribute-docs.html"
+ data-toggle="tooltip" data-placement="top" title="How to Edit Documentation" data-delay="400"/>
+ <span class="octicon octicon-question octicon-footer"></span>
+ </a>
+ </div>
+ </div>
+ </div>
+</div>
+
+
+
+
+<script language="JavaScript" type="application/javascript">
+
+ fix_padding_function = function () {
+ $('body').css('padding-top', parseInt($('#header').css("height"))+10);
+ $('body').css('padding-bottom', parseInt($('#footer').css("height"))+10);
+ };
+ $(window).resize(fix_padding_function);
+ $(window).load(fix_padding_function);
+
+ $(function () {
+ $('[data-toggle="tooltip"]').tooltip({ delay: { show: 600, hide: 100 }})
+ });
+
+/* generate anchors for headers, a la github and http://blog.parkermoore.de/2014/08/01/header-anchor-links-in-vanilla-javascript-for-github-pages-and-jekyll/ */
+var anchorForId = function (id, text) {
+ var anchor = document.createElement("a");
+ anchor.className = "header-link";
+ anchor.href = "#" + id;
+ anchor.innerHTML = "<i class=\"fa fa-link\"></i>";
+ return anchor;
+};
+
+var linkifyAnchors = function (level, containingElement) {
+ var headers = contentBlock.find("h" + level);
+ for (var h = 0; h < headers.length; h++) {
+ var header = headers[h];
+ if (typeof header.id !== "undefined" && header.id !== "") {
+ header.appendChild(anchorForId(header.id, $(header).text()));
+ }
+ }
+};
+
+$(function () {
+ contentBlock = $("#content_container");
+ if (!contentBlock) return;
+ for (var level = 1; level <= 6; level++) {
+ linkifyAnchors(level, contentBlock);
+ }
+});
+
+<!-- Copying and clipboard support -->
+
+// first make the $% line starts not selectable
+
+$(function() {
+ $('div.highlight').attr('oncopy', 'handleHideCopy(this)');
+ $('div.highlight').each(function(index,target) {
+ if ($(target).find('code.bash')) {
+ // Mark bash prompts from the start of each line (i.e. '$' or '%' characters
+ // at the very start, or immediately following any newline) as not-selectable.
+ // Handle continuation lines where a leading '$' or '%' is *not* a prompt character.
+ // (If example wants to exclude output, it can manually use class="nocopy".)
+ target.innerHTML = target.innerHTML.replace(/(^\s*|[^\\]\n)(<.*>)?([$%]|>) /g, '$1$2<span class="nocopy bash_prompt">$3 </span>');
+ }
+ });
+});
+
+// normal cmd-C (non-icon) copying
+
+function handleHideCopy(el) {
+// var origHtml = $(el).clone();
+ console.log("handling copy", el);
+ $(el).addClass('copying');
+ $(el).find('.nocopy').hide();
+ $(el).find('.clipboard_button').addClass('manual-clipboard-is-active');
+ setTimeout(function(){
+ $(el).removeClass('copying');
+ $(el).find('.clipboard_button').removeClass('manual-clipboard-is-active');
+ $(el).find('.nocopy').show();
+// $(el).html(origHtml);
+ }, 600);
+}
+
+// and icon (flash) copying
+
+</script>
+
+<script src="/style/js/zeroclipboard/ZeroClipboard.min.js"></script>
+
+<script language="JavaScript" type="application/javascript">
+
+ZeroClipboard.config({ moviePath: '/style/js/zeroclipboard/ZeroClipboard.swf' });
+
+$(function() {
+ $('div.highlight').prepend(
+ $('<div class="clipboard_container" title="Copy to Clipboard">'+
+ '<div class="fa clipboard_button">'+
+ '<div class="on-active"><div>Copied to Clipboard</div></div>'+
+ '</div></div>'));
+ $('div.clipboard_container').each(function(index) {
+ var clipboard = new ZeroClipboard();
+ clipboard.clip( $(this).find(":first")[0], $(this)[0] );
+ var target0 = $(this).next();
+ var target = target0.clone();
+ target.find('.nocopy').remove();
+ var txt = target.text();
+ clipboard.on( 'dataRequested', function (client, args) {
+ handleHideCopy( target0.closest('div.highlight') ); //not necessary but nicer feedback
+ client.setText( txt );
+ });
+ });
+});
+
+
+<!-- search -->
+ $(function() {
+ $('#simple_google')
+ .submit(function() {
+ $('input[name="q"]').val("site:" + document.location.hostname + " " + $('input[name="brooklyn-search"]').val());
+ return true;
+ });
+ $('input[name="brooklyn-search"]').focus(function() {
+ if ($(this).val() === $(this).attr('placeholder')) {
+ $(this).val('');
+ }
+ })
+ .blur(function() {
+ if ($(this).val() === '') {
+ $(this).val($(this).attr('placeholder'));
+ }
+ })
+ .blur();
+ });
+
+
+ <!-- analytics -->
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-30530918-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+
+
+<!-- page warning (for archive pages) -->
+
+
+ function get_user_versions() {
+ return $.cookie("brooklyn_versions") ? $.cookie("brooklyn_versions").split(",") : [];
+ };
+ function set_user_version(version) {
+ var version_cookie = get_user_versions();
+ version_cookie.push(version);
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function set_user_versions_all() {
+ var version_cookie = get_user_versions();
+ version_cookie.push("ALL");
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function clear_user_versions() {
+ $.removeCookie('brooklyn_versions', { path: '/' });
+ $('#page_notes').fadeIn('slow');
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+
+</script>
+
+</body>
+
+</html>