You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geode.apache.org by Travis CI <bu...@travis-ci.org> on 2017/09/20 18:02:16 UTC

Passed: apache/geode#3918 (rel/v1.2.1 - 0b881b5)

Build Update for apache/geode
-------------------------------------

Build: #3918
Status: Passed

Duration: 9 minutes and 14 seconds
Commit: 0b881b5 (rel/v1.2.1)
Author: Bruce Schuchardt
Message: GEODE-3249 Validate internal client/server messages

This change leaves the security hole in place but allows you to plug
it by setting the system property

geode.disallow-internal-messages-without-credentials=true

Clients must be upgraded to the release containing this change if you
set this system property to true and client/server authentication is
enabled.  Otherwise client messages to register PDX types or
Instantiators will be rejected by the servers.

New tests have been added to perform backward-compatibility testing
with the old security implementation and the internal message command
classes have been modified to perform validation of credentials if
the system property is set to true.

(cherry picked from commit abbb359fe59ea3e74462fe48890918108a0edda3)

View the changeset: https://github.com/apache/geode/compare/rel/v1.2.1

View the full build log and details: https://travis-ci.org/apache/geode/builds/277875254?utm_source=email&utm_medium=notification

--

You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications