You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by jb...@apache.org on 2015/05/28 00:02:27 UTC
[1/3] cassandra git commit: Explain that UDF security manager will be
coming in 3.0
Repository: cassandra
Updated Branches:
refs/heads/cassandra-2.2 7aafe053e -> 61bea5a0d
refs/heads/trunk d91eb0116 -> 03f556ffa
Explain that UDF security manager will be coming in 3.0
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/61bea5a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/61bea5a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/61bea5a0
Branch: refs/heads/cassandra-2.2
Commit: 61bea5a0d944ef446c0187796db7b33f0d872da5
Parents: 7aafe05
Author: Jonathan Ellis <jb...@apache.org>
Authored: Wed May 27 17:02:01 2015 -0500
Committer: Jonathan Ellis <jb...@apache.org>
Committed: Wed May 27 17:02:06 2015 -0500
----------------------------------------------------------------------
NEWS.txt | 11 ++++++++---
conf/cassandra.yaml | 6 ++++--
2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index 98f0499..cc80cc1 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -53,9 +53,14 @@ New features
been added to CQL.
************************************************************************
IMPORTANT NOTE: user-defined functions can be used to execute
- arbitrary and possibly evil code in Cassandra 2.2-beta1.
- To enable UDFs edit cassandra.yaml and set enable_user_defined_functions
- to true. CASSANDRA-9402 will add a security manager for UDFs.
+ arbitrary and possibly evil code in Cassandra 2.2, and are
+ therefore disabled by default. To enable UDFs edit
+ cassandra.yaml and set enable_user_defined_functions to true.
+
+ CASSANDRA-9402 will add a security manager for UDFs in Cassandra
+ 3.0. This will inherently be backwards-incompatible with any 2.2
+ UDF that perform insecure operations such as opening a socket or
+ writing to the filesystem.
************************************************************************
- Row-cache is now fully off-heap.
- jemalloc is now automatically preloaded and used on Linux and OS-X if
http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/conf/cassandra.yaml
----------------------------------------------------------------------
diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml
index fb103fa..04a78bd 100644
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@ -845,6 +845,8 @@ tracetype_query_ttl: 86400
tracetype_repair_ttl: 604800
# UDFs (user defined functions) are disabled by default.
-# As of Cassandra 2.2-beta1, there is no security manager or anything else in place that
-# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 2.2-rc1.
+# As of Cassandra 2.2, there is no security manager or anything else in place that
+# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 3.0.
+# This will inherently be backwards-incompatible with any 2.2 UDF that perform insecure
+# operations such as opening a socket or writing to the filesystem.
enable_user_defined_functions: false
[2/3] cassandra git commit: Explain that UDF security manager will be
coming in 3.0
Posted by jb...@apache.org.
Explain that UDF security manager will be coming in 3.0
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/61bea5a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/61bea5a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/61bea5a0
Branch: refs/heads/trunk
Commit: 61bea5a0d944ef446c0187796db7b33f0d872da5
Parents: 7aafe05
Author: Jonathan Ellis <jb...@apache.org>
Authored: Wed May 27 17:02:01 2015 -0500
Committer: Jonathan Ellis <jb...@apache.org>
Committed: Wed May 27 17:02:06 2015 -0500
----------------------------------------------------------------------
NEWS.txt | 11 ++++++++---
conf/cassandra.yaml | 6 ++++--
2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index 98f0499..cc80cc1 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -53,9 +53,14 @@ New features
been added to CQL.
************************************************************************
IMPORTANT NOTE: user-defined functions can be used to execute
- arbitrary and possibly evil code in Cassandra 2.2-beta1.
- To enable UDFs edit cassandra.yaml and set enable_user_defined_functions
- to true. CASSANDRA-9402 will add a security manager for UDFs.
+ arbitrary and possibly evil code in Cassandra 2.2, and are
+ therefore disabled by default. To enable UDFs edit
+ cassandra.yaml and set enable_user_defined_functions to true.
+
+ CASSANDRA-9402 will add a security manager for UDFs in Cassandra
+ 3.0. This will inherently be backwards-incompatible with any 2.2
+ UDF that perform insecure operations such as opening a socket or
+ writing to the filesystem.
************************************************************************
- Row-cache is now fully off-heap.
- jemalloc is now automatically preloaded and used on Linux and OS-X if
http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/conf/cassandra.yaml
----------------------------------------------------------------------
diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml
index fb103fa..04a78bd 100644
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@ -845,6 +845,8 @@ tracetype_query_ttl: 86400
tracetype_repair_ttl: 604800
# UDFs (user defined functions) are disabled by default.
-# As of Cassandra 2.2-beta1, there is no security manager or anything else in place that
-# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 2.2-rc1.
+# As of Cassandra 2.2, there is no security manager or anything else in place that
+# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 3.0.
+# This will inherently be backwards-incompatible with any 2.2 UDF that perform insecure
+# operations such as opening a socket or writing to the filesystem.
enable_user_defined_functions: false
[3/3] cassandra git commit: Merge branch 'cassandra-2.2' into trunk
Posted by jb...@apache.org.
Merge branch 'cassandra-2.2' into trunk
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/03f556ff
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/03f556ff
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/03f556ff
Branch: refs/heads/trunk
Commit: 03f556ffa8718754fe4eb329af2002d83ffc7147
Parents: d91eb01 61bea5a
Author: Jonathan Ellis <jb...@apache.org>
Authored: Wed May 27 17:02:12 2015 -0500
Committer: Jonathan Ellis <jb...@apache.org>
Committed: Wed May 27 17:02:12 2015 -0500
----------------------------------------------------------------------
NEWS.txt | 11 ++++++++---
conf/cassandra.yaml | 6 ++++--
2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------