You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tez.apache.org by "Sam An (JIRA)" <ji...@apache.org> on 2019/05/28 20:48:00 UTC

[jira] [Created] (TEZ-4072) find and remove insecure URLs in Tez

Sam An created TEZ-4072:
---------------------------

             Summary: find and remove insecure URLs in Tez
                 Key: TEZ-4072
                 URL: https://issues.apache.org/jira/browse/TEZ-4072
             Project: Apache Tez
          Issue Type: Bug
    Affects Versions: 0.9.2
            Reporter: Sam An


{quote}We request that you review any build scripts and configurations for
insecure urls where appropriate to your projects, fix them asap, and
report back if you had to change anything to [security@apache.org|mailto:security@apache.org] by
the 31st May 2019.

The most common finding was HTTP references to repos like [maven.org|http://maven.org/] in
build files (Gradle, Maven, SBT, or other tools).  Here is an example
showing repositories being used with http urls that should be changed
to https:

[https://github.com/apache/flink/blob/d1542e9561c6235feb902c9c6d781ba416b8f784/pom.xml#L1017-L1038]

Note that searching for http:// might not be enough, look for http\://
too due to escaping.{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)