Details

    • Release Note:
      Hide
      This issue reverts fixes designed to prevent malicious content from rendering in HBase's UIs. Specifically, these changes shipped in 1.1.4+ and 1.2.0+. They were removed due to licensing issues discovered in the dependencies they introduced. Their implementation and those dependencies have been removed from HBase! Removal of these dependencies is against the strict definition of our version compatibility guidelines. However, inclusion of non-Apache approved licenses cannot be tolerated. Implementation of these fixes using an Apache-appropriate means is tracked in HBASE-16328.
      Show
      This issue reverts fixes designed to prevent malicious content from rendering in HBase's UIs. Specifically, these changes shipped in 1.1.4+ and 1.2.0+. They were removed due to licensing issues discovered in the dependencies they introduced. Their implementation and those dependencies have been removed from HBase! Removal of these dependencies is against the strict definition of our version compatibility guidelines. However, inclusion of non-Apache approved licenses cannot be tolerated. Implementation of these fixes using an Apache-appropriate means is tracked in HBASE-16328 .

      Description

      to unblock releases, we'll start cleaning up the category-x problem by reverting all the ESAPI changes.

      we should try to include a release note with what this means we'll be vulnerable to.

        Attachments

        1. HBASE-16317.v00.master.patch
          58 kB
          Nick Dimiduk
        2. HBASE-16317.v00.branch-1.patch
          54 kB
          Nick Dimiduk
        3. HBASE-16317.v00.branch-1.3.patch
          54 kB
          Nick Dimiduk
        4. HBASE-16317.v00.branch-1.2.patch
          54 kB
          Nick Dimiduk
        5. HBASE-16317.v00.branch-1.1.patch
          54 kB
          Nick Dimiduk

          Issue Links

            Activity

              People

              • Assignee:
                ndimiduk Nick Dimiduk
                Reporter:
                busbey Sean Busbey
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: