VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Release Note:
      Hide
      This issue reverts fixes designed to prevent malicious content from rendering in HBase's UIs. Specifically, these changes shipped in 1.1.4+ and 1.2.0+. They were removed due to licensing issues discovered in the dependencies they introduced. Their implementation and those dependencies have been removed from HBase! Removal of these dependencies is against the strict definition of our version compatibility guidelines. However, inclusion of non-Apache approved licenses cannot be tolerated. Implementation of these fixes using an Apache-appropriate means is tracked in HBASE-16328.
      Show
      This issue reverts fixes designed to prevent malicious content from rendering in HBase's UIs. Specifically, these changes shipped in 1.1.4+ and 1.2.0+. They were removed due to licensing issues discovered in the dependencies they introduced. Their implementation and those dependencies have been removed from HBase! Removal of these dependencies is against the strict definition of our version compatibility guidelines. However, inclusion of non-Apache approved licenses cannot be tolerated. Implementation of these fixes using an Apache-appropriate means is tracked in HBASE-16328 .

      Description

      to unblock releases, we'll start cleaning up the category-x problem by reverting all the ESAPI changes.

      we should try to include a release note with what this means we'll be vulnerable to.

        Attachments

        1. HBASE-16317.v00.branch-1.1.patch
          54 kB
          Nick Dimiduk
        2. HBASE-16317.v00.branch-1.2.patch
          54 kB
          Nick Dimiduk
        3. HBASE-16317.v00.branch-1.3.patch
          54 kB
          Nick Dimiduk
        4. HBASE-16317.v00.branch-1.patch
          54 kB
          Nick Dimiduk
        5. HBASE-16317.v00.master.patch
          58 kB
          Nick Dimiduk

        Issue Links

          Activity

            People

            • Assignee:
              ndimiduk Nick Dimiduk
              Reporter:
              busbey Sean Busbey

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment