Hi Madhan, Melinda Crane of Snapchat raised some concerns over XSS issues that have gone unanswered.
Particularly: 1. the CSP allows unsafe-inline and unsafe-eval 2. the backend JSON content provider doesn't appear to do any sort of force escaping on HTML sensitive characters webapp/src/main/java/org/apache/atlas/web/filters/HeadersUtil.java:44 I think it would be great those concerns could be addressed or debunked before release? Cheers Bolke Sent from my iPhone > On 6 Jun 2020, at 19:22, Madhan Neethiraj <mad...@apache.org> wrote: > > (resending with plain-text format) > > Atlas team, > > Apache Atlas 2.1.0 rc1, with following fixes since rc0, is now available for > vote within dev community. > > ATLAS-3770: UI(Classic): Active and Deleted hyperlinks for certain > entities throwing error on click > ATLAS-3766: Stats modal not close issue #2 > ATLAS-3674: ZipFileMigationImporter: Migration status display fix. Part 2 > > Links to the release artifacts are given below. Please review and vote. > > The vote will be open for at least 72 hours or until necessary votes are > reached. > [ ] +1 Approve > [ ] +0 No opinion > [ ] -1 Disapprove (and reason why) > > Thanks, > Madhan > > > List of all issues addressed in this release: > https://issues.apache.org/jira/issues/?jql=project=ATLAS AND status=Resolved > AND fixVersion=2.1.0 ORDER BY key DESC > > Git tag for the release: > https://github.com/apache/atlas/tree/release-2.1.0-rc1 > Sources for the release: > https://dist.apache.org/repos/dist/dev/atlas/2.1.0-rc1/apache-atlas-2.1.0-sources.tar.gz > > Source release verification: > PGP Signature: > https://dist.apache.org/repos/dist/dev/atlas/2.1.0-rc1/apache-atlas-2.1.0-sources.tar.gz.asc > SHA512 Hash: > https://dist.apache.org/repos/dist/dev/atlas/2.1.0-rc1/apache-atlas-2.1.0-sources.tar.gz.sha512 > MD5 Hash: > https://dist.apache.org/repos/dist/dev/atlas/2.1.0-rc1/apache-atlas-2.1.0-sources.tar.gz.md5 > > Keys to verify the signature of the release artifacts are available at: > https://dist.apache.org/repos/dist/release/atlas/KEYS > > New features/enhancements: > - Quick Search: provides a simpler search experience with type-ahead > suggestions > - Business Metadata: enables augmenting entity-types with additional > attributes, search entities using these attributes > - Labels: ability to add/remove labels on entities, and search entities > using labels > - Custom Attributes: ability to add entity instance specific custom > attributes i.e. attributes not defined in entity-def or business metadata > - Entity Purge: added REST APIs to purge deleted entities > > Enhancements: > - Search: ability to find entities by more than one classification > - Performance: improvements in lineage retrieval and > classification-propagation > - Notification: ability to process notifications from multiple Kafka topics > - Hive Hook: tracks process-executions via hive_process_execution entities > - Hive Hook: captures DDL operations via hive_db_ddl and hive_table_ddl > entities > - Notification: introduced shell entities to record references to > non-existing entities in notifications > - Spark: added model to capture Spark entities, processes and relationships > - AWS S3: introduced updated model to capture AWS S3 entities and > relationships > - ADLS-Gen2: introduced model to capture Azure Data Lake Storage Gen2 > entities and relationships > - Dependencies: JanusGraph 0.5.1, Tinkerpop 3.4.6, Spring Framework 4.3.20 > - Authorization: updated to cover new features, like: business metadata, > labels, purge > - UI: multiple UI improvements, including a beta UI > > > > > >
