[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17916317#comment-17916317
]
AlexVazquez commented on RANGER-4038:
-------------------------------------
Sorry for the delay, I’ve been trying to update to 6.2.1, but I can’t. There
are several changes in the core container, and it throws errors when
registering dependencies in the container. Apparently, it’s stricter now and
doesn’t accept generic types, among other things.
[https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-6.2-Release-Notes#core-container]
On the other hand, regarding what you mentioned, yes, I’ve tested it and
haven’t noticed anything unusual. I have to admit that I’m using the default
configuration, which might be simplifying everything.
{code:java}
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==>
PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - User Group Mapping:
{"userName":null,"noOfNewUsers":0,"noOfNewGroups":0,"noOfModifiedUsers":0,"noOfModifiedGroups":0,"syncSource":"Unix","sessionId":null,"ldapSyncSourceInfo":null,"unixSyncSourceInfo":{"unixBackend":"passwd","fileName":"/etc/passwd","syncTime":"2025-01-22
15:17:42","lastModified":"2024-12-16
11:52:20","minUserId":"500","minGroupId":"500","totalUsersSynced":19,"totalGroupsSynced":5,"totalUsersDeleted":0,"totalGroupsDeleted":0},"fileSyncSourceInfo":null}
22 Jan 2025 15:17:42 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - valid cookie saved
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <==
PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - REST response from /service/xusers/ugsync/auditinfo/ : {
"id" : 178,
"createDate" : "2025-01-22T15:17:42Z",
"updateDate" : "2025-01-22T15:17:42Z",
"owner" : "rangerusersync",
"updatedBy" : "rangerusersync",
"eventTime" : "2025-01-22T15:17:42Z",
"userName" : "rangerusersync",
"noOfNewUsers" : 0,
"noOfNewGroups" : 0,
"noOfModifiedUsers" : 0,
"noOfModifiedGroups" : 0,
"syncSource" : "Unix",
"sessionId" : "24",
"syncSourceInfo" : {
"unixBackend" : "passwd",
"fileName" : "/etc/passwd",
"syncTime" : "2025-01-22 15:17:42",
"lastModified" : "2024-12-16 11:52:20",
"minUserId" : "500",
"minGroupId" : "500",
"totalUsersSynced" : "19",
"totalGroupsSynced" : "5",
"totalUsersDeleted" : "0",
"totalGroupsDeleted" : "0"
}
}
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - AuditInfo Creation successful
22 Jan 2025 15:17:42 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()
22 Jan 2025 15:17:42 INFO o.a.r.u.UserGroupSync [UnixUserSyncThread] - End:
update user/group from source==>sink
22 Jan 2025 15:17:42 DEBUG o.a.r.u.UserGroupSync [UnixUserSyncThread] -
Sleeping for [300000] milliSeconds{code}
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
