This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new 4e68894a1 fix security risk of SQL injection (#1121)
4e68894a1 is described below
commit 4e68894a1c54d763ac2697ea1ac993793da4107c
Author: Xun Liu <[email protected]>
AuthorDate: Wed Mar 27 08:06:12 2024 +0800
fix security risk of SQL injection (#1121)
---
.../main/java/org/apache/submarine/server/SubmarineServer.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git
a/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
b/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
index 5a3f9b8b9..c79464624 100644
---
a/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
+++
b/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
@@ -123,13 +123,17 @@ public class SubmarineServer extends ResourceConfig {
}
});
- setupRestApiContextHandler(webApp, conf);
+ // There is a security risk of SQL injection here,
+ // note that the RESTful interface cannot be provided until this is
resolved
+ // setupRestApiContextHandler(webApp, conf);
// Cookie config
setCookieConfig(webApp);
+ // There is a security risk of SQL injection here,
+ // note that the RESTful interface cannot be provided until this is
resolved
// Notebook server
- setupNotebookServer(webApp, conf, sharedServiceLocator);
+ // setupNotebookServer(webApp, conf, sharedServiceLocator);
// Cluster Server
// Cluster Server is useless for submarine now. Shield it to improve
performance.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
