[
https://issues.apache.org/jira/browse/KYLIN-5981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guoliang Sun updated KYLIN-5981:
--------------------------------
Description:
The following high-risk security vulnerabilities need to be fixed, among which
CVE-2024-34750 has been fixed
was:
This problem is due to the fact that the partial playback mechanism used for
audit log playback in real-time tasks uses the path containing the model ID for
filtering. After metadata reconstruction, the partial metadata path of the
audit log does not contain the model ID.
The fix is to add a model_uuid field to the audit log table. The audit log of
metadata changes related to fact tasks will be marked with model_uuid, and
model_uuid is used for filtering during partial playback.
> Security Vulnerabilities: Scanning found high-risk security vulnerabilities
> ---------------------------------------------------------------------------
>
> Key: KYLIN-5981
> URL: https://issues.apache.org/jira/browse/KYLIN-5981
> Project: Kylin
> Issue Type: Bug
> Affects Versions: 5.0.0
> Reporter: Guoliang Sun
> Assignee: Guoliang Sun
> Priority: Major
> Attachments: e054c47d-6411-4191-8093-3a57ec1fdcd9.png
>
>
> The following high-risk security vulnerabilities need to be fixed, among
> which CVE-2024-34750 has been fixed
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
