[GitHub] [cloudstack] vladimirpetrov commented on issue #4535: UI allows ISO images, uploaded/registered as not extractable to be downloaded

vladimirpetrov commented on issue #4535: URL: https://github.com/apache/cloudstack/issues/4535#issuecomment-747301918 I did, @rhtyd , the issue is there: 

[GitHub] [cloudstack] vladimirpetrov edited a comment on issue #4535: UI allows ISO images, uploaded/registered as not extractable to be downloaded

vladimirpetrov edited a comment on issue #4535: URL: https://github.com/apache/cloudstack/issues/4535#issuecomment-747301918 I did, @rhtyd , we have the same problem on 4.15 RC2: ![image](https://user-images.githubusercontent.com/12384665/102465013-cc5d5a80-4055-11eb-93b0-3da4628486

[GitHub] [cloudstack] weizhouapache opened a new issue #4550: Potential security issue with novnc console

weizhouapache opened a new issue #4550: URL: https://github.com/apache/cloudstack/issues/4550 The url in iframe of novnc console can be used without user login. When open a vm console, and open the source of page, we get the real link of novnc console. we are able to access the no

[GitHub] [cloudstack] weizhouapache commented on issue #4550: Potential security issue with novnc console

weizhouapache commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747370149 @davidjumani @DaanHoogland @rhtyd @PaulAngus @andrijapanicsb your opinions ? This is

[GitHub] [cloudstack] rhtyd commented on issue #4550: Potential security issue with novnc console

rhtyd commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747418180 @weizhouapache can you check again? I tried to login, open the console and then log out and refresh the console page and it failed the console session as before: ![Screenshot fro

[GitHub] [cloudstack] weizhouapache commented on issue #4550: Potential security issue with novnc console

weizhouapache commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747423030 > @weizhouapache can you check again? I tried to login, open the console and then log out and refresh the console page and it failed the console session as before: > ![Sc

[GitHub] [cloudstack] rhtyd commented on issue #4550: Potential security issue with novnc console

rhtyd commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747426941 I suppose it's not a security issue as long as the user is logged in and has access to the VM. This is an automate

[GitHub] [cloudstack] rhtyd commented on issue #4550: Potential security issue with novnc console

rhtyd commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747427157 Can you check, I think it's the same behaviour as old console proxy This is an automated message from the Apache Gi

[GitHub] [cloudstack] weizhouapache commented on issue #4550: Potential security issue with novnc console

weizhouapache commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747436198 > I suppose it's not a security issue as long as the user is logged in and has access to the VM. @rhtyd user can access the vm via URL in the page source, on othe

[GitHub] [cloudstack] rhtyd commented on issue #4550: Potential security issue with novnc console

rhtyd commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747438339 Yes @weizhouapache but I think the old console also worked like that, if the old console had some auth mechanism that novnc doesn't then we should treat it like a regression, or if

[GitHub] [cloudstack] GabrielBrascher commented on a change in pull request #4548: Bug/disk order bug during ingest

GabrielBrascher commented on a change in pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#discussion_r545097697 ## File path: server/src/test/java/org/apache/cloudstack/vm/UnmanagedVMsManagerImplTest.java ## @@ -368,6 +358,12 @@ public void importUnmanag

[GitHub] [cloudstack] vladimirpetrov closed issue #4541: ISO image uploaded with 'Featured' attribute does not show in the

vladimirpetrov closed issue #4541: URL: https://github.com/apache/cloudstack/issues/4541 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to g

[GitHub] [cloudstack] vladimirpetrov commented on issue #4541: ISO image uploaded with 'Featured' attribute does not show in the

vladimirpetrov commented on issue #4541: URL: https://github.com/apache/cloudstack/issues/4541#issuecomment-747481213 Agree with Andrija here, closing the issue. This is an automated message from the Apache Git Service. To re

[GitHub] [cloudstack] PaulAngus commented on issue #4550: Potential security issue with novnc console

PaulAngus commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747584205 @weizhouapache @davidjumani @DaanHoogland @rhtyd @PaulAngus @andrijapanicsb lets take this conversation to the security list which is now private@ ---

[GitHub] [cloudstack] davidjumani commented on issue #4550: Potential security issue with novnc console

davidjumani commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747870084 @weizhouapache Bit late to the party but I tried the same steps and was able to reproduce it on the old console proxy as well. I don't believe it is a bug but could be a poten

[GitHub] [cloudstack] davidjumani edited a comment on issue #4550: Potential security issue with novnc console

davidjumani edited a comment on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747870084 @weizhouapache Bit late to the party but I tried the same steps and was able to reproduce it on the old console proxy as well. I don't believe it is a bug but could be

[GitHub] [cloudstack] rhtyd commented on pull request #4540: Bug/unmanaged ingest exceptions #4539

rhtyd commented on pull request #4540: URL: https://github.com/apache/cloudstack/pull/4540#issuecomment-747876539 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please

[GitHub] [cloudstack] blueorangutan commented on pull request #4540: Bug/unmanaged ingest exceptions #4539

blueorangutan commented on pull request #4540: URL: https://github.com/apache/cloudstack/pull/4540#issuecomment-747876687 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests Thi

[GitHub] [cloudstack] rhtyd commented on pull request #4548: Bug/disk order bug during ingest

rhtyd commented on pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#issuecomment-747876772 @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, ple

[GitHub] [cloudstack] blueorangutan commented on pull request #4548: Bug/disk order bug during ingest

blueorangutan commented on pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#issuecomment-747877000 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This

[GitHub] [cloudstack] rhtyd commented on pull request #4524: Display lb rule name instead of uuid

rhtyd commented on pull request #4524: URL: https://github.com/apache/cloudstack/pull/4524#issuecomment-747877167 @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, ple

[GitHub] [cloudstack] blueorangutan commented on pull request #4524: Display lb rule name instead of uuid

blueorangutan commented on pull request #4524: URL: https://github.com/apache/cloudstack/pull/4524#issuecomment-747877318 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This

[GitHub] [cloudstack] rhtyd commented on pull request #4493: Recover VM not able to attach the data disks which were attached before destroy

rhtyd commented on pull request #4493: URL: https://github.com/apache/cloudstack/pull/4493#issuecomment-747878238 @DaanHoogland this is marked critical, are we considering this in 4.15? @weizhouapache @wido @kiwiflyer @GabrielBrascher what do you think about the behaviour and the fix, sh

[GitHub] [cloudstack] Pearl1594 opened a new pull request #4551: Cleanup volume information from db when deleted

Pearl1594 opened a new pull request #4551: URL: https://github.com/apache/cloudstack/pull/4551 ### Description This PR aims at fixing the issue caused when: - download a Volume (such that there is a record in the volume_store_ref table) - migrate the same volume from one primar

[GitHub] [cloudstack] rhtyd commented on pull request #4551: Cleanup volume information from db when deleted

rhtyd commented on pull request #4551: URL: https://github.com/apache/cloudstack/pull/4551#issuecomment-747890343 @blueorangutan package This is an automated message from the Apache Git Service. To respond to the message, ple

[GitHub] [cloudstack] blueorangutan commented on pull request #4551: Cleanup volume information from db when deleted

blueorangutan commented on pull request #4551: URL: https://github.com/apache/cloudstack/pull/4551#issuecomment-747890520 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. This

[GitHub] [cloudstack] weizhouapache commented on pull request #4551: Cleanup volume information from db when deleted

weizhouapache commented on pull request #4551: URL: https://github.com/apache/cloudstack/pull/4551#issuecomment-747891972 @Pearl1594 as far as I remember, there is a thread in StorageManager to cleanup the download urls and remove the Expunged volumes. I suggest (1) not to change tha

[GitHub] [cloudstack] blueorangutan commented on pull request #4548: Bug/disk order bug during ingest

blueorangutan commented on pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#issuecomment-747902377 Packaging result: ✔centos7 ✔centos8 ✔debian. JID-2498 This is an automated message from the Apache Git

[GitHub] [cloudstack] rhtyd commented on pull request #4548: Bug/disk order bug during ingest

rhtyd commented on pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#issuecomment-747902832 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please

[GitHub] [cloudstack] blueorangutan commented on pull request #4524: Display lb rule name instead of uuid

blueorangutan commented on pull request #4524: URL: https://github.com/apache/cloudstack/pull/4524#issuecomment-747903068 Packaging result: ✔centos7 ✔centos8 ✔debian. JID-2499 This is an automated message from the Apache Git

[GitHub] [cloudstack] blueorangutan commented on pull request #4548: Bug/disk order bug during ingest

blueorangutan commented on pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#issuecomment-747903125 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests Thi

[GitHub] [cloudstack] shwstppr commented on a change in pull request #4548: Bug/disk order bug during ingest

shwstppr commented on a change in pull request #4548: URL: https://github.com/apache/cloudstack/pull/4548#discussion_r545605513 ## File path: plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java ## @@ -7274,9 +7274,7 @@ public int c

[GitHub] [cloudstack] Pearl1594 commented on pull request #4551: Cleanup volume information from db when deleted

Pearl1594 commented on pull request #4551: URL: https://github.com/apache/cloudstack/pull/4551#issuecomment-747909545 @weizhouapache thanks for the pointers 1. The logic for cleaning up the volume on expiration of the download url is still as is, but this just removes any dangling volume

[GitHub] [cloudstack] blueorangutan commented on pull request #4551: Cleanup volume information from db when deleted

blueorangutan commented on pull request #4551: URL: https://github.com/apache/cloudstack/pull/4551#issuecomment-747910723 Packaging result: ✔centos7 ✔centos8 ✔debian. JID-2500 This is an automated message from the Apache Git