The Apache Qpid (https://qpid.apache.org) community is pleased to
announce the immediate availability of Apache Qpid Dispatch 1.18.0.
Qpid Dispatch is a router for the Advanced Message Queuing Protocol
1.0 (AMQP 1.0, ISO/IEC 19464, https://www.amqp.org). It provides a
flexible and scalable
Happy Friday, everyone. The Apache community has had another great
week. Let's review what we've been up to:
ASF Board – management and oversight of the business affairs of the
corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 15 December 2021. Board calendar and
The Apache Jackrabbit community is pleased to announce the release of
Apache Jackrabbit Oak 1.6.22. The release is available for download at:
http://jackrabbit.apache.org/downloads.html
See the full release notes below for details about this release:
Release Notes -- Apache Jackrabbit
Description:
Ozone Datanode doesn't check the access mode parameter of the block token.
Authenticated users with valid READ block token can do any write operation on
the same block.
This issue is being tracked as HDDS-4558,HDDS-4644
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Severity: moderate
Description:
Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a
bug, any unauthenticated user can access the data from these endpoints.
This issue is being tracked as HDDS-5691
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Description:
Authenticated users with valid Ozone S3 credentials can create specific OM
requests, impersonating any other user.
This issue is being tracked as HDDS-4763
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone would like to thank Marton Elek for
Description:
Authenticated users knowing the ID of an existing block can craft specific
request allowing access those blocks, bypassing other security checks like ACL.
This issue is being tracked as HDDS-5061
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone
Description:
Container related Datanode requests of Ozone Datanode were not properly
authorized and can be called by any client.
This issue is being tracked as HDDS-4729,HDDS-5236
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone would like to thank Marton Elek
Description:
Certain admin related SCM commands can be executed by any authenticated users,
not just by admins.
This issue is being tracked as HDDS-4530
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone would like to thank Wei-Chiu Chuang for reporting this
Description:
Various internal server-to-server RPC endpoints are available for connections,
making it possible for an attacker to download raw data from Datanode and Ozone
manager and modify Ratis replication configuration.
This issue is being tracked as
Description:
Initially generated block tokens are persisted to the metadata database and can
be retrieved with authenticated users with permission to the key. Authenticated
users may use them even after access is revoked.
This issue is being tracked as HDDS-5315
Mitigation:
Upgrade to
11 matches
Mail list logo