Explain that UDF security manager will be coming in 3.0
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/61bea5a0 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/61bea5a0 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/61bea5a0 Branch: refs/heads/trunk Commit: 61bea5a0d944ef446c0187796db7b33f0d872da5 Parents: 7aafe05 Author: Jonathan Ellis <[email protected]> Authored: Wed May 27 17:02:01 2015 -0500 Committer: Jonathan Ellis <[email protected]> Committed: Wed May 27 17:02:06 2015 -0500 ---------------------------------------------------------------------- NEWS.txt | 11 ++++++++--- conf/cassandra.yaml | 6 ++++-- 2 files changed, 12 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/NEWS.txt ---------------------------------------------------------------------- diff --git a/NEWS.txt b/NEWS.txt index 98f0499..cc80cc1 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -53,9 +53,14 @@ New features been added to CQL. ************************************************************************ IMPORTANT NOTE: user-defined functions can be used to execute - arbitrary and possibly evil code in Cassandra 2.2-beta1. - To enable UDFs edit cassandra.yaml and set enable_user_defined_functions - to true. CASSANDRA-9402 will add a security manager for UDFs. + arbitrary and possibly evil code in Cassandra 2.2, and are + therefore disabled by default. To enable UDFs edit + cassandra.yaml and set enable_user_defined_functions to true. + + CASSANDRA-9402 will add a security manager for UDFs in Cassandra + 3.0. This will inherently be backwards-incompatible with any 2.2 + UDF that perform insecure operations such as opening a socket or + writing to the filesystem. ************************************************************************ - Row-cache is now fully off-heap. - jemalloc is now automatically preloaded and used on Linux and OS-X if http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/conf/cassandra.yaml ---------------------------------------------------------------------- diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml index fb103fa..04a78bd 100644 --- a/conf/cassandra.yaml +++ b/conf/cassandra.yaml @@ -845,6 +845,8 @@ tracetype_query_ttl: 86400 tracetype_repair_ttl: 604800 # UDFs (user defined functions) are disabled by default. -# As of Cassandra 2.2-beta1, there is no security manager or anything else in place that -# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 2.2-rc1. +# As of Cassandra 2.2, there is no security manager or anything else in place that +# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 3.0. +# This will inherently be backwards-incompatible with any 2.2 UDF that perform insecure +# operations such as opening a socket or writing to the filesystem. enable_user_defined_functions: false
