This is an automated email from the ASF dual-hosted git repository. mck pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 9a24fa81e5f44476c9994b9d9a7aabf9b89f3f8b Merge: a124f099e0 95d0a936f9 Author: Mick Semb Wever <[email protected]> AuthorDate: Tue Oct 18 22:53:05 2022 +0200 Merge branch 'cassandra-3.11' into cassandra-4.0 * cassandra-3.11: Fix JMX security vulnerabilities CHANGES.txt | 1 + ide/idea/workspace.xml | 2 +- .../cassandra/auth/jmx/AuthorizationProxy.java | 70 ++++++++++++++++++++++ 3 files changed, 72 insertions(+), 1 deletion(-) diff --cc CHANGES.txt index d85f0c5357,3e0ab807ec..19fe614a29 --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -13,7 -3,11 +13,8 @@@ Merged from 3.11 * Make LongBufferPoolTest insensitive to timing (CASSANDRA-16681) * Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907) * Fix potential IndexOutOfBoundsException in PagingState in mixed mode clusters (CASSANDRA-17840) - * Document usage of closed token intervals in manual compaction (CASSANDRA-17575) - * Creating of a keyspace on insufficient number of replicas should filter out gosspping-only members (CASSANDRA-17759) - * Only use statically defined subcolumns when determining column definition for supercolumn cell (CASSANDRA-14113) Merged from 3.0: + * Harden JMX by resolving beanshooter issues (CASSANDRA-17921) * Suppress CVE-2019-2684 (CASSANDRA-17965) * Fix auto-completing "WITH" when creating a materialized view (CASSANDRA-17879) * Fix scrubber falling into infinite loop when the last partition is broken (CASSANDRA-17862) diff --cc src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java index 68cff0c12d,f2665085f3..36c552c700 --- a/src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java +++ b/src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java @@@ -23,10 -23,10 +23,11 @@@ import java.security.AccessControlConte import java.security.AccessController; import java.security.Principal; import java.util.Set; +import java.util.function.BooleanSupplier; import java.util.function.Function; -import java.util.function.Supplier; +import java.util.function.Predicate; import java.util.stream.Collectors; + import javax.management.InstanceNotFoundException; import javax.management.MBeanServer; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
