This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new ec2dd10 Automated deployment: 0bdc77b3817456eabe5c1d7d49a38ab3faa04953
ec2dd10 is described below
commit ec2dd1055e9f3f179d1d8877c3d467d633eee5c1
Author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AuthorDate: Tue Oct 26 03:30:26 2021 +0000
Automated deployment: 0bdc77b3817456eabe5c1d7d49a38ab3faa04953
---
build/blog.964b5af.js | 1 +
build/blog.9a24a9e.js | 1 -
...DolphinScheduler Vulnerability Explanation.html | 52 ++++++++++++++++++++++
...DolphinScheduler Vulnerability Explanation.json | 6 +++
en-us/blog/index.html | 4 +-
...3\205\345\206\265\350\257\264\346\230\216.html" | 52 ++++++++++++++++++++++
...3\205\345\206\265\350\257\264\346\230\216.json" | 6 +++
zh-cn/blog/index.html | 4 +-
8 files changed, 121 insertions(+), 5 deletions(-)
diff --git a/build/blog.964b5af.js b/build/blog.964b5af.js
new file mode 100644
index 0000000..909f417
--- /dev/null
+++ b/build/blog.964b5af.js
@@ -0,0 +1 @@
+webpackJsonp([2],{1:function(e,t){e.exports=React},2:function(e,t){e.exports=ReactDOM},399:function(e,t,n){e.exports=n(400)},400:function(e,t,n){"use
strict";function r(e){return e&&e.__esModule?e:{default:e}}function
l(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a
function")}function a(e,t){if(!e)throw new ReferenceError("this hasn't been
initialised - super() hasn't been called");return!t||"object"!=typeof
t&&"function"!=typeof t?e:t}function o(e,t){if("functi [...]
\ No newline at end of file
diff --git a/build/blog.9a24a9e.js b/build/blog.9a24a9e.js
deleted file mode 100644
index 39d6f8b..0000000
--- a/build/blog.9a24a9e.js
+++ /dev/null
@@ -1 +0,0 @@
-webpackJsonp([2],{1:function(e,t){e.exports=React},2:function(e,t){e.exports=ReactDOM},399:function(e,t,n){e.exports=n(400)},400:function(e,t,n){"use
strict";function r(e){return e&&e.__esModule?e:{default:e}}function
o(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a
function")}function a(e,t){if(!e)throw new ReferenceError("this hasn't been
initialised - super() hasn't been called");return!t||"object"!=typeof
t&&"function"!=typeof t?e:t}function l(e,t){if("functi [...]
\ No newline at end of file
diff --git a/en-us/blog/DolphinScheduler Vulnerability Explanation.html
b/en-us/blog/DolphinScheduler Vulnerability Explanation.html
new file mode 100644
index 0000000..9440ee4
--- /dev/null
+++ b/en-us/blog/DolphinScheduler Vulnerability Explanation.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0,
maximum-scale=1.0, user-scalable=no">
+ <meta name="keywords" content="DolphinScheduler Vulnerability Explanation">
+ <meta name="description" content="DolphinScheduler Vulnerability
Explanation">
+ <title>DolphinScheduler Vulnerability Explanation</title>
+ <link rel="shortcut icon" href="/img/favicon.ico">
+ <link rel="stylesheet" href="/build/vendor.e328afe.css">
+ <link rel="stylesheet" href="/build/blog.md.fd8b187.css">
+</head>
+<body>
+ <div id="root"><div class="blog-detail-page" data-reactroot=""><header
class="header-container header-container-dark"><div class="header-body"><a
href="/en-us/index.html"><img class="logo" src="/img/hlogo_white.svg"/></a><div
class="search search-dark"><span class="icon-search"></span></div><span
class="language-switch language-switch-dark">中</span><div
class="header-menu"><img class="header-menu-toggle"
src="/img/system/menu_white.png"/><div><ul class="ant-menu whiteClass
ant-menu-lig [...]
+<p>The Apache DolphinScheduler community mailing list recently reported a
vulnerability. Considering that many users have not subscribed to this mailing
list, we hereby explain the situation:</p>
+<p>CVE-2021-27644</p>
+<p>Importance: Low</p>
+<p>Scope of impact: The exposed service is on the external network and the
internal account is leaked. If none of the above, the user can decide whether
to upgrade according to the actual demand.</p>
+<p>Affected version: <1.3.6</p>
+<p>Vulnerability description:</p>
+<p>This problem is caused by a vulnerability in mysql connectorj. Logged-in
users of DolphinScheduler (users who are not logged in cannot perform this
operation. It is recommended that companies conduct account security
specifications) can fill in malicious parameters that cause security risks on
the data source management page-Mysql data source. (Not affected if Mysql data
source is not used)</p>
+<p>Repair suggestion: upgrade to version >=1.3.6</p>
+<p>Special thanks to</p>
+<p>Special thanks to the reporter of the vulnerability: Jin Chen from the Ant
Security FG Lab, who restored the process of the vulnerability and provided the
corresponding solution. The whole process showed the skills and expertise of
professional security personnel, thanks for their contributions to the security
guard of open source projects.</p>
+<p>Suggest</p>
+<p>Thanks to users for choosing Apache DolphinScheduler as the big data task
scheduling system in enterprises, but it must be reminded that the scheduling
system belongs to the core infrastructure of big data construction, please do
not expose it to the external network. In addition, security measures should be
taken for the account of internal personnel in the enterprise to reduce the
risk of account leakage.</p>
+<p>Contribute</p>
+<p>So far, the Apache DolphinScheduler community has nearly 200+ code
contributors and 70+ non-code contributors. Among them, there are also PMC or
Committer of other top Apache projects. We embrace more partners to participate
in the development of the open source community, working together to build a
more stable, safe and reliable big data task scheduling system, and also
contributing yourself to the rise of China's open source!</p>
+<p>WebSite: <a
href="https://dolphinscheduler.apache.org/";>https://dolphinscheduler.apache.org/</a></p>
+<p>MailList: dev@[email protected]</p>
+<p>Twitter: @DolphinSchedule</p>
+<p>YouTube: <a
href="https://www.youtube.com/channel/UCmrPmeE7dVqo8DYhSLHa0vA";>https://www.youtube.com/channel/UCmrPmeE7dVqo8DYhSLHa0vA</a></p>
+<p>Slack: <a
href="https://s.apache.org/dolphinscheduler-slack";>https://s.apache.org/dolphinscheduler-slack</a></p>
+<p>Contributor Guide: <a
href="https://dolphinscheduler.apache.org/en-us/community/index.html";>https://dolphinscheduler.apache.org/en-us/community/index.html</a></p>
+<p>If you have any questions about the vulnerability, welcome to participate
in the discussion and we will wholeheartedly resolve your problems.</p>
+</section><footer class="footer-container"><div
class="footer-body"><div><h3>About us</h3><h4>Do you need feedback? Please
contact us through the following ways.</h4></div><div
class="contact-container"><ul><li><img class="img-base"
src="/img/emailgray.png"/><img class="img-change" src="/img/emailblue.png"/><a
href="/en-us/community/development/subscribe.html"><p>Email
List</p></a></li><li><img class="img-base" src="/img/twittergray.png"/><img
class="img-change" src="/img/twitterblue.png [...]
+ <script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-with-addons.min.js"></script>
+ <script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-dom.min.js"></script>
+ <script>window.rootPath = '';</script>
+ <script src="/build/vendor.e6fe67a.js"></script>
+ <script src="/build/blog.md.79dd3d0.js"></script>
+ <script>
+ var _hmt = _hmt || [];
+ (function() {
+ var hm = document.createElement("script");
+ hm.src = "https://hm.baidu.com/hm.js?4e7b4b400dd31fa015018a435c64d06f";;
+ var s = document.getElementsByTagName("script")[0];
+ s.parentNode.insertBefore(hm, s);
+ })();
+ </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/en-us/blog/DolphinScheduler Vulnerability Explanation.json
b/en-us/blog/DolphinScheduler Vulnerability Explanation.json
new file mode 100644
index 0000000..4a273b5
--- /dev/null
+++ b/en-us/blog/DolphinScheduler Vulnerability Explanation.json
@@ -0,0 +1,6 @@
+{
+ "filename": "DolphinScheduler Vulnerability Explanation.md",
+ "__html": "<p>[Security Notice] [Low:impact] DolphinScheduler Vulnerability
Explanation</p>\n<p>The Apache DolphinScheduler community mailing list recently
reported a vulnerability. Considering that many users have not subscribed to
this mailing list, we hereby explain the
situation:</p>\n<p>CVE-2021-27644</p>\n<p>Importance: Low</p>\n<p>Scope of
impact: The exposed service is on the external network and the internal account
is leaked. If none of the above, the user can decide whether [...]
+ "link": "/dist/en-us/blog/DolphinScheduler Vulnerability Explanation.html",
+ "meta": {}
+}
\ No newline at end of file
diff --git a/en-us/blog/index.html b/en-us/blog/index.html
index 470c4cc..0305147 100644
--- a/en-us/blog/index.html
+++ b/en-us/blog/index.html
@@ -11,12 +11,12 @@
<link rel="stylesheet" href="/build/blog.acc2955.css">
</head>
<body>
- <div id="root"><div class="blog-list-page" data-reactroot=""><header
class="header-container header-container-dark"><div class="header-body"><a
href="/en-us/index.html"><img class="logo" src="/img/hlogo_white.svg"/></a><div
class="search search-dark"><span class="icon-search"></span></div><span
class="language-switch language-switch-dark">中</span><div
class="header-menu"><img class="header-menu-toggle"
src="/img/system/menu_white.png"/><div><ul class="ant-menu whiteClass
ant-menu-light [...]
+ <div id="root"><div class="blog-list-page" data-reactroot=""><header
class="header-container header-container-dark"><div class="header-body"><a
href="/en-us/index.html"><img class="logo" src="/img/hlogo_white.svg"/></a><div
class="search search-dark"><span class="icon-search"></span></div><span
class="language-switch language-switch-dark">中</span><div
class="header-menu"><img class="header-menu-toggle"
src="/img/system/menu_white.png"/><div><ul class="ant-menu whiteClass
ant-menu-light [...]
<script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-with-addons.min.js"></script>
<script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-dom.min.js"></script>
<script>window.rootPath = '';</script>
<script src="/build/vendor.e6fe67a.js"></script>
- <script src="/build/blog.9a24a9e.js"></script>
+ <script src="/build/blog.964b5af.js"></script>
<script>
var _hmt = _hmt || [];
(function() {
diff --git
"a/zh-cn/blog/DolphinScheduler\346\274\217\346\264\236\346\203\205\345\206\265\350\257\264\346\230\216.html"
"b/zh-cn/blog/DolphinScheduler\346\274\217\346\264\236\346\203\205\345\206\265\350\257\264\346\230\216.html"
new file mode 100644
index 0000000..2108741
--- /dev/null
+++
"b/zh-cn/blog/DolphinScheduler\346\274\217\346\264\236\346\203\205\345\206\265\350\257\264\346\230\216.html"
@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0,
maximum-scale=1.0, user-scalable=no">
+ <meta name="keywords" content="DolphinScheduler漏洞情况说明">
+ <meta name="description" content="DolphinScheduler漏洞情况说明">
+ <title>DolphinScheduler漏洞情况说明</title>
+ <link rel="shortcut icon" href="/img/favicon.ico">
+ <link rel="stylesheet" href="/build/vendor.e328afe.css">
+ <link rel="stylesheet" href="/build/blog.md.fd8b187.css">
+</head>
+<body>
+ <div id="root"><div class="blog-detail-page" data-reactroot=""><header
class="header-container header-container-dark"><div class="header-body"><a
href="/zh-cn/index.html"><img class="logo" src="/img/hlogo_white.svg"/></a><div
class="search search-dark"><span class="icon-search"></span></div><span
class="language-switch language-switch-dark">En</span><div
class="header-menu"><img class="header-menu-toggle"
src="/img/system/menu_white.png"/><div><ul class="ant-menu whiteClass
ant-menu-li [...]
+<p>Apache DolphinScheduler 社区邮件列表最近通告了 1个漏洞,考虑到有很多用户并未订阅此邮
件列表,我们特地在此进行情况说明:</p>
+<p>CVE-2021-27644</p>
+<p>重要程度: 低</p>
+<p>影响范围: 暴露服务在外网中、且内部账号泄露。如果无上述情况,用户可根据实际情况决定是否需要升级。</p>
+<p>影响版本: <1.3.6</p>
+<p>漏洞说明:</p>
+<p>此问题是由于mysql connectorj
漏洞引起的,DolphinScheduler登陆用户(未登录用户无法执行此操作,建议企业做好账号安全规范)可在数据源管理页面-Mysql数据源填写恶意参数,导致安全隐患。(未使用Mysql数据源的不影响)</p>
+<p>修复建议: 升级到>=1.3.6版本</p>
+<p>特别感谢</p>
+<p>特别感谢漏洞报告者:来自蚂蚁安全非攻实验室的锦辰同学,他提供了漏洞的还原过程以及对应的解决方案。整个过程呈现了专业安全人员的技能和高素质,感谢他们为开源项目的安全守护所作出的贡献。</p>
+<p>建议</p>
+<p>十分感谢广大用户选择 Apache DolphinScheduler
作为企业的大数据任务调度系统,但必须要提醒的是调度系统属于大数据建设中核心基础设施,请不要将其暴露在外网中。此外应该对企业内部人员账号做好安全措施,降低账号泄露的风险。</p>
+<p>贡献</p>
+<p>迄今为止,Apache DolphinScheduler 社区已经有近200+
位代码贡献者,70+位非代码贡献者。其中也不乏其他Apache顶级项目的PMC或者Committer,非常欢迎更多伙伴也能参与到开源社区建设中来,为建造一个更加稳定安全可靠的大数据任务调度系统而努力,同时也为中国开源崛起献上自己的一份力量!</p>
+<p>WebSite :<a
href="https://dolphinscheduler.apache.org/";>https://dolphinscheduler.apache.org/</a></p>
+<p>MailList :dev@[email protected]</p>
+<p>Twitter :@DolphinSchedule</p>
+<p>YouTube :<a
href="https://www.youtube.com/channel/UCmrPmeE7dVqo8DYhSLHa0vA";>https://www.youtube.com/channel/UCmrPmeE7dVqo8DYhSLHa0vA</a></p>
+<p>Slack :<a
href="https://s.apache.org/dolphinscheduler-slack";>https://s.apache.org/dolphinscheduler-slack</a></p>
+<p>Contributor Guide:<a
href="https://dolphinscheduler.apache.org/en-us/community/index.html";>https://dolphinscheduler.apache.org/en-us/community/index.html</a></p>
+<p>如果对漏洞有任何疑问,欢迎参与讨论,竭诚解决大家的疑虑:</p>
+</section><footer class="footer-container"><div
class="footer-body"><div><h3>联系我们</h3><h4>有问题需要反馈?请通过以下方式联系我们。</h4></div><div
class="contact-container"><ul><li><img class="img-base"
src="/img/emailgray.png"/><img class="img-change" src="/img/emailblue.png"/><a
href="/zh-cn/community/development/subscribe.html"><p>邮件列表</p></a></li><li><img
class="img-base" src="/img/twittergray.png"/><img class="img-change"
src="/img/twitterblue.png"/><a
href="https://twitter.com/dolphinschedule";><p>Twitt [...]
+ <script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-with-addons.min.js"></script>
+ <script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-dom.min.js"></script>
+ <script>window.rootPath = '';</script>
+ <script src="/build/vendor.e6fe67a.js"></script>
+ <script src="/build/blog.md.79dd3d0.js"></script>
+ <script>
+ var _hmt = _hmt || [];
+ (function() {
+ var hm = document.createElement("script");
+ hm.src = "https://hm.baidu.com/hm.js?4e7b4b400dd31fa015018a435c64d06f";;
+ var s = document.getElementsByTagName("script")[0];
+ s.parentNode.insertBefore(hm, s);
+ })();
+ </script>
+</body>
+</html>
\ No newline at end of file
diff --git
"a/zh-cn/blog/DolphinScheduler\346\274\217\346\264\236\346\203\205\345\206\265\350\257\264\346\230\216.json"
"b/zh-cn/blog/DolphinScheduler\346\274\217\346\264\236\346\203\205\345\206\265\350\257\264\346\230\216.json"
new file mode 100644
index 0000000..719d128
--- /dev/null
+++
"b/zh-cn/blog/DolphinScheduler\346\274\217\346\264\236\346\203\205\345\206\265\350\257\264\346\230\216.json"
@@ -0,0 +1,6 @@
+{
+ "filename": "DolphinScheduler漏洞情况说明.md",
+ "__html": "<p>【安全通报】【影响程度:低】DolphinScheduler 漏洞情况说明</p>\n<p>Apache
DolphinScheduler 社区邮件列表最近通告了 1个漏洞,考虑到有很多用户并未订阅此邮
件列表,我们特地在此进行情况说明:</p>\n<p>CVE-2021-27644</p>\n<p>重要程度: 低</p>\n<p>影响范围:
暴露服务在外网中、且内部账号泄露。如果无上述情况,用户可根据实际情况决定是否需要升级。</p>\n<p>影响版本:
<1.3.6</p>\n<p>漏洞说明:</p>\n<p>此问题是由于mysql connectorj
漏洞引起的,DolphinScheduler登陆用户(未登录用户无法执行此操作,建议企业做好账号安全规范)可在数据源管理页面-Mysql数据源填写恶意参数,导致安全隐患。(未使用Mysql数据源的不影响)</p>\n<p>修复建议:
升级到>=1.3.6版本</p>\n<p>特别感谢</p>\n<p>特别感谢漏洞报告者:来自蚂蚁安全非攻实验室的锦辰同学,他提供�
��漏洞的还原 [...]
+ "link": "/dist/zh-cn/blog/DolphinScheduler漏洞情况说明.html",
+ "meta": {}
+}
\ No newline at end of file
diff --git a/zh-cn/blog/index.html b/zh-cn/blog/index.html
index ee6a40a..5bd687b 100644
--- a/zh-cn/blog/index.html
+++ b/zh-cn/blog/index.html
@@ -11,12 +11,12 @@
<link rel="stylesheet" href="/build/blog.acc2955.css">
</head>
<body>
- <div id="root"><div class="blog-list-page" data-reactroot=""><header
class="header-container header-container-dark"><div class="header-body"><a
href="/zh-cn/index.html"><img class="logo" src="/img/hlogo_white.svg"/></a><div
class="search search-dark"><span class="icon-search"></span></div><span
class="language-switch language-switch-dark">En</span><div
class="header-menu"><img class="header-menu-toggle"
src="/img/system/menu_white.png"/><div><ul class="ant-menu whiteClass
ant-menu-ligh [...]
+ <div id="root"><div class="blog-list-page" data-reactroot=""><header
class="header-container header-container-dark"><div class="header-body"><a
href="/zh-cn/index.html"><img class="logo" src="/img/hlogo_white.svg"/></a><div
class="search search-dark"><span class="icon-search"></span></div><span
class="language-switch language-switch-dark">En</span><div
class="header-menu"><img class="header-menu-toggle"
src="/img/system/menu_white.png"/><div><ul class="ant-menu whiteClass
ant-menu-ligh [...]
<script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-with-addons.min.js"></script>
<script
src="//cdn.jsdelivr.net/npm/[email protected]/dist/react-dom.min.js"></script>
<script>window.rootPath = '';</script>
<script src="/build/vendor.e6fe67a.js"></script>
- <script src="/build/blog.9a24a9e.js"></script>
+ <script src="/build/blog.964b5af.js"></script>
<script>
var _hmt = _hmt || [];
(function() {
