xvrl commented on code in PR #15481: URL: https://github.com/apache/druid/pull/15481#discussion_r1414889366
########## docs/development/extensions-core/druid-ranger-security.md: ########## @@ -21,24 +21,21 @@ title: "Apache Ranger Security" ~ specific language governing permissions and limitations ~ under the License. --> - + This Apache Druid extension adds an Authorizer which implements access control for Druid, backed by [Apache Ranger](https://ranger.apache.org/). Please see [Authentication and Authorization](../../operations/auth.md) for more information on the basic facilities this extension provides. Make sure to [include](../../configuration/extensions.md#loading-extensions) `druid-ranger-security` in the extensions load list. -:::info - The latest release of Apache Ranger is at the time of writing version 2.0. This version has a dependency on `log4j 1.2.17` which has a vulnerability if you configure it to use a `SocketServer` (CVE-2019-17571). Next to that, it also includes Kafka 2.0.0 which has 2 known vulnerabilities (CVE-2019-12399, CVE-2018-17196). Kafka can be used by the audit component in Ranger, but is not required. Review Comment: duh, my bad -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
