[jira] [Created] (IGNITE-5413) Ignite shouldn't expose nor send (clear-text) env variables to a 3rd endpoint

Konstantin Boudnik (JIRA) Mon, 05 Jun 2017 18:04:25 -0700

Konstantin Boudnik created IGNITE-5413:
------------------------------------------


             Summary: Ignite shouldn't expose nor send (clear-text) env 
variables to a 3rd endpoint
                 Key: IGNITE-5413
                 URL: https://issues.apache.org/jira/browse/IGNITE-5413
             Project: Ignite
          Issue Type: Bug
          Components: general
    Affects Versions: 1.1.4
            Reporter: Konstantin Boudnik
            Priority: Blocker
             Fix For: 2.1


Apache Ignite is periodically accessing to 
https://ignite.run/update_status_ignite-plain-text.php

It is enabled by default at least in org.apache.ignite:ignite-core:1.9.0, but 
of course it has been happening for a long time.

Corresponding code is 
https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/ClusterProcessor.java#L81-L82

Posting JVM env variable (or any other user's specific information) without an 
explicit user's consent is a bad idea and should be disabled by default. 
See  
https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java#L313
for more details.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (IGNITE-5413) Ignite shouldn't expose nor send (clear-text) env variables to a 3rd endpoint

Reply via email to