Konstantin Boudnik created IGNITE-5413: ------------------------------------------
Summary: Ignite shouldn't expose nor send (clear-text) env variables to a 3rd endpoint Key: IGNITE-5413 URL: https://issues.apache.org/jira/browse/IGNITE-5413 Project: Ignite Issue Type: Bug Components: general Affects Versions: 1.1.4 Reporter: Konstantin Boudnik Priority: Blocker Fix For: 2.1 Apache Ignite is periodically accessing to https://ignite.run/update_status_ignite-plain-text.php It is enabled by default at least in org.apache.ignite:ignite-core:1.9.0, but of course it has been happening for a long time. Corresponding code is https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/ClusterProcessor.java#L81-L82 Posting JVM env variable (or any other user's specific information) without an explicit user's consent is a bad idea and should be disabled by default. See https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java#L313 for more details. -- This message was sent by Atlassian JIRA (v6.3.15#6346)