----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57553/#review174298 -----------------------------------------------------------
Ship it! - Qiang Zhang On March 13, 2017, 10:39 a.m., Colm O hEigeartaigh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57553/ > ----------------------------------------------------------- > > (Updated March 13, 2017, 10:39 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-1450 > https://issues.apache.org/jira/browse/RANGER-1450 > > > Repository: ranger > > > Description > ------- > > This task is to avoid potential path traversal attacks when parsing XML > configuration files. The fix is just to take the last part of the "path" that > is supplied. > > > Diffs > ----- > > agents-common/src/main/java/org/apache/ranger/plugin/util/XMLUtils.java > 4647004 > > > Diff: https://reviews.apache.org/r/57553/diff/1/ > > > Testing > ------- > > > Thanks, > > Colm O hEigeartaigh > >
