[
https://issues.apache.org/jira/browse/HBASE-16317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Dimiduk updated HBASE-16317:
---------------------------------
Release Note: This issue reverts fixes designed to prevent malicious
content from rendering in HBase's UIs. Specifically, these changes shipped in
1.1.4+ and 1.2.0+. They were removed due to licensing issues discovered in the
dependencies they introduced. Their implementation and those dependencies have
been removed from HBase! Removal of these dependencies is against the strict
definition of our version compatibility guidelines, however, inclusion of
non-Apache approved licenses cannot be tolerated. Implementation of these fixes
using an Apache-appropriate means is tracked in HBASE-16328. (was: This issue
reverts various fixed designed to prevent malicious content from rendering in
HBase's UIs. Specifically, these changes shipped in 1.1.4+ and 1.2.0+. They
were removed due to licensing issues discovered in dependencies they
introduced. Their implementation and those dependencies have been removed from
HBase! Implementation of these fixes using an Apache-appropriate means is
tracked in HBASE-16328.)
> revert all ESAPI changes
> ------------------------
>
> Key: HBASE-16317
> URL: https://issues.apache.org/jira/browse/HBASE-16317
> Project: HBase
> Issue Type: Sub-task
> Components: dependencies, security
> Reporter: Sean Busbey
> Assignee: Nick Dimiduk
> Priority: Blocker
> Fix For: 2.0.0, 1.3.0, 1.4.0, 1.1.6, 1.2.3
>
> Attachments: HBASE-16317.v00.branch-1.1.patch,
> HBASE-16317.v00.branch-1.2.patch, HBASE-16317.v00.branch-1.3.patch,
> HBASE-16317.v00.branch-1.patch, HBASE-16317.v00.master.patch
>
>
> to unblock releases, we'll start cleaning up the category-x problem by
> reverting all the ESAPI changes.
> we should try to include a release note with what this means we'll be
> vulnerable to.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
