[jira] [Updated] (HBASE-16317) revert all ESAPI changes

Wed, 03 Aug 2016 20:51:45 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-16317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Dimiduk updated HBASE-16317:
---------------------------------
    Release Note: This issue reverts fixes designed to prevent malicious 
content from rendering in HBase's UIs. Specifically, these changes shipped in 
1.1.4+ and 1.2.0+. They were removed due to licensing issues discovered in the 
dependencies they introduced. Their implementation and those dependencies have 
been removed from HBase! Removal of these dependencies is against the strict 
definition of our version compatibility guidelines. However, inclusion of 
non-Apache approved licenses cannot be tolerated. Implementation of these fixes 
using an Apache-appropriate means is tracked in HBASE-16328.  (was: This issue 
reverts fixes designed to prevent malicious content from rendering in HBase's 
UIs. Specifically, these changes shipped in 1.1.4+ and 1.2.0+. They were 
removed due to licensing issues discovered in the dependencies they introduced. 
Their implementation and those dependencies have been removed from HBase! 
Removal of these dependencies is against the strict definition of our version 
compatibility guidelines, however, inclusion of non-Apache approved licenses 
cannot be tolerated. Implementation of these fixes using an Apache-appropriate 
means is tracked in HBASE-16328.)

> revert all ESAPI changes
> ------------------------
>
>                 Key: HBASE-16317
>                 URL: https://issues.apache.org/jira/browse/HBASE-16317
>             Project: HBase
>          Issue Type: Sub-task
>          Components: dependencies, security
>            Reporter: Sean Busbey
>            Assignee: Nick Dimiduk
>            Priority: Blocker
>             Fix For: 2.0.0, 1.3.0, 1.4.0, 1.1.6, 1.2.3
>
>         Attachments: HBASE-16317.v00.branch-1.1.patch, 
> HBASE-16317.v00.branch-1.2.patch, HBASE-16317.v00.branch-1.3.patch, 
> HBASE-16317.v00.branch-1.patch, HBASE-16317.v00.master.patch
>
>
> to unblock releases, we'll start cleaning up the category-x problem by 
> reverting all the ESAPI changes.
> we should try to include a release note with what this means we'll be 
> vulnerable to.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to