----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56685/#review165657 -----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java (line 513) <https://reviews.apache.org/r/56685/#comment237523> I searched for ```CVE-2014-3582``` on the web but couldn't find a detailed description of this vulnerability. Should a direct link be listed here that points to the detailed description. - Sebastian Toader On Feb. 14, 2017, 11:06 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56685/ > ----------------------------------------------------------- > > (Updated Feb. 14, 2017, 11:06 p.m.) > > > Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene > Chekanskiy, Laszlo Puskas, and Sebastian Toader. > > > Bugs: AMBARI-20018 > https://issues.apache.org/jira/browse/AMBARI-20018 > > > Repository: ambari > > > Description > ------- > > Document security issue related to setting security.agent.hostname.validate > to "false". > > If set to "false", invalid hostnames may be used in OpenSSL commands used to > create the agent-side certificates when 2-way SSL is enabled. This could lead > to issues when executing OpenSSL as described in CVE-2014-3582. See > https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities. > > > Diffs > ----- > > ambari-server/docs/configuration/index.md 50864f2 > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > 5020790 > > Diff: https://reviews.apache.org/r/56685/diff/ > > > Testing > ------- > > No testing necessary. Documentation change, only. > > > Thanks, > > Robert Levas > >
