[jira] [Commented] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367564#comment-16367564 ] Ariel Weisberg commented on CASSANDRA-14183: Thanks for catching that. > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 4.0, 2.1.21, 2.2.13, 3.0.17, 3.11.3 > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16365000#comment-16365000 ] Michael Shuler commented on CASSANDRA-14183: I committed the license file renames for trunk in [81ac654|https://github.com/apache/cassandra/commit/81ac654ff82f9149bc3265a18bfbdd6fbd2073f0] > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 4.0, 2.1.21, 2.2.13, 3.0.17, 3.11.3 > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364540#comment-16364540 ] Ariel Weisberg commented on CASSANDRA-14183: +1 on Michael's patch. > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364525#comment-16364525 ] Jason Brown commented on CASSANDRA-14183: - I'm +1 on the NEWS.txt changes. > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364442#comment-16364442 ] Ariel Weisberg commented on CASSANDRA-14183: Trunk updates: https://github.com/apache/cassandra/compare/trunk...aweisberg:cassandra-14183-trunk?expand=1 https://circleci.com/gh/aweisberg/cassandra/tree/cassandra-14183-trunk NEWS.txt update for 2.1.21 to be merged forward https://github.com/apache/cassandra/compare/cassandra-2.1...aweisberg:cassandra-14183-2.1?expand=1 > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org