[jira] [Updated] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14183: --- Resolution: Fixed Fix Version/s: (was: 3.11.x) 4.0 3.11.3 3.0.17 2.2.13 2.1.21 Status: Resolved (was: Ready to Commit) Committed as NEWS.txt change in 2.1 -> 3.11 [4bbd28a043f15dd6c19de157acb5950319e8c16c|https://github.com/apache/cassandra/commit/4bbd28a043f15dd6c19de157acb5950319e8c16c] Committed as a logback update with the log ration fix in trunk [c0aa79e5453d64a583ba2197b2ac76d04ecd7020|https://github.com/apache/cassandra/commit/c0aa79e5453d64a583ba2197b2ac76d04ecd7020] Thanks everyone for helping sort this out. > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 2.1.21, 2.2.13, 3.0.17, 3.11.3, 4.0 > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14183: --- Status: Ready to Commit (was: Patch Available) > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14183: --- Description: Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security vulnerability described here. [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] Also update to logback allows a simple date and size rotation policy to replace the default fixed policy, which is broken by design. was:Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security vulnerability described here. [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] > Also update to logback allows a simple date and size rotation policy to > replace the default fixed policy, which is broken by design. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14183) CVE-2017-5929 Security vulnerability and redefine default log rotation policy
[ https://issues.apache.org/jira/browse/CASSANDRA-14183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14183: --- Summary: CVE-2017-5929 Security vulnerability and redefine default log rotation policy (was: CVE-2017-5929 Security vulnerability) > CVE-2017-5929 Security vulnerability and redefine default log rotation policy > - > > Key: CASSANDRA-14183 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14183 > Project: Cassandra > Issue Type: Improvement > Components: Libraries >Reporter: Thiago Veronezi >Assignee: Thiago Veronezi >Priority: Major > Labels: patch, security > Fix For: 3.11.x > > Attachments: > 0001-Update-to-logback-1.2.3-and-redefine-default-rotatio.patch > > > Cassandra 3.11.1 is patched with logback 1.1.3, which contains the security > vulnerability described here. > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org