This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/asf-site by this push:
new fee8761 Publishing website 2020/01/15 16:17:44 at commit 2b07e0e
fee8761 is described below
commit fee876149279270715efab15ca1880a4dfea6d4d
Author: jenkins <bui...@apache.org>
AuthorDate: Wed Jan 15 16:17:44 2020 +0000
Publishing website 2020/01/15 16:17:44 at commit 2b07e0e
---
.../blog/2020/01/06/beam-2.17.0.html | 6 ++-
website/generated-content/blog/index.html | 4 +-
website/generated-content/feed.xml | 4 +-
.../get-started/beam-overview/index.html | 2 +-
.../get-started/downloads/index.html | 2 +-
website/generated-content/get-started/index.html | 2 +-
.../get-started/mobile-gaming-example/index.html | 2 +-
.../get-started/quickstart-go/index.html | 2 +-
.../get-started/quickstart-java/index.html | 2 +-
.../get-started/quickstart-py/index.html | 2 +-
.../get-started/try-apache-beam/index.html | 2 +-
.../get-started/wordcount-example/index.html | 2 +-
.../security/CVE-2020-1929/index.html | 10 ++++
.../{get-started => security}/index.html | 56 ++++++++++++++--------
14 files changed, 64 insertions(+), 34 deletions(-)
diff --git a/website/generated-content/blog/2020/01/06/beam-2.17.0.html
b/website/generated-content/blog/2020/01/06/beam-2.17.0.html
index af76da5..f133657 100644
--- a/website/generated-content/blog/2020/01/06/beam-2.17.0.html
+++ b/website/generated-content/blog/2020/01/06/beam-2.17.0.html
@@ -29,7 +29,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Apache Beam 2.17.0</title>
- <meta name="description" content="We are happy to present the new 2.17.0
release of Beam. This release includes both improvements and new
functionality.See the download page for this release.">
+ <meta name="description" content="We are happy to present the new 2.17.0
release of Beam. This release includes both improvements and new
functionality.Users of the MongoDbIO connector are en...">
<link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400";
rel="stylesheet">
<link rel="stylesheet" href="/css/site.css">
<script src="https://code.jquery.com/jquery-2.2.4.min.js";></script>
@@ -192,7 +192,9 @@ limitations under the License.
-->
<p>We are happy to present the new 2.17.0 release of Beam. This release
includes both improvements and new functionality.
-See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a>
for this release.<!--more-->
+Users of the MongoDbIO connector are encouraged to upgrade to this release to
address a <a href="/security/CVE-2020-1929/">security vulnerability</a>.</p>
+
+<p>See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a>
for this release.<!--more-->
For more information on changes in 2.17.0, check out the
<a
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12345970&projectId=12319527";>detailed
release notes</a>.</p>
diff --git a/website/generated-content/blog/index.html
b/website/generated-content/blog/index.html
index 7ab1cc3..731ade7 100644
--- a/website/generated-content/blog/index.html
+++ b/website/generated-content/blog/index.html
@@ -192,7 +192,9 @@ limitations under the License.
-->
<p>We are happy to present the new 2.17.0 release of Beam. This release
includes both improvements and new functionality.
-See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a>
for this release.</p>
+Users of the MongoDbIO connector are encouraged to upgrade to this release to
address a <a href="/security/CVE-2020-1929/">security vulnerability</a>.</p>
+
+<p>See the <a href="/get-started/downloads/#2170-2020-01-06">download page</a>
for this release.</p>
<!-- Render a "read more" button if the post is longer than the excerpt -->
diff --git a/website/generated-content/feed.xml
b/website/generated-content/feed.xml
index 3999c1e..f78451e 100644
--- a/website/generated-content/feed.xml
+++ b/website/generated-content/feed.xml
@@ -36,7 +36,9 @@ limitations under the License.
-->
<p>We are happy to present the new 2.17.0 release of Beam. This release
includes both improvements and new functionality.
-See the <a
href="/get-started/downloads/#2170-2020-01-06">download
page</a> for this release.<!--more-->
+Users of the MongoDbIO connector are encouraged to upgrade to this release to
address a <a href="/security/CVE-2020-1929/">security
vulnerability</a>.</p>
+
+<p>See the <a
href="/get-started/downloads/#2170-2020-01-06">download
page</a> for this release.<!--more-->
For more information on changes in 2.17.0, check out the
<a
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12345970&amp;projectId=12319527">detailed
release notes</a>.</p>
diff --git a/website/generated-content/get-started/beam-overview/index.html
b/website/generated-content/get-started/beam-overview/index.html
index 548d1cb..0c361e0 100644
--- a/website/generated-content/get-started/beam-overview/index.html
+++ b/website/generated-content/get-started/beam-overview/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/downloads/index.html
b/website/generated-content/get-started/downloads/index.html
index 24de743..5dc931c 100644
--- a/website/generated-content/get-started/downloads/index.html
+++ b/website/generated-content/get-started/downloads/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/index.html
b/website/generated-content/get-started/index.html
index 4499cfe..a44072b 100644
--- a/website/generated-content/get-started/index.html
+++ b/website/generated-content/get-started/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git
a/website/generated-content/get-started/mobile-gaming-example/index.html
b/website/generated-content/get-started/mobile-gaming-example/index.html
index 7bd7a53..1468ef1 100644
--- a/website/generated-content/get-started/mobile-gaming-example/index.html
+++ b/website/generated-content/get-started/mobile-gaming-example/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/quickstart-go/index.html
b/website/generated-content/get-started/quickstart-go/index.html
index dc13f66..58822bc 100644
--- a/website/generated-content/get-started/quickstart-go/index.html
+++ b/website/generated-content/get-started/quickstart-go/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/quickstart-java/index.html
b/website/generated-content/get-started/quickstart-java/index.html
index b494c23..b6dfa02 100644
--- a/website/generated-content/get-started/quickstart-java/index.html
+++ b/website/generated-content/get-started/quickstart-java/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/quickstart-py/index.html
b/website/generated-content/get-started/quickstart-py/index.html
index 2dcae86..2429bcb 100644
--- a/website/generated-content/get-started/quickstart-py/index.html
+++ b/website/generated-content/get-started/quickstart-py/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/try-apache-beam/index.html
b/website/generated-content/get-started/try-apache-beam/index.html
index 4514be9..d2018f4 100644
--- a/website/generated-content/get-started/try-apache-beam/index.html
+++ b/website/generated-content/get-started/try-apache-beam/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/get-started/wordcount-example/index.html
b/website/generated-content/get-started/wordcount-example/index.html
index 6e75783..38d2e4c 100644
--- a/website/generated-content/get-started/wordcount-example/index.html
+++ b/website/generated-content/get-started/wordcount-example/index.html
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
diff --git a/website/generated-content/security/CVE-2020-1929/index.html
b/website/generated-content/security/CVE-2020-1929/index.html
new file mode 100644
index 0000000..3101ead
--- /dev/null
+++ b/website/generated-content/security/CVE-2020-1929/index.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en-US">
+<meta charset="utf-8">
+<title>Redirecting…</title>
+<link rel="canonical" href="/security/index.html#cve-2020-1929">
+<meta http-equiv="refresh" content="0; url=/security/index.html#cve-2020-1929">
+<h1>Redirecting…</h1>
+<a href="/security/index.html#cve-2020-1929">Click here if you are not
redirected.</a>
+<script>location="/security/index.html#cve-2020-1929"</script>
+</html>
diff --git a/website/generated-content/get-started/index.html
b/website/generated-content/security/index.html
similarity index 88%
copy from website/generated-content/get-started/index.html
copy to website/generated-content/security/index.html
index 4499cfe..a020fa2 100644
--- a/website/generated-content/get-started/index.html
+++ b/website/generated-content/security/index.html
@@ -28,7 +28,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
- <title>Use Beam</title>
+ <title>Beam Security</title>
<meta name="description" content="Apache Beam is an open source, unified
model and set of language-specific SDKs for defining and executing data
processing workflows, and also data ingestion and integration flows, supporting
Enterprise Integration Patterns (EIPs) and Domain Specific Languages (DSLs).
Dataflow pipelines simplify the mechanics of large-scale batch and streaming
data processing and can run on a number of runtimes like Apache Flink, Apache
Spark, and Google Cloud Dataflow [...]
">
<link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400";
rel="stylesheet">
@@ -42,7 +42,7 @@
<script src="/js/fix-menu.js"></script>
<script src="/js/section-nav.js"></script>
<script src="/js/page-nav.js"></script>
- <link rel="canonical" href="https://beam.apache.org/get-started/";
data-proofer-ignore>
+ <link rel="canonical" href="https://beam.apache.org/security/";
data-proofer-ignore>
<link rel="shortcut icon" type="image/x-icon" href="/images/favicon.ico">
<link rel="alternate" type="application/rss+xml" title="Apache Beam"
href="https://beam.apache.org/feed.xml";>
<link rel="stylesheet"
href="https://use.fontawesome.com/releases/v5.4.1/css/all.css";
integrity="sha384-5sAR7xN1Nv6T6+dT2mhtzEpVJvfS3NScPQTrOxhwjIuvcA67KV2R5Jz6kr4abQsz"
crossorigin="anonymous">
@@ -144,7 +144,7 @@
GitHub links will not resolve until the markdown source is
available on the master branch.
New pages would fail validation during development / PR test
automation.
-->
- <a
href="https://github.com/apache/beam/edit/master/website/src/get-started/index.md";
data-proofer-ignore>
+ <a
href="https://github.com/apache/beam/edit/master/website/src/security/index.md";
data-proofer-ignore>
<i class="far fa-edit fa-lg" alt="Edit on GitHub" title="Edit on
GitHub"></i>
</a>
</li>
@@ -189,7 +189,7 @@
</ul>
</li>
<li><a href="/get-started/downloads">Downloads</a></li>
-
+<li><a href="/security">Security</a></li>
</ul>
</nav>
@@ -210,6 +210,9 @@
+<ul class="nav">
+ <li><a href="#cve-2020-1929">CVE-2020-1929</a></li>
+</ul>
</nav>
@@ -229,33 +232,44 @@ See the License for the specific language governing
permissions and
limitations under the License.
-->
-<h1 id="get-started-with-apache-beam">Get Started with Apache Beam</h1>
-<p>Learn to use Beam to create data processing pipelines that run on supported
processing back-ends:</p>
+<h1 id="reporting-security-issues">Reporting Security Issues</h1>
-<h4 id="beam-overview"><a href="/get-started/beam-overview">Beam
Overview</a></h4>
+<p>Apache Beam uses the standard process outlined by the <a
href="https://www.apache.org/security/";>Apache Security
+Team</a> for reporting vulnerabilities. Note
+that vulnerabilities should not be publicly disclosed until the project has
+responded.</p>
-<p>Learn about the Beam model, the currently available Beam SDKs and Runners,
and Beam’s native I/O connectors.</p>
+<p>To report a possible security vulnerability, please email
+<code class="highlighter-rouge">secur...@apache.org</code> and <code
class="highlighter-rouge">p...@beam.apache.org</code>. This is a non-public list
+that will reach the Beam PMC.</p>
-<h4 id="quickstart-for-java-python-or-go">Quickstart for <a
href="/get-started/quickstart-java">Java</a>, <a
href="/get-started/quickstart-py">Python</a> or <a
href="/get-started/quickstart-go">Go</a></h4>
+<h1 id="known-security-issues">Known Security Issues</h1>
-<p>Learn how to set up a Beam project and run a simple example Beam pipeline
on your local machine.</p>
+<h2 id="cve-2020-1929">CVE-2020-1929</h2>
-<h4 id="example-walkthroughs">Example Walkthroughs</h4>
+<p>[CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust
verification</p>
-<p>See detailed walkthroughs of complete Beam pipelines.</p>
+<p>Severity: Major<br />
+Vendor: The Apache Software Foundation</p>
-<ul>
- <li><a href="/get-started/wordcount-example">WordCount</a>: Simple example
pipelines that demonstrate basic Beam programming, including debugging and
testing</li>
- <li><a href="/get-started/mobile-gaming-example">Mobile Gaming</a>: A series
of more advanced pipelines that demonstrate use cases in the mobile gaming
domain</li>
-</ul>
+<p>Versions Affected:<br />
+Apache Beam 2.10.0 to 2.16.0</p>
-<h4 id="downloads-and-releases"><a href="/get-started/downloads">Downloads and
Releases</a></h4>
+<p>Description:<br />
+The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to
+disable SSL trust verification. However this configuration is not respected and
+the certificate verification disables trust verification in every case. This
+exclusion also gets registered globally which disables trust checking for any
+code running in the same JVM.</p>
-<p>Find download links and information on the latest Beam releases, including
versioning and release notes.</p>
-
-<h4 id="support"><a href="/get-started/support">Support</a></h4>
+<p>Mitigation:<br />
+Users of the affected versions should apply one of the following
mitigations:</p>
+<ul>
+ <li>Upgrade to Apache Beam 2.17.0 or later</li>
+</ul>
-<p>Find resources, such as mailing lists and issue tracking, to help you use
Beam. Ask questions and discuss topics via <a
href="http://stackoverflow.com/questions/tagged/apache-beam";>Stack Overflow</a>
or on Beam’s <a href="http://apachebeam.slack.com";>Slack Channel</a>.</p>
+<p>Acknowledgements:<br />
+This issue was reported (and fixed) by Colm Ó hÉigeartaigh.</p>
</div>
</div>
