+1 to this being a serious bug. As a large user, if we used internal
passwords, this would completely prevent me from using Cassandra native
audit log capabilities. Disabling DCL is not a great option, as DCL is
probably the most needed auditable event.
If this is on by default (not sure of
> I am on the side of "this sounds like a really bad bug" for the audit
pieces, maybe less so than FQL. Anyone using audit for real probably has
meaningful audit requirements, which means they're in an industry where
they get audited for security, which means logging passwords is a big deal.
+1.
I am on the side of "this sounds like a really bad bug" for the audit
pieces, maybe less so than FQL. Anyone using audit for real probably has
meaningful audit requirements, which means they're in an industry where
they get audited for security, which means logging passwords is a big deal.
On
I think it can be argued that this is a pretty serious bug for a newly
introduced feature, and qualifies for inclusion in an RC, but I don’t
personally have a strong opinion on if this should happen.
I can’t imagine how this would be an _exception_ for inclusion in 4.0.1 though.
From: Mick
On Fri, Jun 4, 2021 at 8:53 AM Ekaterina Dimitrova
wrote:
> One more point - if we keep the workaround, that should be documented with
> big red letters for the users.
>
>
Agree with addressing this with some docs.
Good catch, Stefan. Per your question on obsfucation - IMO, IME passwords
should
Thanks for raising this Stefan.
> While I humbly think this is 4.0-worthy, the process we have, as far
> as I know, is that there should be only critical fixes in 4.0 so I
> guess this will go to 4.0.1, right? Or does this qualify to go to 4.0
> still?
>
I believe the question here is whether
One more point - if we keep the workaround, that should be documented with
big red letters for the users.
On Thu, 3 Jun 2021 at 16:38, Ekaterina Dimitrova
wrote:
> Hi Stefan,
> Thank you for bringing this to the list. Truly appreciate it!
> Honestly, I have mixed feelings. While I am sure it is
Hi Stefan,
Thank you for bringing this to the list. Truly appreciate it!
Honestly, I have mixed feelings. While I am sure it is a great work, I
think that anything classified as improvement and not a bug which has a
current workaround(that is what I understood from your email without
looking at
This is completed now, thanks to all those who helped!
The merge order for release blockers is:
cassandra-3.0->cassandra-3.11->cassandra-4.0.0->cassandra-4.0->trunk
For anything non-critical, you skip 4.0.0, but explicitly:
cassandra-3.0->cassandra-3.11->cassandra-4.0->trunk
On Thu, Jun 3,
Hi list,
During our evaluation of 4.0 internally, we noticed that there are
passwords in the plaintext in audit logging (and in fql). While I was
going through CASSANDRA-12151, I noticed that the password obfuscation
in these components was planned but it was never implemented and it
was merged
Proposal for a mechanism to evaluate whole clusters, or individual classes,
with a deterministically pseudorandom ordering of all thread and message events.
https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-10%3A+Cluster+and+Code+Simulations
Evaluating the correctness of distributed
Congratulations Dinesh!
Jordan
On Thu, Jun 3, 2021 at 1:40 AM Mick Semb Wever wrote:
> Congrats Dinesh. Thanks for all the help given and offered whenever it is
> needed!
>
> On Wed, 2 Jun 2021 at 18:16, Benjamin Lerer wrote:
>
> > The PMC's members are pleased to announce that Dinesh Joshi
I've created https://issues.apache.org/jira/browse/CASSANDRA-16709 for
the 4.0.0 branch
On Thu, Jun 3, 2021 at 11:06 AM Ekaterina Dimitrova
wrote:
>
> +1, thank you Brandon
>
> @Jeff - there is the Jira board Cassandra 4.0GAScope
> It might need some revision though. Any help with flaky tests is
+1, thank you Brandon
@Jeff - there is the Jira board Cassandra 4.0GAScope
It might need some revision though. Any help with flaky tests is also
appreciated if anyone has cycles. Thank you all, let’s do it :-)
On Thu, 3 Jun 2021 at 11:45, Jeff Jirsa wrote:
> Given we're past the RC1, I think
The 4.0GA board is ->
https://issues.apache.org/jira/secure/RapidBoard.jspa?rapidView=355=1661
Le jeu. 3 juin 2021 à 17:45, Jeff Jirsa a écrit :
> Given we're past the RC1, I think it's time.
>
> Also, probably a silly question, but where's the list of issues reported in
> the release
Given we're past the RC1, I think it's time.
Also, probably a silly question, but where's the list of issues reported in
the release candidate that need to be fixed before the GA?
On Thu, Jun 3, 2021 at 8:36 AM Brandon Williams wrote:
> Hello,
>
> In order to more safely expedite 4.0's first
Hello,
In order to more safely expedite 4.0's first release, I would like to
propose minimizing the surface area for regressions by creating a 4.0.0
branch, as we have done in the past for initial releases. Only critical
bugfixes would go in this branch, essentially removing it from the merge
Congrats Dinesh. Thanks for all the help given and offered whenever it is
needed!
On Wed, 2 Jun 2021 at 18:16, Benjamin Lerer wrote:
> The PMC's members are pleased to announce that Dinesh Joshi has accepted
> the invitation to become a PMC member.
>
> Thanks a lot, Dinesh, for everything you
I had java 10, so replaced it by java 11, and then following command was
successful:
*ant -Drat.skip=true -Duse.jdk11=true*
May be this can be updated somewhere in documentation.
On Wed, Jun 2, 2021 at 9:35 PM Benjamin Lerer wrote:
> The RAT check does not work on Windows. If you want to build
19 matches
Mail list logo
