Re: [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS

Hi Yongli - I'm not sure whether you will see this response or not given that I had to moderate your email. It doesn't seem that you are subscribed. However, this is a good question and will be helpful for the community at large. The warning that you are seeing above is part of the fix of the

Re: [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS

Hi Knox experts, I have my environment running with Knox 0.12.0 already but I am still getting the same impersonate warning messages as shown below - "2018-02-22 21:14:39,671 WARN hadoop.gateway (IdentityAsserterHttpServletRequestWrapper.java:scrubOfExistingPrincipalParams(199)) - Possible

Re: [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS

Yes, Colm - I was thinking the same thing. Need to add a separate page for this. Thanks, --larry On Mon, May 29, 2017 at 5:43 AM, Colm O hEigeartaigh wrote: > Sorry, sent that one too soon. Example: > > http://cxf.apache.org/security-advisories > > Colm. > > On Mon, May

Re: [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS

Sorry, sent that one too soon. Example: http://cxf.apache.org/security-advisories Colm. On Mon, May 29, 2017 at 10:42 AM, Colm O hEigeartaigh wrote: > Hi Larry, > > We should get the CVEs uploaded to the website as well (apologies if it's > already done + I missed it).

Re: [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS

Hi Larry, We should get the CVEs uploaded to the website as well (apologies if it's already done + I missed it). For example: On Fri, May 26, 2017 at 7:26 PM, larry mccay wrote: > CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS > > Severity: Important > > Vendor: