[GitHub] [incubator-superset] willbarrett commented on issue #9120: Add feature flags to control query sharing, KV exposure
willbarrett commented on issue #9120: Add feature flags to control query sharing, KV exposure URL: https://github.com/apache/incubator-superset/pull/9120#issuecomment-586015168 @etr2460 let me know if that entry in UPDATING.md fits your needs or if there's somewhere else you'd like me to drop a note as well. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
[GitHub] [incubator-superset] willbarrett commented on issue #9120: Add feature flags to control query sharing, KV exposure
willbarrett commented on issue #9120: Add feature flags to control query sharing, KV exposure URL: https://github.com/apache/incubator-superset/pull/9120#issuecomment-585464421 @etr2460 I'll expand directly with you in Slack. I don't wish to have a detailed security-related conversation publicly. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
[GitHub] [incubator-superset] willbarrett commented on issue #9120: Add feature flags to control query sharing, KV exposure
willbarrett commented on issue #9120: Add feature flags to control query sharing, KV exposure URL: https://github.com/apache/incubator-superset/pull/9120#issuecomment-585461820 @etr2460 the unsecured/unvalidated/unowned `/kv/` endpoints are unacceptable from a security standpoint to Preset. We've provided feature flags so that other organizations can continue using the system as-is. The Cartel designs have a different model entirely for sharing, so we view this fix as a stop-gap in advance of that work. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org