Hello: HereĀ¹s a CVE update for Ranger 0.5.2 release. Please see below details.
Thank you, Velmurugan Periasamy -------------------------------------------------------------------------- CVE-2016-0735: Ranger policy excludes flags processing -------------------------------------------------------------------------- Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.5.0/0.5.1 versions of Apache Ranger Users affected: All users that use Ranger to authorize HBase, Hive, and Knox. Description: In some cases, presence of an exclude policy at a resource-level can give the user access at its parent resource-level. For example, if a hive policy excludes access for a user to a particular column, then such a user would be able to alter the name of that table. Only a user who has access at the table level should be able to do so. Due to this bug however, the user is able to do the operation when an exclude policy is present at the column-level for that table. Mitigation: Users should upgrade to Ranger 0.5.2 version --------------------------------------------------------------------------
