ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Boudnik (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-5413) Ignite shouldn't expose nor send (clear-text) env variables to a 3rd endpoint
Date Tue, 06 Jun 2017 01:04:12 GMT
Konstantin Boudnik created IGNITE-5413:

             Summary: Ignite shouldn't expose nor send (clear-text) env variables to a 3rd
                 Key: IGNITE-5413
                 URL: https://issues.apache.org/jira/browse/IGNITE-5413
             Project: Ignite
          Issue Type: Bug
          Components: general
    Affects Versions: 1.1.4
            Reporter: Konstantin Boudnik
            Priority: Blocker
             Fix For: 2.1

Apache Ignite is periodically accessing to https://ignite.run/update_status_ignite-plain-text.php

It is enabled by default at least in org.apache.ignite:ignite-core:1.9.0, but of course it
has been happening for a long time.

Corresponding code is https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/ClusterProcessor.java#L81-L82

Posting JVM env variable (or any other user's specific information) without an explicit user's
consent is a bad idea and should be disabled by default. 
See  https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java#L313
for more details.

This message was sent by Atlassian JIRA

View raw message