Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 8 commits
- 7 files changed
- 4 contributors
Commits on Dec 9, 2020
-
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Description: It is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. 3.11.x users should upgrade to 3.11.8 (cherry picked from commit 90d2986)
-
cassandra_2_1: 2.1.20 -> 2.1.22
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Description: It is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. 2.1.x users should upgrade to 2.1.22 (cherry picked from commit b0f1fea)
-
cassandra_2_2: 2.2.14 -> 2.2.19
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Description: It is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. 2.2.x users should upgrade to 2.2.18 (cherry picked from commit ee1b13d)
-
cassandra_3_0: 3.0.17 -> 3.0.23
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Description: It is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. 3.0.x users should upgrade to 3.0.22 (cherry picked from commit 1431c3c)
-
cassandra: remove maintainer cransom
I've been disconnected from Cassandra for years now, I wouldn't be an appropriate maintainer. (cherry picked from commit f6e974e)
-
cassandra: Remove version assertion
NixOS 20.09 does not support passthru on tests.
Commits on Dec 10, 2020
-
Merge pull request #106477 from hercules-ci/cassandra-backports
[20.09] cassandra backports
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 344652380833...1fb696974478