Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: f41b7f615310
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: ed03f1a59462
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Nov 25, 2020

  1. cassandra_2_2: 2.2.14 -> 2.2.19 

    Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

2.2.x users should upgrade to 2.2.18
    @redvers
    redvers committed Nov 25, 2020
    Copy the full SHA
    ee1b13d View commit details
    Browse the repository at this point in the history

Commits on Dec 9, 2020

  1. Merge pull request #104840 from redvers/update_cassandra_2.2.14_to_2.… 

    …2.19_cve-2020-13946

cassandra_2_2: 2.2.14 -> 2.2.19
    @roberth
    roberth committed Dec 9, 2020
    Copy the full SHA
    ed03f1a View commit details
    Browse the repository at this point in the history