Author: lidong
Date: Wed Nov 11 14:11:27 2020
New Revision: 1883304
URL: http://svn.apache.org/viewvc?rev=1883304&view=rev
Log:
add new committer chuxiao and new cve
Modified:
kylin/site/cn/community/index.html
kylin/site/community/index.html
kylin/site/docs/security.html
kylin/site/feed.xml
Modified: kylin/site/cn/community/index.html
URL:
http://svn.apache.org/viewvc/kylin/site/cn/community/index.html?rev=1883304&r1=1883303&r2=1883304&view=diff
==============================================================================
--- kylin/site/cn/community/index.html (original)
+++ kylin/site/cn/community/index.html Wed Nov 11 14:11:27 2020
@@ -785,6 +785,18 @@ var _hmt = _hmt || [];
<p>Apache ID : <a
href="http://home.apache.org/phonebook.html?uid=wangrupeng";
class="apache-id">wangrupeng</a> </p>
</div>
</div>
+
+ <div class="col-sm-6 col-md-4">
+ <div class="members-card">
+ <a href="http://github.com/bigxiaochu";>
+ <img class="github-pic"
src="http://github.com/bigxiaochu.png"; />
+ </a>
+ <p class="members-name"> Xiao Chu (åæ) </p>
+ <p class="member-role">Org: Didi Chuxing </p>
+ <p class="members-role">Role : committer</p>
+ <p>Apache ID : <a
href="http://home.apache.org/phonebook.html?uid=xiaochu";
class="apache-id">xiaochu</a> </p>
+ </div>
+ </div>
</div>
Modified: kylin/site/community/index.html
URL:
http://svn.apache.org/viewvc/kylin/site/community/index.html?rev=1883304&r1=1883303&r2=1883304&view=diff
==============================================================================
--- kylin/site/community/index.html (original)
+++ kylin/site/community/index.html Wed Nov 11 14:11:27 2020
@@ -9186,6 +9186,18 @@ var _hmt = _hmt || [];
<p>Apache ID : <a
href="http://home.apache.org/phonebook.html?uid=wangrupeng";
class="apache-id">wangrupeng</a> </p>
</div>
</div>
+
+ <div class="col-sm-6 col-md-4">
+ <div class="members-card">
+ <a href="http://github.com/bigxiaochu";>
+ <img class="github-pic"
src="http://github.com/bigxiaochu.png"; />
+ </a>
+ <p class="members-name"> Xiao Chu (åæ) </p>
+ <p class="member-role">Org: Didi Chuxing </p>
+ <p class="members-role">Role : committer</p>
+ <p>Apache ID : <a
href="http://home.apache.org/phonebook.html?uid=xiaochu";
class="apache-id">xiaochu</a> </p>
+ </div>
+ </div>
</div>
Modified: kylin/site/docs/security.html
URL:
http://svn.apache.org/viewvc/kylin/site/docs/security.html?rev=1883304&r1=1883303&r2=1883304&view=diff
==============================================================================
--- kylin/site/docs/security.html (original)
+++ kylin/site/docs/security.html Wed Nov 11 14:11:27 2020
@@ -8585,7 +8585,33 @@ var _hmt = _hmt || [];
<article
class="post-content" >
- <h3
id="cve-2020-13926httpscvemitreorgcgi-bincvenamecginamecve-2020-13926"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13926";>CVE-2020-13926</a></h3>
+ <h3
id="cve-2020-13937httpscvemitreorgcgi-bincvenamecginamecve-2020-13937"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13937";>CVE-2020-13937</a></h3>
+
+<p><strong>Severity</strong></p>
+
+<p>Important</p>
+
+<p><strong>Versions Affected</strong></p>
+
+<p>Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1,
2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha,
3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha.</p>
+
+<p><strong>Description</strong></p>
+
+<p>Kylin has one restful api which exposed Kylinâs configuration information
without any authentication, so it is dangerous because some confidential
information entries will be disclosed to everyone.</p>
+
+<p><strong>Mitigation</strong></p>
+
+<p>Users of all previous versions after 2.0 should upgrade to 3.1.0.</p>
+
+<p>Users could edit <code
class="highlighter-rouge">$KYLIN_HOME/WEB-INF/classes/kylinSecurity.xml</code>,
and remove this line <code class="highlighter-rouge"><scr:intercept-url
pattern="/api/admin/config" access="permitAll"/></code>. After that,
restart all Kylin instances to make it effective.</p>
+
+<p>Otherwise, you can upgrade Kylin to 3.1.1.</p>
+
+<p><strong>Credit</strong></p>
+
+<p>This issue was discovered by Ngo Wei Lin (@Creastery) of STAR Labs
(@starlabs_sg).</p>
+
+<h3 id="cve-2020-13926httpscvemitreorgcgi-bincvenamecginamecve-2020-13926"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13926";>CVE-2020-13926</a></h3>
<p><strong>Severity</strong></p>
Modified: kylin/site/feed.xml
URL:
http://svn.apache.org/viewvc/kylin/site/feed.xml?rev=1883304&r1=1883303&r2=1883304&view=diff
==============================================================================
--- kylin/site/feed.xml (original)
+++ kylin/site/feed.xml Wed Nov 11 14:11:27 2020
@@ -19,8 +19,8 @@
<description>Apache Kylin Home</description>
<link>http://kylin.apache.org/</link>
<atom:link href="http://kylin.apache.org/feed.xml"; rel="self"
type="application/rss+xml"/>
- <pubDate>Tue, 10 Nov 2020 05:59:14 -0800</pubDate>
- <lastBuildDate>Tue, 10 Nov 2020 05:59:14 -0800</lastBuildDate>
+ <pubDate>Wed, 11 Nov 2020 05:59:38 -0800</pubDate>
+ <lastBuildDate>Wed, 11 Nov 2020 05:59:38 -0800</lastBuildDate>
<generator>Jekyll v2.5.3</generator>
<item>
![http://github.com/bigxiaochu.png"](http://github.com/bigxiaochu.png"){kind=link}