-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62088/
-----------------------------------------------------------
Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh Khamesra,
and Udo Kohlmeyer.
Bugs: GEODE-3249
https://issues.apache.org/jira/browse/GEODE-3249
Repository: geode
Description
-------
This change leaves the security hole in place but allows you to plug it by
setting the system property
geode.disallow-internal-messages-without-credentials=true
Clients must be upgraded to the release containing this change if you set this
system property to true and client/server authentication is enabled. Otherwise
client messages to register PDX types or Instantiators will be rejected by the
servers.
Diffs
-----
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7
Diff: https://reviews.apache.org/r/62088/diff/1/
Testing
-------
Thanks,
Bruce Schuchardt
