In general, proposals to backport are more likely to get votes when the fix is already on develop and has been through some testing, especially as support/1.13 is (hopefully) getting close to RC1. We’ve already seen several reverts on the support branch due to hasty backporting...
I’d love to see this fix make it into 1.13 and will be happy to add my endorsement first thing next week assuming it gets into develop before the weekend. > On May 22, 2020, at 1:39 PM, Bruce Schuchardt <bschucha...@gmail.com> wrote: > > Sorry about the weird link - this is PR 5131 > > > > > On 5/22/20, 1:33 PM, "Bruce Schuchardt" <bschucha...@gmail.com> wrote: > > I’ve been asked to propose backporting these changes to the 1.13 branch. > This is a security issue – endpoint verification in servers is currently > broken. That is, if you enable it you’re unable to start up a cluster. > > > > Endpoint verification requires the server-side of a tcp/ip connection to > present a certificate that identifies the server by hostname. The client > then checks that hostname against what it expects as part of the TLS (“SSL”) > handshake. > > > > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fgeode%2Fpull%2F5131&data=02%7C01%7Cbruces%40vmware.com%7Cbdbbf0ecaf9049c974b908d7fe8f62b4%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C1%7C637257764107593299&sdata=kSxTyXxzsavxBRD97eR8KM%2FNyuLV9XwFLun5NzLwxjs%3D&reserved=0 > > > > > >
