commit | 45341307d573c181fa343a34e95fc76b89a5e0ba | [log] [tgz] |
---|---|---|
author | Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> | Fri Nov 18 22:53:02 2022 +0000 |
committer | XiaoxiangYu <xxyu@apache.org> | Mon Nov 21 16:03:41 2022 +0800 |
tree | ba68baa834bc12e44f3e2a23e7da27d5ff39770c | |
parent | fd2977e21c51f1afed668f2d9713cf562f2dc42d [diff] |
vuln-fix: Temporary File Information Disclosure This fixes temporary file information disclosure vulnerability due to the use of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by using the `Files.createTempFile()` method which sets the correct posix permissions. Weakness: CWE-377: Insecure Temporary File Severity: Medium CVSSS: 5.5 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18 Co-authored-by: Moderne <team@moderne.io>
Extreme OLAP Engine for Big Data
Apache Kylin is an open source Distributed Analytics Engine, contributed by eBay Inc., it provides a SQL interface and multi-dimensional analysis (OLAP) on Hadoop with support for extremely large datasets.
For more details, see the website http://kylin.apache.org, Chinese version:http://kylin.apache.org/cn/.
Please refer to Development Guide for Kylin 4 on wiki.
In order to allow users to try Kylin easily, we provide a docker image for Kylin.
Just run the following commands in your terminal. After 3~5 mins, you can access Kylin WebUI http://127.0.0.1:7070/kylin/login in your browser with ADMIN/KYLIN.
docker pull apachekylin/apache-kylin-standalone:4.0.0
docker run -d \ -m 8G \ -p 7070:7070 \ -p 8088:8088 \ -p 50070:50070 \ -p 8032:8032 \ -p 8042:8042 \ -p 2181:2181 \ --name kylin-4.0.0 \ apachekylin/apache-kylin-standalone:4.0.0
You can learn more about this docker image on Kylin's website.
Please refer to http://kylin.apache.org/docs40/.
The fastest way to get response from our developers is to send an email to our mail list dev@kylin.apache.org,
and remember to subscribe our mail list via dev-subscribe@kylin.apache.org
Please refer to LICENSE file.