[#QB-3813] [Restful][buildagents/active] need authorize

QuickBuild

[Restful][buildagents/active] need authorize

Created: 27/Dec/21 08:47 AM Updated: 08/Jan/22 09:04 AM

Component/s:

None

Affects Version/s:

11.0.26

Fix Version/s:

None

Original Estimate:	Unknown	Remaining Estimate:	Unknown	Time Spent:	Unknown
Environment:	Upgrade from 9.0.48 to 11.0.26 in docker image: openjdk:11-jdk

Description

« Hide

I'm work for intel OTC VCMT team for the open source media CI
We use QB 9.0.48 which is good version for rest/buildagents/active, but when we upgrade version from 9.0.48 to 11.0.26 for fix log4j problem

I find rest/buildagents/active need authorize, I query for the document: https://wiki.pmease.com/display/QB11/Interact+with+Build+Agents it say don't need authorized for this RESTFul

I'm confuse of this function, I also upgrade the test server from 9.0.48 to 11.0.26 without this problem, but the production server catch this problem

This function is more useful to maintenance lot of device for the QB,
so I want to confirm what happen on this function

BTW: I still find log4j 1.2 on addons/traymonitor/lib/log4j-1.2.15.jar
Hopes this version also can upgrade

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Robin Shen [27/Dec/21 02:24 PM]

The build agents endpoint now needs permission VIEW_GRID_PAGE (defined in group). The documentation has now been updated.

Log4j 1.2 is vulnerable when a socket server is started to accept log entries, which is not used in tray monitor. Nevertheless, we will update it to latest version in next major version.