| << Back to previous view |
|
[QB-3813] [Restful][buildagents/active] need authorize
|
|
| Status: | Closed |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | 11.0.26 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Bin Wu | Assigned To: | Robin Shen |
| Resolution: | Won't Fix | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Environment: | Upgrade from 9.0.48 to 11.0.26 in docker image: openjdk:11-jdk | ||
| Description |
|
I'm work for intel OTC VCMT team for the open source media CI
We use QB 9.0.48 which is good version for rest/buildagents/active, but when we upgrade version from 9.0.48 to 11.0.26 for fix log4j problem I find rest/buildagents/active need authorize, I query for the document: https://wiki.pmease.com/display/QB11/Interact+with+Build+Agents it say don't need authorized for this RESTFul I'm confuse of this function, I also upgrade the test server from 9.0.48 to 11.0.26 without this problem, but the production server catch this problem This function is more useful to maintenance lot of device for the QB, so I want to confirm what happen on this function BTW: I still find log4j 1.2 on addons/traymonitor/lib/log4j-1.2.15.jar Hopes this version also can upgrade |
| Comments |
| Comment by Robin Shen [ 27/Dec/21 02:24 PM ] |
|
The build agents endpoint now needs permission VIEW_GRID_PAGE (defined in group). The documentation has now been updated.
Log4j 1.2 is vulnerable when a socket server is started to accept log entries, which is not used in tray monitor. Nevertheless, we will update it to latest version in next major version. |