Severity: important
Affected versions:
- Apache Hive 2.2.0 before 4.0.0
Description:
Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message
signatures allows attacker to forge a valid signature for an arbitrary message
byte by byte. The attacker should be an authorized use
+1 (non-binding)
I think it's a great idea, and was about to point out the same automation
as Ayush, driven from the JIRA "Release Note" field. Committers just enter
text in the optional field when they close the issue, and it's guaranteed
to show up when the release gets created.
Chris Nauroth
+1, I think Yetus has releasedoc maker [1], which can do it for us, afaik
Hadoop uses it to generate the ReleaseDocs [2] + ChangeLog [3] & it looks
good. I did generate the ChangeLog for 4.x release using this [4], maybe
not awesome but still looked better to me
-Ayush
[1] https://github.com/apa
Hi all,
Currently the release notes are a plain export of the JIRA tickets
that were resolved in a certain version. Although it is convenient and
easy to generate by the release manager it usually lacks information
about breaking/behavior changes, deprecation notices, and appropriate
documentation
