This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before reporting any security related JIRAs, please go through Apache's guidance for VULNERABILITY HANDLING

Please see Lock down Apache Ranger for production deployments

Fixed in Ranger 0.7.1


CVE-2017-7676: Apache Ranger policy evaluation ignores characters after ‘*’ wildcard character


Credit: Thanks to Jakub Kałużny from SecuRing for reporting this issue

Best Practices for Securing Ranger


  • After installation, update passwords for admin accounts. Below admin accounts are created by default. 
  • Enable SSL