Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Before reporting any security related JIRAs, please go through Apache's guidance for VULNERABILITY HANDLING

Please see Lock down Apache Ranger for production deployments

Fixed in Ranger 0.7.1

...

CVE-2017-7676: Apache Ranger policy evaluation ignores characters after ‘*’ wildcard character

...

Credit: Thanks to Jakub Kałużny from SecuRing for reporting this issue

Best Practices for Securing Ranger

...

  • After installation, update passwords for admin accounts. Below admin accounts are created by default. 
  • Enable SSL 

 

...