Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce that only signed bars can be provided during upgrade #426

Open
3 tasks
alin2k opened this issue Aug 10, 2017 · 1 comment
Open
3 tasks

Enforce that only signed bars can be provided during upgrade #426

alin2k opened this issue Aug 10, 2017 · 1 comment
Labels
improvement/functional priority/4 - low severity/3 - medium triage/approved/on-hold

Comments

@alin2k
Copy link

alin2k commented Aug 10, 2017

Description

osc-core\osc-common\src\main\java\org\osc\core\util\ServerUtil.java:653: // TODO: Future. Need to verify that this is a valid signed bundle/jar. We must enforce that only signed jars can be provided during an upgrade.

Expected Behavior

Actual Behavior

Steps to Reproduce

Additional Information

Merged DE3917

Environment

  • OSC Version/Build:
  • Cloud Provider Info:
  • Plugin Info:
  • Other:

Status

  • Reproduced
  • In Progress
  • Validated => Verified in Version/Build:
@arvindn05 arvindn05 changed the title Enforce that only signed jars can be provided during upgrade Enforce that only signed bars can be provided during upgrade Aug 24, 2017
@arvindn05
Copy link
Member

It is assumed that the security administrator gets the plugins from trusted sources. OSC is generally run within internal networks with restricted access so its not a high priority to fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement/functional priority/4 - low severity/3 - medium triage/approved/on-hold
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arvindn05 @alin2k