Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 389208 Details for
Bug 524682
<app-misc/elasticsearch-{1.3.2-r2,1.4.0}: CSRF via insecure CORS default configuration (CVE-2014-6439)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
http_cors_disable.patch
http_cors_disable.patch (text/plain), 784 bytes, created by
Ferenc Erki
on 2014-11-13 00:47:25 UTC
(
hide
)
Description:
http_cors_disable.patch
Filename:
MIME Type:
Creator:
Ferenc Erki
Created:
2014-11-13 00:47:25 UTC
Size:
784 bytes
patch
obsolete
>diff -urN config/elasticsearch.yml config_new/elasticsearch.yml >--- config/elasticsearch.yml 2014-08-13 16:27:06.000000000 +0200 >+++ config_new/elasticsearch.yml 2014-11-12 20:39:53.501990184 +0100 >@@ -383,3 +383,14 @@ > # it unless you need it is recommended (it is disabled by default). > # > #http.jsonp.enable: true >+ >+# Patched by Gentoo due to CVE-2014-6439, for details please see >+# https://bugs.gentoo.org/show_bug.cgi?id=524682 >+# >+# Enable or disable cross-origin resource sharing, i.e. whether a browser >+# on another origin can do requests to Elasticsearch (defaults to true). >+# >+http.cors.enabled: false >+ >+# For further http.cors.* settings, please see Elasticsearch documentation at >+# http://www.elasticsearch.org/guide/en/elasticsearch/reference/1.3/modules-http.html
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=389208">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 524682
:
389206
| 389208 |
389210
