cf-dev@lists.cloudfoundry.org

Home Messages Hashtags Subgroups

Export Group Data

Between

and

Re: Change in CF Security RSS Feed Lee Porte #7713 I agree with Matthew. A redirect should really have been put in place when the change was made. The changes broke our CVE alerting mechanism. Lee toggle quoted messageShow quoted text On 7 February 2018 at 00:51, Matthew Kocher <mkocher@...> wrote: Can we put a redirect in place? Failing that, how about an update posted to the old feed before it goes dark? Having the old feed go silent is bad form for something that people may be relying on for security updates. On Tue, Feb 6, 2018 at 8:56 AM, Molly Crowther <mcrowther@...> wrote: Hello all, A few weeks ago, the foundation did some re-architecting of the CF blog to improve SEO and searchability. These updates changed the location of the Security RSS feed. If you are using this feed, the new address is: https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ Please let me know if you have any questions or concerns! Thanks, Molly Crowther CFF Security Team
More All Messages By This Member
CF UAA Localization #cf Balakrishnan #7712 Hi, Our project uses standalone UAA for User Authentication. There is a requirement of allowing Client to create new users using API (/Users - POST) as per his/her locale. E.g. If Our Client locale is in French, then username should allow all French character. However as per the current code it seems , it always expects the username in English as there are validation("[\\p{L}+0-9+\\-_.@'!]+") for valid user name . Is there any feature available in UAA to localize the instance ? or UAA will always accept Username/Password in English only ? Thanks, Balakrishnan
More All Messages By This Member
Re: Change in CF Security RSS Feed Matthew Kocher <mkocher@...> #7711 Can we put a redirect in place? Failing that, how about an update posted to the old feed before it goes dark? Having the old feed go silent is bad form for something that people may be relying on for security updates. toggle quoted messageShow quoted text On Tue, Feb 6, 2018 at 8:56 AM, Molly Crowther <mcrowther@...> wrote: Hello all, A few weeks ago, the foundation did some re-architecting of the CF blog to improve SEO and searchability. These updates changed the location of the Security RSS feed. If you are using this feed, the new address is: https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ Please let me know if you have any questions or concerns! Thanks, Molly Crowther CFF Security Team
More
Change in CF Security RSS Feed Molly Crowther #7710 Hello all, A few weeks ago, the foundation did some re-architecting of the CF blog to improve SEO and searchability. These updates changed the location of the Security RSS feed. If you are using this feed, the new address is: https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ Please let me know if you have any questions or concerns! Thanks, Molly Crowther CFF Security Team
More All Messages By This Member
Service Brokers using plan_id in last operation requests Matt McNeeney #7709 There is a discussion taking place [1] in the Open Service Broker API group regarding the plan_id that is sent in requests to get the status of an asynchronous operation [2] such as a provision or an update (last_operation endpoint). Given that an asynchronous update service instance request could change the plan that a service instance is using, we are unsure of what service brokers expect in this scenario; are they expecting to receive the old plan_id or the new plan_id? *If any service broker authors are using the plan_id* field, please let me know so that we can guide that discussion and make sure we do not make a breaking change to the specification.** Thanks, Matt [1] https://github.com/openservicebrokerapi/servicebroker/issues/396 [2] https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#polling-last-operation
More All Messages By This Member
Re: What should happen to Service Instance Bindings when their Plan is updated? landzhev@... #7708 Hi Alex, Our service broker implementation to a large extend ignores the planId. We store it as a piece of information, but we do not use it later on, Best regards, Nikolay toggle quoted messageShow quoted text On Thursday, February 1, 2018, 6:11:48 AM GMT+2, Basavaraju, Jagadish <jagadish.basavaraju@...> wrote: Our implementation of Service Broker [1] ignores Plan Id and Service Id input during the bind requests and the bindings are valid even post plan update. Jagadish [1] – Service Fabrik – https://github.com/cloudfoundry-incubator/service-fabrik-broker From: <cf-dev@...> on behalf of Alex Ley <aley@...> Reply-To: "cf-dev@..." <cf-dev@...> Date: Wednesday, 31 January 2018 at 9:00 PM To: "cf-dev@..." <cf-dev@...> Subject: [cf-dev] What should happen to Service Instance Bindings when their Plan is updated? For folks who build Service Brokers, I would like to get your input on this issue [1] in the OSBAPI spec project. Today the spec doesn't give any guidance on what should happen to bindings when a plan is updated. We are looking to add some clarification / set the expected behaviour. Could you share the logic for your service brokers on the issue? Do you use the `plan_id` in the binding request? [1] https://github.com/openservicebrokerapi/servicebroker/issues/340
More All Messages By This Member
Setting Up DNS for Your Environment Russell Blue #7707 Hi, I want deploy cf-deployment on pike openstack. how can setting up DNS for my environment ? kind regards
More All Messages By This Member
Re: What should happen to Service Instance Bindings when their Plan is updated? Sascha Matzke #7706 Hi, we have several service brokers (for "normal" backend services and quite a few route services) and we don't use PlanID (or ServiceID) in most of them. There are exceptions (as always), but those brokers do not support plan updates. Best, Sascha
More All Messages By This Member
Re: What should happen to Service Instance Bindings when their Plan is updated? Basavaraju, Jagadish #7705 Our implementation of Service Broker [1] ignores Plan Id and Service Id input during the bind requests and the bindings are valid even post plan update. Jagadish [1] – Service Fabrik – https://github.com/cloudfoundry-incubator/service-fabrik-broker From: <cf-dev@...> on behalf of Alex Ley <aley@...> Reply-To: "cf-dev@..." <cf-dev@...> Date: Wednesday, 31 January 2018 at 9:00 PM To: "cf-dev@..." <cf-dev@...> Subject: [cf-dev] What should happen to Service Instance Bindings when their Plan is updated? For folks who build Service Brokers, I would like to get your input on this issue [1] in the OSBAPI spec project. Today the spec doesn't give any guidance on what should happen to bindings when a plan is updated. We are looking to add some clarification / set the expected behaviour. Could you share the logic for your service brokers on the issue? Do you use the `plan_id` in the binding request? [1] https://github.com/openservicebrokerapi/servicebroker/issues/340
More All Messages By This Member
CVE-2018-1192: UAA SessionID present in Audit Event Logs Molly Crowther <mcrowther@...> #7704 Please see below for information on a high-severity UAA CVE. Sree Tummidi can provide more details if you have questions. Thanks, Molly Crowther CFF Security Team CVE-2018-1192: UAA SessionID present in Audit Event Logs Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions All cf-release versions prior to v285 All cf-deployment versions prior to v1.7 UAA 4.5.x versions prior to 4.5.5 4.8.x versions prior to 4.8.3 4.7.x versions prior to 4.7.4 UAA-release 45.7.x versions prior to 45.7 52.7.x versions prior to 52.7 53.3.x versions prior to 53.3 Description Cloud Foundry UAA logs the SessionID in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. Mitigation Users of affected versions should apply the following mitigations or upgrades: Releases that have fixed this issue include: cf-release: 285 cf-deployment: 1.7 UAA: 4.5.5, 4.8.3, 4.7.4 UAA-release: 45.7,52.7, 53.3 Credit This issue was responsibly reported by the UAA team. References https://github.com/cloudfoundry/cf-release/releases https://github.com/cloudfoundry/cf-deployment/releases https://github.com/cloudfoundry/uaa/releases https://github.com/cloudfoundry/uaa-release/releases History 2018-01-31: Initial vulnerability report published.
More
Re: What should happen to Service Instance Bindings when their Plan is updated? Mike Youngstrom #7703 We do use the plan_id in the binding request. Usually to help look up credential config for parts of a service's credentials that are more static. But, we also don't have any services where updating the plan affect bind credentials either. I would be careful of doing anything special like auto rebind of services when a service is updated unless you're willing to look at overhauling the current model to also consider things like application restarts and broker initiated rebinds. For example, I have occasionally wished that I could auto rebind all current service bindings when I've made changes to my broker and want all apps to incorporate a change to the way I was generating credentials. Though I've always viewed such ideas as somewhat pie in the sky ideas. I'm inclined to think you just leave existing bindings alone on service update and require the broker to keep the old service working. Perhaps UIs could add a little sugar notifying the user they may need to rebind and restart their applications for the update to take effect. Mike toggle quoted messageShow quoted text On Wed, Jan 31, 2018 at 8:28 AM, Alex Ley <aley@...> wrote: For folks who build Service Brokers, I would like to get your input on this issue [1] in the OSBAPI spec project. Today the spec doesn't give any guidance on what should happen to bindings when a plan is updated. We are looking to add some clarification / set the expected behaviour. Could you share the logic for your service brokers on the issue? Do you use the `plan_id` in the binding request? [1] https://github.com/openservicebrokerapi/servicebroker/issues/340
More All Messages By This Member
What should happen to Service Instance Bindings when their Plan is updated? Alex Ley #7702 For folks who build Service Brokers, I would like to get your input on this issue [1] in the OSBAPI spec project. Today the spec doesn't give any guidance on what should happen to bindings when a plan is updated. We are looking to add some clarification / set the expected behaviour. Could you share the logic for your service brokers on the issue? Do you use the `plan_id` in the binding request? [1] https://github.com/openservicebrokerapi/servicebroker/issues/340
More All Messages By This Member
Re: bosh cf login on openstack Russell Blue #7701 Should I deploy "cf deploy" again with the haproxy file and build all virtual machines? -------------------------------------------- toggle quoted messageShow quoted text On Wed, 1/31/18, Yitao Jiang <jiangyt.cn@gmail.com> wrote: Subject: Re: [cf-dev] bosh cf login on openstack To: cf-dev@lists.cloudfoundry.org Date: Wednesday, January 31, 2018, 9:01 AM Hello Russell Assuming your domain for management is pcontrollerYou need to configure the dns to resolve all *.pcontroler to a routing layer, either by lb or directly gorouter. Try enable this one https://github.com/cloudfoundry/cf-deployment/blob/master/operations/use-haproxy-public-network.yml On Tue, Jan 30, 2018 at 6:23 PM, Russell Blue via Lists.Cloudfoundry.Org <bluerussell20=yahoo.com@ lists.cloudfoundry.org> wrote: Hi, 1- Using the cf-deployment, the virtual machines of cloud foundry on openstack IaaS were created. 2- cf CLI also installed There is the following problem to log into the cloud foundry environment # cf login API endpoint> api.pcontroller FAILED Error performing request: Get https://api.pcontroller/v2/inf o: dial tcp: lookup api.pcontroller on 192.168.55.1:53: no such host TIP: If you are behind a firewall and require an HTTP proxy, verify the https_proxy environment variable is correctly set. Else, check your what is API endpoint? How to API endpoint set up? Best Regards -- Regards, Yitao
More All Messages By This Member
Re: bosh cf login on openstack Yitao Jiang #7700 Hello Russell Assuming your domain for management is pcontroller You need to configure the dns to resolve all *.pcontroler to a routing layer, either by lb or directly gorouter. Try enable this one https://github.com/cloudfoundry/cf-deployment/blob/master/operations/use-haproxy-public-network.yml toggle quoted messageShow quoted text On Tue, Jan 30, 2018 at 6:23 PM, Russell Blue via Lists.Cloudfoundry.Org <bluerussell20=yahoo.com@lists.cloudfoundry.org> wrote: Hi, 1- Using the cf-deployment, the virtual machines of cloud foundry on openstack IaaS were created. 2- cf CLI also installed There is the following problem to log into the cloud foundry environment # cf login API endpoint> api.pcontroller FAILED Error performing request: Get https://api.pcontroller/v2/info: dial tcp: lookup api.pcontroller on 192.168.55.1:53: no such host TIP: If you are behind a firewall and require an HTTP proxy, verify the https_proxy environment variable is correctly set. Else, check your what is API endpoint? How to API endpoint set up? Best Regards -- Regards, Yitao
More All Messages By This Member
Proposal: Garden support for Containerd Julz Friedman #7699 Hi cf devvers, the garden team have a proposal about using Containerd to run containers in garden-runc. It's called "Proposal: Use Containerd to run containers in Garden-RunC". The link is here [0]. [0]: https://docs.google.com/document/d/11hFXFPAz4yHtphYQArmhAqw5nD4KgMVmXRWIrE2D7Ko/edit?usp=sharing Looking forward to your feedback, thanks y'all! Regards, Julz Garden PM
More All Messages By This Member
Re: bosh cf-deploy on openstack Johannes Hiemer <jvhiemer@...> #7698 SSH into the virtual machine via bosh ssh -d cf api and do a sudo su, then monitor summary. If something there is failing, please provide the logs from /var/vcap/sys/log/ComponentThatIsFailingInMonitOverview toggle quoted messageShow quoted text On Tue, 30 Jan 2018 at 11:46 Russell Blue via Lists.Cloudfoundry.Org <bluerussell20=yahoo.com@...> wrote: Hi, I created cloud foundry with the following virtual machines. What is the problem with api the virtual machine? bosh -e bosh-1 vms Instance Process State AZ IPs VM CID VM Type adapter/018b9e7f-698f-4417-a33b-5f8351c61cda running api/b6ec5273-f586-4279-b2df-7f843efe4f92 stopped cc-worker/0111a82d-f7e4-4870-a90a-a6b399b150f7 running consul/691ee9ca-b869-44a1-b2cc-6a509ddcca63 running database/149b717d-a836-42e2-91ea-d35a7366bf08 running diego-api/1e494667-7946-446e-aeb3-cc5393ca8281 running diego-cell/a28fbba0-d469-46f1-b4f6-c43b0aee0ced running doppler/67ec24fe-7449-4881-bf5f-4a254f5385e5 running log-api/eaea64ed-b33a-4ceb-bcc7-d292bfe4a900 running nats/5a0e69f1-860f-42c8-9296-d3f143264b3b running router/d390d148-ce2b-42b5-b8ed-4b2c4f203d03 running scheduler/8befb5c8-38bb-4440-b469-5edd0b25b936 running singleton-blobstore/78e5fce4-1012-4f0a-ab6b-92a23036514b running tcp-router/15e444d3-73d8-43fb-a1ae-c30da4d5a2b9 running uaa/0cb6927f-42fd-4351-9f30-3a2f074abf52 running Best Regards
More All Messages By This Member
bosh cf-deploy on openstack Russell Blue #7697 Hi, I created cloud foundry with the following virtual machines. What is the problem with api the virtual machine? bosh -e bosh-1 vms Instance Process State AZ IPs VM CID VM Type adapter/018b9e7f-698f-4417-a33b-5f8351c61cda running api/b6ec5273-f586-4279-b2df-7f843efe4f92 stopped cc-worker/0111a82d-f7e4-4870-a90a-a6b399b150f7 running consul/691ee9ca-b869-44a1-b2cc-6a509ddcca63 running database/149b717d-a836-42e2-91ea-d35a7366bf08 running diego-api/1e494667-7946-446e-aeb3-cc5393ca8281 running diego-cell/a28fbba0-d469-46f1-b4f6-c43b0aee0ced running doppler/67ec24fe-7449-4881-bf5f-4a254f5385e5 running log-api/eaea64ed-b33a-4ceb-bcc7-d292bfe4a900 running nats/5a0e69f1-860f-42c8-9296-d3f143264b3b running router/d390d148-ce2b-42b5-b8ed-4b2c4f203d03 running scheduler/8befb5c8-38bb-4440-b469-5edd0b25b936 running singleton-blobstore/78e5fce4-1012-4f0a-ab6b-92a23036514b running tcp-router/15e444d3-73d8-43fb-a1ae-c30da4d5a2b9 running uaa/0cb6927f-42fd-4351-9f30-3a2f074abf52 running Best Regards
More All Messages By This Member
bosh cf login on openstack Russell Blue #7696 Hi, 1- Using the cf-deployment, the virtual machines of cloud foundry on openstack IaaS were created. 2- cf CLI also installed There is the following problem to log into the cloud foundry environment # cf login API endpoint> api.pcontroller FAILED Error performing request: Get https://api.pcontroller/v2/info: dial tcp: lookup api.pcontroller on 192.168.55.1:53: no such host TIP: If you are behind a firewall and require an HTTP proxy, verify the https_proxy environment variable is correctly set. Else, check your what is API endpoint? How to API endpoint set up? Best Regards
More All Messages By This Member
Re: bosh cf-deploy on openstack Russell Blue #7695 Error creating four virtual machines has been fixed. (router, tcp-router, scheduler and smoke-test) -------------------------------------------- toggle quoted messageShow quoted text On Mon, 1/29/18, <ahmad.abed@gmail.com> wrote: Subject: Re: [cf-dev] bosh cf-deploy on openstack To: cf-dev@lists.cloudfoundry.org Date: Monday, January 29, 2018, 4:38 PM Russell, can you provide cloud-config.yml after removing lbaas config parts ? Regards,
More All Messages By This Member
Re: bosh cf-deploy on openstack ahmad.abed@... #7694 Russell, can you provide cloud-config.yml after removing lbaas config parts ? Regards,
More All Messages By This Member

1681 - 1700 of 9388

Home Hashtags Subgroups Terms

CVE-2018-1192: UAA SessionID present in Audit Event Logs

Severity

Vendor

Affected Cloud Foundry Products and Versions

Description

Mitigation

Credit

References

History