couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Wenk <andyw...@apache.org>
Subject Re: do we need a 1.6.1 ?
Date Wed, 06 Aug 2014 08:10:10 GMT
as this is a bit of a security bug I would vote +1

Cheers

Andy


On 6 August 2014 08:52, Dave Cottlehuber <dch@jsonified.com> wrote:

> > That was accidental bug which was fixed after release:
> >
> https://github.com/apache/couchdb/commit/d43f69d90740d5a230b0054fa32b6843b33691bc
> > TL;DR remove all the clear text passwords from ini file and set admins
> > via HTTP API to workaround the issue. This should help.
> > --
> > ,,,^..^,,,
> >
>
> This is the `hash admin passwords on startup when list` fix again, which
> will
> catch more & more people as time goes on. I’m wondering if we should do a
> 1.6.1
> specifically due to this?
>
> A+
> Dave
>
>
>


-- 
Andy Wenk
Hamburg - Germany
RockIt!

GPG fingerprint: C044 8322 9E12 1483 4FEC 9452 B65D 6BE3 9ED3 9588

 https://people.apache.org/keys/committer/andywenk.asc

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message