Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ISSUE #4701] Fix bypass authentication(identity) problem. #4703

Merged
merged 1 commit into from
Jan 14, 2021

Conversation

KomachiSion
Copy link
Collaborator

@KomachiSion KomachiSion commented Jan 14, 2021

Please do not create a Pull Request without creating an issue first.

What is the purpose of the change

Fix #4701

  • Add support for uri end with '/'
  • Directly reject if can't find api path in nacos implementations.

Brief changelog

XX

Verifying this change

XXXX

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Make sure there is a Github issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
  • Format the pull request title like [ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in test module.
  • Run mvn -B clean package apache-rat:check findbugs:findbugs -Dmaven.test.skip=true to make sure basic checks pass. Run mvn clean install -DskipITs to make sure unit-test pass. Run mvn clean test-compile failsafe:integration-test to make sure integration-test pass.

@KomachiSion KomachiSion added this to the 1.4.1 milestone Jan 14, 2021
@KomachiSion KomachiSion added the kind/bug Category issues or prs related to bug. label Jan 14, 2021
Copy link
Collaborator

@yanlinly yanlinly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@yanlinly yanlinly merged commit 2cc0be6 into alibaba:develop Jan 14, 2021
KomachiSion added a commit that referenced this pull request Jan 14, 2021
KomachiSion added a commit that referenced this pull request Jan 14, 2021
(cherry picked from commit 2cc0be6)
@KomachiSion KomachiSion deleted the develop-issue#4701 branch January 15, 2021 01:44
wjm0729 added a commit to wjm0729/nacos that referenced this pull request Jan 21, 2021
* 'develop' of https://github.com/alibaba/nacos:
  Use SafeConstructor to parse yaml configuration for AbstractConfigChangeListener (alibaba#4753)
  [ISSUE alibaba#3922] method createServiceIfAbsent in ServiceManager require sync (alibaba#4713)
  fix cloning configuration last desc (alibaba#4697)
  [ISSUE alibaba#4661]configServletInner#doGetConfig code optimization (alibaba#4666)
  Use revision to set version and upgrade to 1.4.2-SNAPSHOT (alibaba#4711)
  Revert interceptor all ui problem
  Fix alibaba#4701 (alibaba#4703)
  delete comment.
  fix metadata batch operation may delete instance problem.
  Upgrade to 1.4.1 (alibaba#4695)
  fix alibaba#4686 (alibaba#4692)
  Build nacos console front for 1.4.1 (alibaba#4690)
wjm0729 added a commit to wjm0729/nacos that referenced this pull request Jan 21, 2021
…op-import-v1

* 'develop' of https://github.com/alibaba/nacos:
  Use SafeConstructor to parse yaml configuration for AbstractConfigChangeListener (alibaba#4753)
  [ISSUE alibaba#3922] method createServiceIfAbsent in ServiceManager require sync (alibaba#4713)
  fix cloning configuration last desc (alibaba#4697)
  [ISSUE alibaba#4661]configServletInner#doGetConfig code optimization (alibaba#4666)
  Use revision to set version and upgrade to 1.4.2-SNAPSHOT (alibaba#4711)
  Revert interceptor all ui problem
  Fix alibaba#4701 (alibaba#4703)
  delete comment.
  fix metadata batch operation may delete instance problem.
  Upgrade to 1.4.1 (alibaba#4695)
  fix alibaba#4686 (alibaba#4692)
  Build nacos console front for 1.4.1 (alibaba#4690)
  For checkstyle
  fix: fix Jraft WriteRequest type problem.
  Add server identity to replace user-agent white list. (alibaba#4683)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Category issues or prs related to bug.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Report a security vulnerability in nacos to bypass authentication(identity) again
2 participants