Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable8.2] Add support for Redis password auth #20690

Merged
merged 1 commit into from
Nov 23, 2015
Merged

[stable8.2] Add support for Redis password auth #20690

merged 1 commit into from
Nov 23, 2015

Conversation

PVince81
Copy link
Contributor

Backport of #20193 to stable8.2

Please review and test @LukasReschke @MorrisJobke @icewind1991 @Xenopathic @DeepDiver1975

@LukasReschke
Add support for Redis password auth
a57f153 
For enhanced security it is recommended to configure Redis to only accept connections with a password. (http://redis.io/topics/security)

This is especially critical since Redis supports the LUA scripting language and thus a simple SSRF vulnerability (as proven in http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ for example) may lead to a remote code execution.
@PVince81 PVince81 added this to the 8.2.2-current-maintenance milestone Nov 23, 2015
This was referenced Nov 23, 2015
Merged
Closed
@icewind1991
Copy link
Contributor

👍 looks good

@karlitschek
Copy link
Contributor

👍

@PVince81
Copy link
Contributor Author

Confirmed working by @beingalink #20652 (comment)

ghost referenced this pull request in owncloud-archive/documentation Nov 23, 2015
update transactional file locking for 8.2+
811f6c3 
Conflicts:
	admin_manual/configuration_files/files_locking_transactional.rst
@frankhoefling frankhoefling mentioned this pull request Nov 23, 2015
Closed
MorrisJobke added a commit that referenced this pull request Nov 23, 2015
@MorrisJobke
Merge pull request #20690 from owncloud/stable8.2-redis-password
76dde0f 
[stable8.2] Add support for Redis password auth
@MorrisJobke MorrisJobke merged commit 76dde0f into stable8.2 Nov 23, 2015
@MorrisJobke MorrisJobke deleted the stable8.2-redis-password branch November 23, 2015 23:03
@ghost ghost mentioned this pull request Dec 4, 2015
Closed
@lock lock bot locked as resolved and limited conversation to collaborators Aug 9, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
4 - To release feature:locking
Projects
None yet
Milestone
8.2.2
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@PVince81 @icewind1991 @karlitschek @MorrisJobke @DeepDiver1975 @LukasReschke