Fixed
Status Update
No update yet.
Comments
da...@gmail.com
It's not a .git directory but a .svn directory. :) That said, even though Subversion use by the llvm project has been long discontinued, it should still not be exposed, or even better, the directory should be cleaned up.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
ed...@gmail.com
[Empty comment from Monorail migration]
ul...@google.com
Yes along with .svn i was able to download .git folder too.
I have attached the zip file, you can find the git folder inside it.
I have attached the zip file, you can find the git folder inside it.
da...@gmail.com
Pulling in Tom Stellard and Tobias Hieta as the LLVM release managers on this issue reported to the LLVM security group.
While .svn or .git directories probably shouldn't be present athttps://releases.llvm.org , I wonder how this is a security issue.
Is some of the information in those directories perhaps not available publicly already?
While .svn or .git directories probably shouldn't be present at
Is some of the information in those directories perhaps not available publicly already?
[Deleted User] <[Deleted User]>
I don' think there is any problem to have the .git directory exposed. I'm not sure about .svn though. I'm fairly certain we can remove the .svn directory, but not sure about the .git directory. Anton is probably the best person to talk to about this.
ed...@gmail.com
cc-ing in Anton.
no...@gmail.com
FWIW https://bugs.chromium.org/p/llvm/issues/detail?id=36 reported a similar issue on https://llvm.org/.git the reporter mentioned that the source code of the website could be downloaded and searched for vulnerabilities. Not sure whether that will be the case with this one.
ul...@google.com
The source code for the website is hosted on github, so it's already possible to search for vulnerabilities.
ul...@google.com
[Deleted User] <[Deleted User]>
Thanks, this was some kind of oversight during Apache => NGINX migration. For the sake of sanity we're reporting 404 for all hidden files.
[Deleted User] <[Deleted User]>
(CND cache was purged as well)
[Deleted User] <[Deleted User]>
Just to be 100% sure: Anton: you have removed the .svn/.git directories that were reported, so we can mark this ticket as fixed?
sk...@gmail.com
# wget https://releases.llvm.org/.svn
--2024-01-18 10:34:56--https://releases.llvm.org/.svn
Resolvingreleases.llvm.org (releases.llvm.org )... 151.101.214.49
Connecting toreleases.llvm.org (releases.llvm.org )|151.101.214.49|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
--2024-01-18 10:34:56--
Resolving
Connecting to
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
[Deleted User] <[Deleted User]>
[Empty comment from Monorail migration]
[Deleted User] <[Deleted User]>
mr...@gmail.com
This issue still exists in 1.2.2.
et...@gmail.com
This issue still exists in 1.2.2.
ra...@gmail.com
yes ,this issue exists in 1.2.2
is...@gmail.com
any update on this issue ? please..
Description
Android YouTube API
Issue summary:
The YoutubePlayerSupportFragment is keeping a reference to the activity after rotating the display - rotating the display 10 times will result in 10 activities that can't be garbage collected. This is a huge memory leak which I have verified with Eclipse MAT.
Steps to reproduce issue:
1. Create a simple activity that extends FragmentActivity. I used the latest 20.0.0 support library
2. Here is the code - this is a very simple example that just creates the youtube fragment. StrictMode is enabled so that you get warnings about too many activity instances.
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
StrictMode.setThreadPolicy(new StrictMode.ThreadPolicy.Builder().detectAll().penaltyLog().build());
StrictMode.setVmPolicy(new StrictMode.VmPolicy.Builder().detectAll().penaltyLog().build());
YouTubePlayerSupportFragment youTubePlayerSupportFragment = (YouTubePlayerSupportFragment) getSupportFragmentManager().findFragmentById(R.id.viewpager);
if (youTubePlayerSupportFragment == null) {
youTubePlayerSupportFragment = YouTubePlayerSupportFragment.newInstance();
getSupportFragmentManager().beginTransaction().replace(R.id.viewpager, youTubePlayerSupportFragment).commit();
}
youTubePlayerSupportFragment.initialize(YOUR_GOOGLE_API_KEY, new YouTubePlayer.OnInitializedListener() {
@Override
public void onInitializationSuccess(YouTubePlayer.Provider provider, YouTubePlayer youTubePlayer, boolean isRecovered) {
if (!isRecovered) {
youTubePlayer.cueVideo("dSajQAGo6x8");
}
}
@Override
public void onInitializationFailure(YouTubePlayer.Provider provider, YouTubeInitializationResult youTubeInitializationResult) {
}
});
}
4. You have to supply your own Google API key.
5. Rotate the display several times (to recreate the activity).
Expected output:
No memory leaks.
Actual results:
Reference to the old activities is kept and the memory leak is growing on every rotation.
E/StrictMode﹕ class youtubeleak.inloop.eu.youtubeleaksample.MainActivity; instances=6; limit=1
android.os.StrictMode$InstanceCountViolation: class youtubeleak.inloop.eu.youtubeleaksample.MainActivity; instances=12; limit=1
at android.os.StrictMode.setClassInstanceLimit(StrictMode.java:1)
Notes:
Here is the sample code on GitHub.