WAI
Status Update
No update yet.
Comments
ro...@google.com
It's not a .git directory but a .svn directory. :) That said, even though Subversion use by the llvm project has been long discontinued, it should still not be exposed, or even better, the directory should be cleaned up.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
as...@gmail.com
[Empty comment from Monorail migration]
[Deleted User] <[Deleted User]>
Yes along with .svn i was able to download .git folder too.
I have attached the zip file, you can find the git folder inside it.
I have attached the zip file, you can find the git folder inside it.
[Deleted User] <[Deleted User]>
Pulling in Tom Stellard and Tobias Hieta as the LLVM release managers on this issue reported to the LLVM security group.
While .svn or .git directories probably shouldn't be present athttps://releases.llvm.org , I wonder how this is a security issue.
Is some of the information in those directories perhaps not available publicly already?
While .svn or .git directories probably shouldn't be present at
Is some of the information in those directories perhaps not available publicly already?
as...@gmail.com
I don' think there is any problem to have the .git directory exposed. I'm not sure about .svn though. I'm fairly certain we can remove the .svn directory, but not sure about the .git directory. Anton is probably the best person to talk to about this.
[Deleted User] <[Deleted User]>
cc-ing in Anton.
ad...@google.com
FWIW https://bugs.chromium.org/p/llvm/issues/detail?id=36 reported a similar issue on https://llvm.org/.git the reporter mentioned that the source code of the website could be downloaded and searched for vulnerabilities. Not sure whether that will be the case with this one.
ya...@gmail.com
The source code for the website is hosted on github, so it's already possible to search for vulnerabilities.
er...@gmail.com
Thanks, this was some kind of oversight during Apache => NGINX migration. For the sake of sanity we're reporting 404 for all hidden files.
er...@gmail.com
(CND cache was purged as well)
zx...@gmail.com
Just to be 100% sure: Anton: you have removed the .svn/.git directories that were reported, so we can mark this ticket as fixed?
ha...@gmail.com
# wget https://releases.llvm.org/.svn
--2024-01-18 10:34:56--https://releases.llvm.org/.svn
Resolvingreleases.llvm.org (releases.llvm.org )... 151.101.214.49
Connecting toreleases.llvm.org (releases.llvm.org )|151.101.214.49|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
--2024-01-18 10:34:56--
Resolving
Connecting to
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
li...@gmail.com
[Empty comment from Monorail migration]
Description
We are relying on changing the locale programatically as following:
Locale locale = new Locale("ru");
Locale.setDefault(locale);
Configuration config = new Configuration();
config.locale = locale;
getBaseContext().getResources().updateConfiguration(config,
getBaseContext().getResources().getDisplayMetrics());
this way works fine on all Android versions except on Android 7.
the system changes app's locale to the default locale suddenly.
please have a look here :