Fixed
Status Update
No update yet.
Comments
uc...@google.com
ga...@google.com
It's not a .git directory but a .svn directory. :) That said, even though Subversion use by the llvm project has been long discontinued, it should still not be exposed, or even better, the directory should be cleaned up.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
mn...@gmail.com
[Empty comment from Monorail migration]
ga...@google.com
Yes along with .svn i was able to download .git folder too.
I have attached the zip file, you can find the git folder inside it.
I have attached the zip file, you can find the git folder inside it.
cn...@google.com
Pulling in Tom Stellard and Tobias Hieta as the LLVM release managers on this issue reported to the LLVM security group.
While .svn or .git directories probably shouldn't be present athttps://releases.llvm.org , I wonder how this is a security issue.
Is some of the information in those directories perhaps not available publicly already?
While .svn or .git directories probably shouldn't be present at
Is some of the information in those directories perhaps not available publicly already?
ga...@google.com
I don' think there is any problem to have the .git directory exposed. I'm not sure about .svn though. I'm fairly certain we can remove the .svn directory, but not sure about the .git directory. Anton is probably the best person to talk to about this.
km...@google.com
cc-ing in Anton.
ga...@google.com
FWIW https://bugs.chromium.org/p/llvm/issues/detail?id=36 reported a similar issue on https://llvm.org/.git the reporter mentioned that the source code of the website could be downloaded and searched for vulnerabilities. Not sure whether that will be the case with this one.
cn...@google.com
The source code for the website is hosted on github, so it's already possible to search for vulnerabilities.
ga...@google.com
Thanks, this was some kind of oversight during Apache => NGINX migration. For the sake of sanity we're reporting 404 for all hidden files.
cn...@google.com
(CND cache was purged as well)
ga...@google.com
Just to be 100% sure: Anton: you have removed the .svn/.git directories that were reported, so we can mark this ticket as fixed?
mn...@gmail.com
# wget https://releases.llvm.org/.svn
--2024-01-18 10:34:56--https://releases.llvm.org/.svn
Resolvingreleases.llvm.org (releases.llvm.org )... 151.101.214.49
Connecting toreleases.llvm.org (releases.llvm.org )|151.101.214.49|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
--2024-01-18 10:34:56--
Resolving
Connecting to
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
7m...@gmail.com
[Empty comment from Monorail migration]
ga...@google.com
ga...@google.com
Fix has (most likely) missed 3.0.0-alpha9, and will land in 3.0.0-alpha10.
ag/Iada6463a0cbe7bf1531297c771384f437840deb4
ag/Iada6463a0cbe7bf1531297c771384f437840deb4
mn...@gmail.com
Is fix still on target for alpha 10? We have some sad library users ☺️
ga...@google.com
It should be out pretty soon, sorry about the delay. Next version of the plugin will contain the fix.
mn...@gmail.com
beta1 was just released, wanted to confirm that the fix made it in
ja...@google.com
Yes, this is fixed in Beta 1.
mn...@gmail.com
I can confirm that the fix worked! thank you for update
Description
```
if I navigate to the class it shows the method a little different than what it is looking for ``` private Observable<Parsed> lazyCache(@Nonnull Key key) {
return Observable.defer(RealInternalStore$$Lambda$1.lambdaFactory$(this, key)).onErrorResumeNext(new OnErrorResumeWithEmpty());
}```
I'll try to make a sample in am. The library in question is