THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Note |
|---|
Before reporting any security related JIRAs, please go through Apache's guidance for VULNERABILITY HANDLING Please see best practices below. |
Fixed in Ranger 0.7.1
...
CVE-2017-7676: Apache Ranger policy evaluation ignores characters after ‘*’ wildcard character
...
Best Practices for Securing Ranger
| Anchor | ||||
|---|---|---|---|---|
|
- After installation, update passwords for admin accounts. Below admin accounts are created by default.
- admin - change password in Ranger UI
- keyadmin - change password in Ranger UI
- rangerusersync - Use the steps listed in the article Updating rangerusersync password
- rangertagsync - Use the steps listed in the article Tag Sync installation and configuration
- Enable SSL
...