Advisories for Maven/Org.apache.gobblin/Gobblin-Core package

2022

Exposure of Sensitive Information to an Unauthorized Actor

In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects Users should update to which addresses this issue.

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects Users should update to which addresses this issue.