You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
This issue is a portion of the effort to reduce the potential security risks of running the JMX Metrics Gatherer as a separate executable.
Describe the solution you'd like
Hash the known & supported versions of the JMX Metrics Gatherer, then at runtime compare the hash of the found Jar from user input to that list of known hashes.
Also apply this to the "Additional Jars" parameter, which is currently only intended & required for Wildfly support. There are only 3 released versions of the relevant Jar so this should be straightforward.
The text was updated successfully, but these errors were encountered:
dehaansa
changed the title
[receiver/jmxreceiver] Only accept versions of the JMX Metrics Gatherer with known hashes
[receiver/jmxreceiver] Only accept versions of the JMX Metrics Gatherer jar or additional dependencies with known hashes
May 2, 2022
Is your feature request related to a problem? Please describe.
This issue is a portion of the effort to reduce the potential security risks of running the JMX Metrics Gatherer as a separate executable.
Describe the solution you'd like
Hash the known & supported versions of the JMX Metrics Gatherer, then at runtime compare the hash of the found Jar from user input to that list of known hashes.
Also apply this to the "Additional Jars" parameter, which is currently only intended & required for Wildfly support. There are only 3 released versions of the relevant Jar so this should be straightforward.
Additional context
#6750
The text was updated successfully, but these errors were encountered: