[jira] [Created] (IGNITE-5413) Ignite shouldn't expose nor send (clear-text) env variables to a 3rd endpoint

Konstantin Boudnik created IGNITE-5413:
------------------------------------------

             Summary: Ignite shouldn't expose nor send (clear-text) env variables to a 3rd endpoint
                 Key: IGNITE-5413
                 URL: https://issues.apache.org/jira/browse/IGNITE-5413
             Project: Ignite
          Issue Type: Bug
          Components: general
    Affects Versions: 1.1.4
            Reporter: Konstantin Boudnik
            Priority: Blocker
             Fix For: 2.1


Apache Ignite is periodically accessing to https://ignite.run/update_status_ignite-plain-text.php

It is enabled by default at least in org.apache.ignite:ignite-core:1.9.0, but of course it has been happening for a long time.

Corresponding code is https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/ClusterProcessor.java#L81-L82

Posting JVM env variable (or any other user's specific information) without an explicit user's consent is a bad idea and should be disabled by default.
See  https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java#L313
for more details.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)