Skip to content

Disallow GET requests to /management/commands endpoint #7910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JinwooHwang merged 4 commits into from
Aug 28, 2025
Merged

Disallow GET requests to /management/commands endpoint #7910

JinwooHwang merged 4 commits into from
Aug 28, 2025

Conversation

@wmh1108-sas
Copy link
Contributor

@wmh1108-sas wmh1108-sas commented Aug 14, 2025

For all changes:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?

  • Has your PR been rebased against the latest commit within the target branch (typically develop)?

  • Is your initial contribution a single, squashed commit?

  • Does gradlew build run cleanly?

  • Have you written or updated unit tests to verify your changes?

  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

@wmh1108-sas
Copy link
Contributor Author

wmh1108-sas commented Aug 20, 2025

Can we get this build kicked off? I merged in marinov-code's fix to the failing unit tests.

@JinwooHwang
Copy link
Contributor

JinwooHwang commented Aug 20, 2025

Approved the build request.

@JinwooHwang
Copy link
Contributor

JinwooHwang commented Aug 21, 2025

@wmh1108-sas , Could you please take a look at the failed tests? Thanks in advance.

@wmh1108-sas
Copy link
Contributor Author

wmh1108-sas commented Aug 27, 2025

Can we try this once more since the integration and acceptance tests are now passing in develop?

@JinwooHwang JinwooHwang self-requested a review August 27, 2025 22:50
JinwooHwang
JinwooHwang reviewed Aug 27, 2025
View reviewed changes
Copy link
Contributor

@JinwooHwang JinwooHwang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a positive change that aligns with HTTP and REST best practices, improves security, and avoids unintended command execution via GET requests. Please ensure that documentation, tests, and client communication are updated accordingly.

@JinwooHwang JinwooHwang merged commit c8f9fd6 into apache:develop Aug 28, 2025
17 checks passed
JinwooHwang pushed a commit that referenced this pull request Sep 3, 2025
@wmh1108-sas @JinwooHwang
Disallow GET requests to /management/commands endpoint (#7910)
5709909 
* Disallow GET requests to /management/commands endpoint

(cherry picked from commit c8f9fd6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JinwooHwang JinwooHwang JinwooHwang left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wmh1108-sas @JinwooHwang