|Number of watchers on Github||493|
|Number of open issues||83|
|Average time to close an issue||6 days|
|Average time to merge a PR||6 days|
|Open pull requests||34+|
|Closed pull requests||10+|
|Last commit||over 2 years ago|
|Repo Created||about 8 years ago|
|Repo Last Updated||over 2 years ago|
|Organization / Author||tumblr|
|Do you use collins? Leave a review!|
|View open issues (83)|
|View collins activity|
|View on github|
|Book a Mock Interview With Me (Silicon Valley Engineering Leader, 100s of interviews conducted)|
Software engineers: It's time to get promoted. Starting NOW! Subscribe to my mailing list and I will equip you with tools, tips and actionable advice to grow in your career.
For documentation on developing, building, general architecture and unreleased changes please use the wiki. This documentation is in flux, currently lacking and constantly being worked on.
All documentation links point to the most recent release.
Details about the docker container and building your own container are available in the documentation
docker run -p 9000:9000 tumblr/collins
Copyright 2016 Tumblr, Inc.
Licensed under the Apache License, Version 2.0 (the
you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an
AS IS BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Email email@example.com or see the mailing list archive at https://groups.google.com/forum/#!forum/collins-sm
To create a production zip and deploy to production:
./scripts/package.shwhich will produce
cap publish:collinswhich will upload and link to release to
cap ewr01 deployto deploy to ewr01 and
cap d2 deployto deploy to d2
This version of Collins includes an important security patch, as well as several new features and bug fixes.
The security patch is adding CSRF protection to the various forms of the Collins web UI. Currently, if an attacker can guess (or bruteforce) the asset tags of nodes he or she would be able to create assets, decommission assets, put assets in maintenance, etc. by getting a logged in user to visit a webpage. More information can be found in the pull request (#560).
Here is the full list of merged pull request since the last release. Many thanks to everyone who contributed!
respond_to? is old fashionwarning #501 @william-richard
Collins 2.1.0 has a very important security patch.
Collins has a feature that allows you to encrypt certain attributes on every asset. It also had a permission that restricted which users could read those encrypted tags. It did NOT have a permission that restricted which users could modify encrypted tags.
It is strongly recommended that you upgrade to collins 2.1.0 if you are using the encrypted tags feature, as well as rotate any values stored in encrypted tags.
The severity of this vulnerability depends heavily upon how you use collins in your infrastructure. If you do not use the encrypted tags feature, you are not vulnerable to this problem. If you do use the encrypted tags feature, you will need to explore your automation and consider how vulnerable you are.
If, for example, your infrastructure has automation that regularly sets the root password on servers to match a value that is in collins, an attacker without the ability to read the current password could set it to a value that they know, wait for the automation to change the password, and then gain root on a server.
This change is backwards compatible with collins v2.0.0, though once you upgrade it will stop any writes to encrypted tags by users that have not been granted
feature.canWriteEncryptedTags permission. We have also renamed
feature.canSeeEncryptedTags, but collins will continue to respect the value of
feature.canSeeEncryptedTags is not set. Once
feature.canSeeEncryptedTags is set, collins will ignore the value of
Collins 2.0.0 is finally released! As of this release, we will start following semantic versioning (http://semver.org/). There have been some non-backwards compatible changes to collins' functionality and configuration settings, but nothing that will be too difficult to upgrade.
Here are some highlights of what has changed since the last release:
Dropping support for java 1.6 Event firehose Refactor of collins' caching logic, to safely support HA Improved LDAP authentication configuration Python collins client Consolr gem, for executing IPMI commands on collins assets Upgraded to play 2.3.9
Thanks to @MaximeDevalland, @Primer42, @andrewjkerr, @baloo, @byxorna, @davidblum, @defect, @funzoneq, @gtorre, @maddalab, @schallert, @sushruta and @unclejack for their contributions!
And here are all the pull requests included in this release, in no particular order
Include solr query string in cache key#400 @defect