You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Charles Givre (Jira)" <ji...@apache.org> on 2021/04/11 12:44:00 UTC

[jira] [Resolved] (DRILL-7270) Fix non-https dependency urls and add checksum checks

     [ https://issues.apache.org/jira/browse/DRILL-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Charles Givre resolved DRILL-7270.
----------------------------------
    Resolution: Fixed

> Fix non-https dependency urls and add checksum checks
> -----------------------------------------------------
>
>                 Key: DRILL-7270
>                 URL: https://issues.apache.org/jira/browse/DRILL-7270
>             Project: Apache Drill
>          Issue Type: Task
>          Components: Security
>    Affects Versions: 1.16.0
>            Reporter: Arina Ielchiieva
>            Assignee: Bohdan Kazydub
>            Priority: Major
>             Fix For: 1.19.0
>
>
> Review any build scripts and configurations for insecure urls and make appropriate fixes to use secure urls.
> Projects like Lucene do checksum whitelists of all their build dependencies, and you may wish to consider that as a
> protection against threats beyond just MITM.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)