You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Abhishek Girish (Jira)" <ji...@apache.org> on 2020/09/06 16:27:01 UTC
[jira] [Updated] (DRILL-7270) Fix non-https dependency urls and add
checksum checks
[ https://issues.apache.org/jira/browse/DRILL-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhishek Girish updated DRILL-7270:
-----------------------------------
Target Version/s: 1.19.0
> Fix non-https dependency urls and add checksum checks
> -----------------------------------------------------
>
> Key: DRILL-7270
> URL: https://issues.apache.org/jira/browse/DRILL-7270
> Project: Apache Drill
> Issue Type: Task
> Components: Security
> Affects Versions: 1.16.0
> Reporter: Arina Ielchiieva
> Assignee: Bohdan Kazydub
> Priority: Major
> Fix For: 1.18.0
>
>
> Review any build scripts and configurations for insecure urls and make appropriate fixes to use secure urls.
> Projects like Lucene do checksum whitelists of all their build dependencies, and you may wish to consider that as a
> protection against threats beyond just MITM.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)