drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Rudis <...@rud.is>
Subject Re: Does Drill Use Apache Struts
Date Fri, 08 Sep 2017 14:15:38 GMT
Equifax was likely unrelated SQL injection. Don't spread rumors.

Struts had yet-another-remote exploit (three of 'em, actually).

I do this for a living (cybersecurity research).

Drill is not impacted which can be verified by looking at dependencies
in https://github.com/apache/drill/blob/master/pom.xml

On Fri, Sep 8, 2017 at 10:12 AM, John Omernik <john@omernik.com> wrote:
> Rumors are pointing to it being related to the Equifax breech (no
> confirmation from me on that, just seeing it referenced as a possibility)
>
> http://thehackernews.com/2017/09/apache-struts-vulnerability.html
>
>
>
>
> On Fri, Sep 8, 2017 at 9:07 AM, Ted Dunning <ted.dunning@gmail.com> wrote:
>
>> Almost certainly not.
>>
>> What issues are you referring to? I don't follow struts.
>>
>>
>> On Sep 8, 2017 16:00, "John Omernik" <john@omernik.com> wrote:
>>
>> Hey all, given the recent issues related to Struts, can we confirm that
>> Drill doesn't use this Apache component for anything? I am not good enough
>> at code reviews to see what may be used.
>>
>> John
>>

Mime
View raw message