Equifax was likely unrelated SQL injection. Don't spread rumors.
Struts had yet-another-remote exploit (three of 'em, actually).
I do this for a living (cybersecurity research).
Drill is not impacted which can be verified by looking at dependencies
in https://github.com/apache/drill/blob/master/pom.xml
On Fri, Sep 8, 2017 at 10:12 AM, John Omernik <john@omernik.com> wrote:
> Rumors are pointing to it being related to the Equifax breech (no
> confirmation from me on that, just seeing it referenced as a possibility)
>
> http://thehackernews.com/2017/09/apache-struts-vulnerability.html
>
>
>
>
> On Fri, Sep 8, 2017 at 9:07 AM, Ted Dunning <ted.dunning@gmail.com> wrote:
>
>> Almost certainly not.
>>
>> What issues are you referring to? I don't follow struts.
>>
>>
>> On Sep 8, 2017 16:00, "John Omernik" <john@omernik.com> wrote:
>>
>> Hey all, given the recent issues related to Struts, can we confirm that
>> Drill doesn't use this Apache component for anything? I am not good enough
>> at code reviews to see what may be used.
>>
>> John
>>
|