Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7270

Fix non-https dependency urls and add checksum checks

    Details

    • Type: Task
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.16.0
    • Fix Version/s: 1.17.0
    • Component/s: Security
    • Labels:
      None

      Description

      Review any build scripts and configurations for insecure urls and make appropriate fixes to use secure urls.

      Projects like Lucene do checksum whitelists of all their build dependencies, and you may wish to consider that as a
      protection against threats beyond just MITM.

        Attachments

          Activity

            People

            • Assignee:
              dgrinchenko Dmytriy Grinchenko
              Reporter:
              arina Arina Ielchiieva
              Reviewer:
              Volodymyr Vysotskyi
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: