[jira] [Updated] (GOBBLIN-2008) use https when loading plugins and jars

PJ Fanning (Jira) Wed, 28 Feb 2024 13:03:10 -0800


     [ 
https://issues.apache.org/jira/browse/GOBBLIN-2008?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


PJ Fanning updated GOBBLIN-2008:
--------------------------------
    Description: 
dependency injection attacks are a real issue - ideally, we should not use http 
to access external build artifacts and use https instead

see https://github.com/apache/gobblin/pull/3884

  was:dependency injection attacks are a real issue - ideally, we should not 
use http to access external build artifacts and use https instead


> use https when loading plugins and jars
> ---------------------------------------
>
>                 Key: GOBBLIN-2008
>                 URL: https://issues.apache.org/jira/browse/GOBBLIN-2008
>             Project: Apache Gobblin
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> dependency injection attacks are a real issue - ideally, we should not use 
> http to access external build artifacts and use https instead
> see https://github.com/apache/gobblin/pull/3884



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (GOBBLIN-2008) use https when loading plugins and jars

Reply via email to