https://pinot.apache.org/ logo
Join Slack
Powered by
Hellos, is there a feature/issue which is being wo...
# general
a
Hellos, is there a feature/issue which is being worked on which handles SQL injection vulnerability in Pinot as mentioned here https://blog.doyensec.com/2022/06/09/apache-pinot-sqli-rce.html#pinot-sql-syntax--injection-basics
m
I believe these were resolved, cc: @Rong R
r
yes the majority of the issues should've been resolved in latest master. any specific items you are concerned about? I can double check
🙏 1
a
Since we are using helm installation based approach. Whats the best way to pull these changes
r
should be able to pull with pinot:latest in dockerhub
unless there's a version upgrade which you might wanna do a rolling upgrade/restart of your pods
e.g. 0.9 --> latest
a
So as long as our tag is pointing to latest as here : https://github.com/apache/pinot/blob/master/kubernetes/helm/pinot/values.yaml#L24 we are good ?
r
Yup. But remember to set your image pull policy.
👍 1
a
Thanks @Rong R. @Priyank Bagrecha: Do you have any further questions on this ?
p
Does that mean these were already resolved in 0.10.0?
a
Yes, since they are in 
master
Oh i see your question @Priyank Bagrecha. @Rong R can you confirm if the fix is in 
0.10.0
r
Need to double check but not all are fixed on 0.10.0
🙏 1
a
Thanks @Rong R: Do let us know
r
fixes are not included in 0.10.0. please use latest docker tag
p
Will 0.11.0 will have all the fixes? If yes, do we know when that will be released? Thank you!
r
Yes it will. We have cut the release branch for 0.11 so it will be released soon cc @Atri Sharma
🙏 2
Open in Slack
PreviousNext
Powered by