pinot does not use spring right? asking because of...
# troubleshootingl
Luis Fernandez
03/31/2022, 2:48 PMpinot does not use spring right? asking because of this https://www.darkreading.com/application-security/zero-day-vulnerability-discovered-in-java-spring-framework
d
Daniel Lavoie
03/31/2022, 2:56 PMNope, the CVE is very specific to apps packaged as WAR and deployed in a standalone tomcat server.
Daniel Lavoie
03/31/2022, 2:57 PMFYI, regular spring boot application built and executed as JAR are not impacted: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Daniel Lavoie
03/31/2022, 2:57 PMIf the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit
l
Luis Fernandez
03/31/2022, 2:57 PMyepp only if itโs tomcat not embedded
Luis Fernandez
03/31/2022, 2:57 PMthank you for your answer ๐
d
Daniel Lavoie
03/31/2022, 2:59 PMbut regardless, Pinot has no Spring dependency
๐ 1