This is an automated email from the ASF dual-hosted git repository.
lidongdai pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/seatunnel-website.git
The following commit(s) were added to refs/heads/main by this push:
new 208dd3d70bbc [Improve][Security] Update security with rce (#393)
208dd3d70bbc is described below
commit 208dd3d70bbc508dbe7503ead968c96af8b66061
Author: Jia Fan <[email protected]>
AuthorDate: Fri Aug 22 19:29:30 2025 +0800
[Improve][Security] Update security with rce (#393)
---
src/pages/security/index.js | 9 +++++++--
src/pages/security/languages.json | 6 +++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/pages/security/index.js b/src/pages/security/index.js
index b0bc8314dc54..b513f69ffd44 100644
--- a/src/pages/security/index.js
+++ b/src/pages/security/index.js
@@ -12,8 +12,8 @@ export default function () {
return (
<Layout>
<div className="block team_page">
- <h2 className="team_title">security issues</h2>
- <h3 className="team_title">Apache SeaTunnel Security</h3>
+ <h1 className="team_title">Security Issues</h1>
+ <h2 className="team_title">Apache SeaTunnel Security</h2>
<p className="team_desc">{dataSource.info.security_p_one}<a
href="http://www.apache.org/security/";>{dataSource.info.security_team}</a>{dataSource.info.security_p_two}<a
href="[email protected]">[email protected]</a>.
{dataSource.info.security_p_three}
@@ -23,6 +23,11 @@ export default function () {
<p
className="team_desc">{dataSource.info.security_p_seatunnel_web_notice}</p>
<p
className="team_desc">{dataSource.info.security_p_seatunnel_zeta_notice}</p>
<p className="team_desc">{dataSource.info.tip}</p>
+ <h2 className="team_title">Frequently Asked Questions</h2>
+ <h3 className="team_title">{dataSource.info.faq_p_one}</h3>
+ <p
className="team_desc">{dataSource.info.faq_p_one_answer_1}</p>
+ <p
className="team_desc">{dataSource.info.faq_p_one_answer_2}</p>
+ <p
className="team_desc">{dataSource.info.faq_p_one_answer_3}</p>
</div>
</Layout>
);
diff --git a/src/pages/security/languages.json
b/src/pages/security/languages.json
index 29ad78dac51e..b90dc5122cd2 100644
--- a/src/pages/security/languages.json
+++ b/src/pages/security/languages.json
@@ -9,7 +9,11 @@
"security_p_notice": "Before using SeaTunnel, please review the usage
documentation to ensure you understand the purpose and impact of each
operation.",
"security_p_seatunnel_web_notice": "In seatunnel-web, it's up to the
system administrator to handle user authentication. Once a user is logged in,
they get full access to the system. seatunnel-web won’t perform any extra
security checks when calling third-party SDKs.",
"security_p_seatunnel_zeta_notice": "The same goes for seatunnel-zeta:
any client that has been authenticated will have full access. System don’t do
additional security checks when those client connections interact with
third-party SDKs.",
- "tip": "PLEASE PAY ATTENTION to report the security issue on the
security email before disclosing it on public domain."
+ "tip": "PLEASE PAY ATTENTION to report the security issue on the
security email before disclosing it on public domain.",
+ "faq_p_one": "During a security analysis of SeaTunnel, I noticed that
SeaTunnel allows for remote code execution, is this an issue?",
+ "faq_p_one_answer_1": "Apache SeaTunnel is a framework for executing
user-supplied code and config in clusters. Users can submit code to SeaTunnel
processes, which will be executed unconditionally, without any attempts to
limit what code can run. Starting other processes, establishing network
connections or accessing and modifying local files is possible.",
+ "faq_p_one_answer_2": "Historically, we’ve received numerous remote code
execution vulnerability reports, which we had to reject, as this is by design.",
+ "faq_p_one_answer_3": "We strongly discourage users to expose SeaTunnel
processes to the public internet. Within company networks or “cloud” accounts,
we recommend restricting access to a SeaTunnel cluster via appropriate means."
}
}
}
