This is an automated email from the ASF dual-hosted git repository. benjobs pushed a commit to branch security in repository https://gitbox.apache.org/repos/asf/incubator-streampark-website.git
commit 90d8083da7a23791f7f384692de00558a9eeb9e4 Author: benjobs <[email protected]> AuthorDate: Fri Nov 29 16:34:45 2024 +0800 [Improve] update community/security.md --- community/security.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/community/security.md b/community/security.md index 599d305..4d1affd 100644 --- a/community/security.md +++ b/community/security.md @@ -4,6 +4,19 @@ title: 'Security' sidebar_position: 4 --- +# Frequently Asked Questions + +## During a security analysis of StreamPark, I noticed that StreamPark allows for remote code execution, is this an issue? + +Apache StreamPark is a stream processing development management framework that allows users to submit Flink/Spark jobs to remote clusters. which will be executed unconditionally, without any attempts to limit what code can run. + +Historically, we have received many reports of remote code execution vulnerabilities that we have had to reject because this is by design. + +We strongly discourage users from exposing Flink/Spark processes to the public Internet. In corporate networks or "cloud" accounts, we recommend appropriately restricting access to Flink and Spark clusters + + +# I found a vulnerability in StreamPark, how do I report it? # + If you have any concerns regarding StreamPark's security, or you discover a vulnerability or potential threat, please do not hesitate to get in touch with the Apache Security Team by dropping an email at [email protected]. Please specify the project name as "StreamPark" in the email, and provide a description of the relevant problem or potential threat. You are also urged to recommend how to reproduce and replicate the issue.
