Skip to content

Automated vulnerability scan looks really ugly #18

Description

@meltyness

After about a year, a litany of issues with:
OpenSSL, krb5, ldap, curl

Have appeared. They don't generally seem to effect the exposed interfaces though, cargo audit tells a more meaningful story there.

Krb5 and LDAP are unconfigured, unused. Possibly these can be blacklisted, or use an image that doesn't incorporate them.

Curl is only used internally on a trusted interface (though with SSL anyway)

OpenSSL is used to initialize the system, but otherwise not on any data path.

On a similar note, npm audit and cargo audit are distant and not well-reported on for the image build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions