-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability with postgresql driver #174
Comments
Can you post the original text/document. Missing details and context. |
This is coming from the ERDDAP google chat. Here's the thread |
FIY this is also where all the historical discussions regarding ERDDAP lives. Some of it is now living within the ERDDAP GitHub Repository. |
Seems straightforward to manage our side by mounting the driver within the containers either via docker-compose for the present main/dev branch or Dockerfile for caprover-deploy This is only affecting the Hakai ERDDAP which pointing to the Hakai PostgreSQL database. |
This also does not link to or mention what the actual vulnerability is or a CVE? |
Basically only an issue if you expose the Postgresql connection string, which we do not. So can be fixed as part of a normal upgrade process, whatever we decide that is. @JessyBarrette Can you link to the commit to the Dockerfile that is being deployed here when you upgrade it please. |
We would need to fix this. Perhaps this will be fixed within the erddap-docker container prior to us
The text was updated successfully, but these errors were encountered: