Write a security policy / nominate security contacts #641
Comments
|
@miceg There seems to be a couple of these security issues as indicated here https://github.com/kartoza/docker-geoserver/security/code-scanning, If it's something we can fix please send us a direct email as well. Most of these seem to come from jars |
|
I don't have access to that page – but I am pretty confident it's not something a security scanner will find 😄 I'll ask to have you looped in the discussion, thanks 😄 |
|
@miceg ping me @[email protected] and I can share the logs |
|
@Admire Nyakudya if you or another Kartoza employee is interested in volunteering on geoserver-security we would appreciate the assistance. The value proposition is:
Thanks |
|
Thanks @jodygarnett I can participate |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature description
This repository doesn't list any security policy or security contacts.
GeoServer has some: https://github.com/geoserver/geoserver/blob/main/SECURITY.md
Additional context
I have discovered a low-severity security issue affecting Kartoza's GeoServer Docker image, which is triggered by something in this repository.
I'm in contact with GeoServer folks about the issue, and they've asked me to not share details publicly.
I think Kartoza should be brought into the loop.
The text was updated successfully, but these errors were encountered: