-
As part of day-to-day operation of Data.gov, there are many [Operation and Maintenance (O&M) responsibilities](https://github.com/gsa/data.gov/wiki/Operation-and-Maintenance-Responsibilities). Instead…
-
---
authors: "jamestewartjr"
team_size: 2
goal_id: -
title: To Do List Security, Linting, and Deployment
created_at: -
labels: practice
published: false
level: '2'
redirect_from: "/goals/-"
…
-
## CVE-2022-20124 - High Severity Vulnerability
Vulnerable Library - baseandroid-10.0.0_r34
Android framework classes and services
Library home page: https://android.googlesource.com/platform/frame…
-
## CVE-2023-0286 - High Severity Vulnerability
Vulnerable Library - OpenSSLOpenSSL_1_1_1g
TLS/SSL and crypto library
Library home page: https://github.com/OpenSSL/OpenSSL.git
Found in HEAD commit: …
-
### Describe the Bug
New CVE affects PHP `iconv()` function in the GNU C Library versions 2.39 and older: https://nvd.nist.gov/vuln/detail/CVE-2024-2961
Not sure how applicable this is to Bookst…
-
## CVE-2022-31159 - High Severity Vulnerability
Vulnerable Library - aws-java-sdk-s3-1.11.641.jar
The AWS Java SDK for Amazon S3 module holds the client classes that are used for communicating with …
-
Vulnerable Library - tornado-6.2-cp37-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Tornado is a Python web framework and asynchronous networking library…
-
There are several levels of outages that are currently not being caught by monitoring systems.
1. Whole stack outage. Monitored by URL monitoring, @alanbchristie to confirm that there was a notific…
-
This issue tracks the addition of software inventory and certificate authority information on the _Hosts details_ page in the Fleet UI. Each of these items will be presented in the UI within the conte…
-
"Email Header Injection is a web security vulnerability exploited by spammers to send email anonymously. It occurs in web applications that do not properly sanitize user input when preparing and sendi…