Please archive / freeze this project

[mrgohin]

Hello,

I tried to use your software today. Unfortunately this is impossible without massive security concerns.

After npm install I had already seen everything: 34 vulnerabilities (7 low, 9 moderate, 12 high, 6 critical)

I'm totally fine with this (expected) result since the project didn't received any update since release. But I'd recommend to archive it so everybody can notice it at first sight.

I also would be interessted to see what this software is capabale of. Maybe one day there is an update coming ;-)

[zedaprime]

Hi m4k5ym,

Thanks for your initiative. I suspect this author can run that and other freely available scanning tools. It often takes research to see if the flagged vulnerability is applicable. Also noticing the recommended firewall rules mitigate many concerns.

Please feel free to post code patches for any that you are able to identify specifically with a resolution. This is community software, please feel free to chip in.

[madtempest]

Theres a number of forks that have updated libraries and done fixes where broken. Perhaps try one of those instead?

[mrgohin]

I would recommend using kea-dhcp with stork management. Its the official successor of isc-dhcp-server with a lot of enhancement

[piozylka]

AFAIK kea stork doesn't allow to modify files with dhcp reservation without paying for enterprise edition. with glass-isc-dhcp it's free

[mrgohin]

Yeah it might be free. The vulnerabilities you get as a goodie are as well for free.

Have fun with a product of the broken npm eco system. By design.