DeanAyalon
commented
5 months ago Not a vulnerability - The final image should be generated for private use and never uploaded publicly!
The final image contains an empty FileMaker Server and potentially a Devin.fm engine or production setup. Although hashed, the FMS admin-console credentials are stored within the final image
Currently, Devin is installed on both dev and prod images, but production servers have unique API keys, therefore will need the Devin installation not to be defined within the image