search

Significant-Gravitas / AutoGPT

AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
https://agpt.co
MIT License
166.08k stars 43.97k forks source link

Security issue - Docker-compose persisted volumes #7114

Closed Josh-XT closed 2 weeks ago

Josh-XT commented 3 months ago

I was just looking at the security tab and saw this warning. https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-x5gj-2chr-4ch6

I'm not sure if there is a reason but I noticed that the docker-compose.yml and Dockerfile as well as the rest of the whole directory is persisted in the docker-compose.yml file. You should pick and choose what directories need to be persisted locally. The whole folder should not be persisted. For example, if things in data and logs folders are the important things to save, persist those instead of the whole folder. If things are saving in the root of the project, I would consider a refactor.

https://github.com/Significant-Gravitas/AutoGPT/blob/180de0c9a9ce79939a8aae2b55d01e2bf2a5becb/autogpts/autogpt/docker-compose.yml#L14-L17

ghost commented 3 months ago

Replace this (persists everything)

With this (persists only data and logs)

this should solve it

ntindle commented 2 months ago

Please open a pr to fix

github-actions[bot] commented 4 weeks ago

This issue has automatically been marked as stale because it has not had any activity in the last 50 days. You can unstale it by commenting or removing the label. Otherwise, this issue will be closed in 10 days.

github-actions[bot] commented 2 weeks ago

This issue was closed automatically because it has been stale for 10 days with no activity.