Closed dtimberlake2019 closed 2 years ago
Thanks for reporting this!
While this image is intended for non-production/local use, maintaining basic up-to-date security measures makes sense regardless. I have a PR that will address this concern.
There are several critical security vulnerabilities we have discovered while running this in our environment.
What did you use to scan for vulnerabilities? How do you use this image that this concern popped up?
There are several critical security vulnerabilities we have discovered while running this in our environment.
Please update the nginx configuration to use standard security defaults: Remove support for vulnerable protocols: TLS1.0 and TLS1.1 Remove support for vulnerable Cipher: ECDHE-RSA-AES256-SHA384 on TLSv1.2