x86dev
commented
2 years ago Yeah, I've read the article as well -- we might want to further protect that directory and/or move it further down, so that the web server only serves a copy of of the (needed) content.
In the current configuration, the created container serves the .git directory of tt-rss. This is probably not a real issue for an open source project with no private commits, but I just got an automated notification from "Deutsche Gesellschaft für Cybersicherheit", who scanned the web for potentially vulnerable servers (https://www.heise.de/ct/artikel/Massive-Sicherheitsprobleme-durch-offene-Git-Repositorys-4795181.html, German only).