Security scan issues #330

ckarpinski · 2023-09-18T16:22:08Z

The most recent security scan shows that there are a number of new problems. I dont see a way to attach the file here so will put it in slack

DraxIndustries79 · 2024-01-02T20:35:34Z

aprilrieger · 2024-01-16T04:44:49Z

TLS Version 1.0 Protocol Detection (Score: 8.5)
TLS Version 1.1 Protocol Detection and Deprecated (Score: 8.5 and 6.1)
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST) (Score: 4.3)
SSL/TLS Recommended Cipher Suites (Score: 3.9)
Git Repository Served by Web Server (Score: 5.0)
Web Application Information Disclosure (Score: 5.0): The application discloses path information in error messages.
Web Server Transmits Cleartext Credentials (Score: 4.0): Form fields containing passwords are transmitting data in cleartext.
Script Src Integrity Check (Score: 3.9): External script resources are not using integrity checks.

ckarpinski added this to atla_digital_library Sep 18, 2023

ckarpinski converted this from a draft issue Sep 18, 2023

This was referenced Jan 16, 2024

i330-add-tls-to-ingress #350

Merged

i330-add-tls-to-ingress notch8/atla-omeka#9

Merged

aprilrieger moved this from Ready for Development to In Development in atla_digital_library Jan 16, 2024

aprilrieger mentioned this issue Jan 16, 2024

remove-ansistrano #351

Merged

aprilrieger moved this from In Development to Deploy to Production in atla_digital_library Jan 25, 2024

aprilrieger added the not end user testable this ticket can be closed after verified by a dev label Jan 25, 2024

aprilrieger moved this from Deploy to Production to Done in atla_digital_library Jan 26, 2024

jillpe closed this as completed Jan 30, 2024

Provide feedback