Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 7 Mar 2018 14:53:07 +0100
From: Raphael Geissert <>
To: Open Source Security <>
Subject: And Harbor? (was: Portus, missing certificate validation on proxified
 https traffic)

On 7 March 2018 at 14:34, Raphael Geissert <> wrote:
> Oh and it appears that this one comes from the
> Portus-On-OracleLinux7[4] repo from which "[they] borrowed a lot of
> the NGinx configuration"[2] :

>From a quick look at harbor, it would appear to also be missing the
certificate validation on the proxified connections:
(as of 19a13e8)

CC'ing vmware security, fwiw.

> [1]
> [2]
> [3]
> [4]

Raphael Geissert

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ