On Wed, Sep 4, 2024 at 8:34 PM Jon Haddad wrote:
> I thought about this a bit over the last few days, and there's actually
> quite a few problems present that would need to be addressed.
>
> *Insecure JMX*
>
> First off - if someone has access to JMX, the entire system is already
> compromised.
I thought about this a bit over the last few days, and there's actually
quite a few problems present that would need to be addressed.
*Insecure JMX*
First off - if someone has access to JMX, the entire system is already
compromised. A bad actor can mess with the cluster topology, truncate
tables
I agree neither seems to be a blocker as long as 1) is still clean, +1.
Kind Regards,
Brandon
On Wed, Sep 4, 2024 at 7:47 AM Štefan Miklošovič wrote:
>
> I am +1 but I found two "issues" along the way.
>
> for 1) I do not think this is a blocker, what is important is that at the
> time of the r
I am +1 but I found two "issues" along the way.
for 1) I do not think this is a blocker, what is important is that at the
time of the release we verified that there are no new vulnerabilities found
(and these which owasp found are identified as suppressed / not valid)
for 2) that brings inconveni
