glass-isc-dhcp icon indicating copy to clipboard operation
glass-isc-dhcp copied to clipboard

Published 20 hours ago verified publisher icon Akkadius

Please archive / freeze this project

Open mrgohin opened this issue 3 years ago • 3 comments

Hello,

I tried to use your software today. Unfortunately this is impossible without massive security concerns.

After npm install I had already seen everything: 34 vulnerabilities (7 low, 9 moderate, 12 high, 6 critical)

I'm totally fine with this (expected) result since the project didn't received any update since release. But I'd recommend to archive it so everybody can notice it at first sight.

I also would be interessted to see what this software is capabale of. Maybe one day there is an update coming ;-)

mrgohin avatar Oct 19 '21 11:10 mrgohin

Hi m4k5ym,

Thanks for your initiative. I suspect this author can run that and other freely available scanning tools. It often takes research to see if the flagged vulnerability is applicable. Also noticing the recommended firewall rules mitigate many concerns.

Please feel free to post code patches for any that you are able to identify specifically with a resolution. This is community software, please feel free to chip in.

zedaprime avatar Dec 16 '21 18:12 zedaprime

Theres a number of forks that have updated libraries and done fixes where broken. Perhaps try one of those instead?

madtempest avatar Mar 10 '22 22:03 madtempest

I would recommend using kea-dhcp with stork management. Its the official successor of isc-dhcp-server with a lot of enhancement

mrgohin avatar Mar 11 '22 08:03 mrgohin

AFAIK kea stork doesn't allow to modify files with dhcp reservation without paying for enterprise edition. with glass-isc-dhcp it's free

piozylka avatar Oct 10 '23 10:10 piozylka

Yeah it might be free. The vulnerabilities you get as a goodie are as well for free.

Have fun with a product of the broken npm eco system. By design.

mrgohin avatar Nov 01 '23 11:11 mrgohin