jackevans43
jackevans43
## What is missing or needs to be updated? For CSRF mitigations, should a section be included to suggest for modern APIs that don't use forms, that the API denies...
**What is the bug?** OpenSearch audit logs included the REST request payload in the audit logs in `audit_request_body` in 2.10 but not 2.11 (or 2.12) **How can one reproduce the...
I'd like a disconnected mirror of registry.redhat.io that validates containers are signed by Red Hat. I can create a `registries.conf`: ``` [[registry]] prefix = "registry.redhat.io" location = "internal-registry-for-registry-redhat-io-0.internal" [[registry.mirror]] location...
From the [Chromium blog](https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html): >We are committed to developing this standard in a way that ensures it will not be abused to segment users based on client hardware. For example,...