José Pina Coelho

icon company @Kyndryl icon location Portugal icon location ZX Spectrum, Usenet, AIX, Internet, TSM, Cloud. (Yes, I've got the T-Shirt)

Results 5 comments of José Pina Coelho

Cannot fix CVE-2021-44832 upgrade it

It means you have to upgrade the log4j jar.

tar.gz support

Since tar.gz isn't usable by a java application, this would add complexity without identifying vulnerable applications. We should keep the focus on the directly usable formarts (JAR/EAR/WAR).

tar.gz support

> So there is a risk of reintroduction of the problem. There's always a risk, but while going down tar.gz's would cover that, it doesn't cover off-machine backups (Veritas NetBackup,...

immutable images

Given that alpine is the basis of a LOT of containers, a per-build label as mentioned by ozbillwang would be a real added value. You can use V.R.M for each...

UNPROTECTED PRIVATE KEY FILE!

An unprotected private key file should be considered compromised if there are more people on the machine that could have read the file. PAC should do nothing about it, so...