-
Sub-task
-
Resolution: Done
-
Medium
-
None
-
None
-
None
-
None
The CDS actor uses io.netty which is known to have several security vulnerabilities, sonatype-2020-0026:
From reading these, it appears that the issue can be addressed by configuring netty to use SSL via the SSLContext/SSLParameters. Further investigation may prove that can't be done in policy-models or that it doesn't solve the issues.
- clones
-
POLICY-2800 Ensure SSL is enabled when using io.netty in policy-models
- Closed