Uploaded image for project: 'Policy Framework'
  1. Policy Framework
  2. POLICY-2605 This epic covers technical debt left over from Guilin
  3. POLICY-2808

Ensure SSL is enabled when using io.netty in policy-models

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Medium Medium
    • None
    • None
    • None
    • None

      The CDS actor uses io.netty which is known to have several security vulnerabilities, sonatype-2020-0026:

      From reading these, it appears that the issue can be addressed by configuring netty to use SSL via the SSLContext/SSLParameters.  Further investigation may prove that can't be done in policy-models or that it doesn't solve the issues.

            ramverma ramverma
            jrh3 jrh3
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: