All - especially Mifos installations Please be mindful of the best practices to secure and monitor your logins, audit logs, etc
https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract On Mon, Mar 18, 2024 at 9:50 AM James Dailey <jdai...@apache.org> wrote: > Devs - > > Today we are announcing that release 1.9.0 fixed a few reported CVEs. > Those should be showing up here on the listserv shortly. Version 1.8.4 and > prior were not fixed and likely contain these vulnerabilities. We are > circumspect in how we describe them - you can dig further via the PRs and > the related tickets. > > The CVEs are also documented here: > > https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report > > With Yash Sancheti helping, we created a How to Secure Fineract page. > Additional best practices should be shared there or on list to ensure that > all instances of Fineract are kept secure. > > https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract > <https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract> > > I would encourage everyone to review their security practices. Fineract > should not simply be downloaded and run in production environments without > taking into account attack vectors and proper security. There are > vendors available to help with this. > > Report vulnerabilities and exploits to Security AT fineract.apache.org > > Thank you > James > PMC Fineract >
