Hi, I have to do a "security design review" to deploy Graylog in my environment. I am not familiar with open source development and was wondering if there was any white box/black box or static code/web application scanning that is done before a release is made. Is this up to the individual contributor?
Second, we planned on using the appliance deployment of Graylog, one with everything on it, and maybe a second machine with Elasticsearch only. My second question is if there is an Elasticsearch or MongoDB security vulnerability, and I am using the appliance, is anybody trying to provide an upgrade with the patch? Are there any recommendations for actually doing security patches in such an environment? Beth -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d258bc9d-7a94-4e7f-9715-58f34b3a28ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
