Hi Beth, […] if there was any white box/black box or static code/web application > scanning that is done before a release is made. Is this up to the > individual contributor?
That's currently up to the individual contributor and the reviewer of the change set. My second question is if there is an Elasticsearch or MongoDB security > vulnerability, and I am using the appliance, is anybody trying to provide > an upgrade with the patch? Yes, we try to release updated versions of the omnibus package (which is being used in the OVA and provides MongoDB, the JVM, Elasticsearch, and Graylog) as soon as security relevant changes are required (e. g. a new MongoDB or Elasticsearch version was released). You can find the sources of the omnibus package at https://github.com/Graylog2/omnibus-graylog2 and could build a custom version of it with all the patches you need. Cheers, Jochen On Monday, 13 June 2016 18:52:38 UTC+2, OlyLady wrote: > > Hi, > > I have to do a "security design review" to deploy Graylog in my > environment. I am not familiar with open source development and was > wondering if there was any white box/black box or static code/web > application scanning that is done before a release is made. Is this up to > the individual contributor? > > Second, we planned on using the appliance deployment of Graylog, one with > everything on it, and maybe a second machine with Elasticsearch only. My > second question is if there is an Elasticsearch or MongoDB security > vulnerability, and I am using the appliance, is anybody trying to provide > an upgrade with the patch? Are there any recommendations for actually > doing security patches in such an environment? > > Beth > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c5f5a09e-67f1-4388-8640-50b2b7e5c8bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
