Thank you Jochen! On Wednesday, June 15, 2016 at 7:23:55 AM UTC-7, Jochen Schalanda wrote: > > Hi Beth, > > […] if there was any white box/black box or static code/web application >> scanning that is done before a release is made. Is this up to the >> individual contributor? > > > That's currently up to the individual contributor and the reviewer of the > change set. > > My second question is if there is an Elasticsearch or MongoDB security >> vulnerability, and I am using the appliance, is anybody trying to provide >> an upgrade with the patch? > > > Yes, we try to release updated versions of the omnibus package (which is > being used in the OVA and provides MongoDB, the JVM, Elasticsearch, and > Graylog) as soon as security relevant changes are required (e. g. a new > MongoDB or Elasticsearch version was released). > > You can find the sources of the omnibus package at > https://github.com/Graylog2/omnibus-graylog2 and could build a custom > version of it with all the patches you need. > > Cheers, > Jochen > > On Monday, 13 June 2016 18:52:38 UTC+2, OlyLady wrote: >> >> Hi, >> >> I have to do a "security design review" to deploy Graylog in my >> environment. I am not familiar with open source development and was >> wondering if there was any white box/black box or static code/web >> application scanning that is done before a release is made. Is this up to >> the individual contributor? >> >> Second, we planned on using the appliance deployment of Graylog, one with >> everything on it, and maybe a second machine with Elasticsearch only. My >> second question is if there is an Elasticsearch or MongoDB security >> vulnerability, and I am using the appliance, is anybody trying to provide >> an upgrade with the patch? Are there any recommendations for actually >> doing security patches in such an environment? >> >> Beth >> >
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d42767f3-2566-4b62-9d6c-c5d8f801c906%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
