[
https://issues.apache.org/jira/browse/OFBIZ-12788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707345#comment-17707345
]
ASF subversion and git services commented on OFBIZ-12788:
---------------------------------------------------------
Commit fb8973d7286b50e4e2c84a3b9db9a6e27a4297c8 in ofbiz-framework's branch
refs/heads/trunk from Daniel Watford
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=fb8973d728 ]
Improved: Address security hotspot in Dockerfile (OFBIZ-12788)
Per sonacloud recommendation, ensure executable scripts are not writable
and left under the ownership of root.
> Sonarcloud security hotspot in Dockerfile
> ------------------------------------------
>
> Key: OFBIZ-12788
> URL: https://issues.apache.org/jira/browse/OFBIZ-12788
> Project: OFBiz
> Issue Type: Improvement
> Affects Versions: Upcoming Branch
> Reporter: Daniel Watford
> Assignee: Daniel Watford
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> Sonarcloud has highlighted a security hotspot that needs to be addressed in
> the Dockerfile:
> [https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&file=Dockerfile&fileUuid=AYcD2nc8S2HJZtLSxvMT&sinceLeakPeriod=true]
>
> The hotspot relates to write permissions set on the docker-entrypoint script.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
