[
https://issues.apache.org/jira/browse/OFBIZ-13294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18024220#comment-18024220
]
Carsten Schinzer commented on OFBIZ-13294:
------------------------------------------
Hi [~jleroux] , I have placed a link but I find the suggestion to reopen
another ticket non-intuitive. This ticket reports a security risk on that other
ticket, so link them .. agree; replace this by the other ... disagree. OK with
you.
I am working on the patch and will add it here by end of the week I think. We
have detected malfunctions in the Docker file as well using the
template/postgres-entityengine.xml. our patch will contain both fixes, on the
Dockerfile and on the entrypoint.
Warm regards
Carsten
> Docker extension discloses passwords in sed command
> ---------------------------------------------------
>
> Key: OFBIZ-13294
> URL: https://issues.apache.org/jira/browse/OFBIZ-13294
> Project: OFBiz
> Issue Type: Bug
> Components: Docker
> Affects Versions: 24.09.02
> Reporter: Carsten Schinzer
> Assignee: Carsten Schinzer
> Priority: Major
>
> The entrypoint script discloses database passwords when being executed on the
> Container log in method {{configure_database().}}
> I consider this a security breach and would suggest to fix the behaviour to
> have the sed command silenced.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
