Hi folks,
New bandit release 1.1.0 has been tagged. Importantly, this includes a security
fix for a bug[1] in HTML formatted reports that could permit XSS.
[New Features]
- New test for HTTPoxy bug (CVE-2016-5386)
- Man page added
[Bug Fixes]
- XSS bug fixed in HTML output (Security fix)
- Vari
Bandit release 1.0 stable
-
This milestone release includes a number of major new features, as follow:
- Test IDs: bandit tests are now given unique IDs. These IDs can be used in
all situations where a test name would have been used previously
(include, exclude, etc).
On 28/10/2015 09:35, "Tripp, Travis S" wrote:
>
>
>On 10/28/15, 11:43 AM, "Flavio Percoco" wrote:
>
>>On 26/10/15 17:20 +, Ian Cordasco wrote:
>>>Hi everyone,
>>>
>>>
>>>Today I'm removing myself from the core reviewer (and driver)
>>>teams for the
>>>
>>>
>>>following proje
Hey Bandit Folks,
Thanks for all the great work done during the recent security mid cycle, we
have made some really solid progress on key areas like documentation, testing,
and code quality. It was also great to see people in person! This email follows
on from various conversations with the hope
On 03/07/2015 09:39, "Gorka Eguileor" wrote:
>On Thu, Jul 02, 2015 at 07:09:41PM +0000, Kelsey, Timothy John wrote:
>> Hello Stackers,
>> A few intrepid projects have started adopting Bandit, an automatic
>>security linter built by the security project, into t
Hello Stackers,
A few intrepid projects have started adopting Bandit, an automatic security
linter built by the security project, into their gate tests. This is very
rewarding to see for those of us who have worked on the project and people with
an interest in securing the OpenStack codebase. Th
Hi Utkarsh,
I am also happy to help figure out whats going in here, as Kaitlin says,
the first step is get some more log info.
--
Tim Kelsey
Cloud Security Engineer
HP Helion
On 25/03/2015 15:24, "Farr, Kaitlin M." wrote:
>Hi Utkarsh,
>
>Specifying "kmip_plugin" in the barbican-api.conf
On 18/11/2014 21:07, "Nathan Reller" wrote:
>> It seems we need to add some validation to the process
>
>Yes, we are planning to add some validation checks in Kilo. I would
>submit a bug report for this.
>
>The big part of the issue is that we need to be clearer about the
>expected input types
Hello Barbican folks,
Recently I was experimenting with the KMIPSecretStore and observed the
following behaviour. Issuing the API call:
"curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d
'{"payload": "my-secret-here", "payload_content_type": "text/plain",
"algorithm": "