Hi S Sathish S,
pcs is sending Strict-Transport-Security header since version
pcs-0.9.168. There were further fixes in pcs-0.10 branch which you can
find in pcs changelog [1]:
* in pcs-0.10.5: Added missing Strict-Transport-Security headers to
redirects
* in pcs-0.10.14: Set 'Strict-Transport-Security: max-age=63072000' HTTP
header for all responses
The only known bug regarding the header is that it is not being sent in
HTTP 404 responses (requests for not-existing URLs). This is already
fixed upstream and the fix will be included in the upcoming pcs release.
If you think the header is missing somewhere else, please provide a
reproducer, so we can take a closer look at it.
Regards,
Tomas
[1]: https://github.com/ClusterLabs/pcs/blob/pcs-0.10/CHANGELOG.md
Dne 03. 04. 23 v 15:37 S Sathish S via Users napsal(a):
Hi Team,
In our product we are using pcs-0.10.15 version while running tenable
scan found below vulnerability reported on 2224 pcsd daemon. Moreover we
have disable PCSD Web UI in our application still vulnerability reported
in the system.
Plugin ID : 84502
Plugin Name : HSTS Missing From HTTPS Server
Please provide any mitigation plan for this.
Thanks and Regards,
S Sathish S
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
