Emelia πŸ‘ΈπŸ» @thisismissem@hachyderm.io
Public

Ouch, this is really not a good look for Ghost, @johnonolanJohn O'Nolan

β€œGhost (CMS) took some heat from the community for a longstanding SQL vulnerability not being addressed in the project's Docker image”

forum.ghost.org/t/self-hosters

Edit: They owned up to it, and have a plan in place to fix: forum.ghost.org/t/self-hosters

Self-hosters left vulnerable to XSS vuln due to second-class Docker support

Ghost has again publicized a vulnerability in their software without a published Docker image without a published Docker image which contains the fix. Ghost has published 6.19.1 with a SQL injection fix, but the most recent Docker Official Image is at 6.18.2. After this happened last time, I started collaborating with @ngeorger on a more secure alternate image and there’s now one that he created and I’ve successfully tested with 6.19.0. Perhaps he can push a 6.19.1 release soon. Keep an ey...

forum.ghost.org Β· Ghost Forum

0
1
0

If you have a fediverse account, you can quote this note from your own instance. Search https://hachyderm.io/users/thisismissem/statuses/116103536046159042 on your instance and quote it. (Note that quoting is not supported in Mastodon.)