Well done James, Yash and everyone working making Fineract more secure!
My team and I find this documentation
(https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract)
helpful.
Regards
Anu Omotayo
On Monday, March 18, 2024 at 05:50:22 PM GMT+1, James Dailey
<[email protected]> wrote:
Devs -
Today we are announcing that release 1.9.0 fixed a few reported CVEs. Those
should be showing up here on the listserv shortly. Version 1.8.4 and prior
were not fixed and likely contain these vulnerabilities. We are circumspect in
how we describe them - you can dig further via the PRs and the related tickets.
The CVEs are also documented here:
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
With Yash Sancheti helping, we created a How to Secure Fineract page.
Additional best practices should be shared there or on list to ensure that all
instances of Fineract are kept secure.
https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract
|
|
| |
Securing Fineract - Fineract - Apache Software Foundation
|
|
|
I would encourage everyone to review their security practices. Fineract should
not simply be downloaded and run in production environments without taking into
account attack vectors and proper security. There are vendors available to
help with this.
Report vulnerabilities and exploits to Security AT fineract.apache.org
Thank you James PMC Fineract
