- Mailing Lists
- Contributors
- Security Advisory: runbot_travis2docker - Database Password Exposed
Contributors mailing list archives
contributors@odoo-community.org
Browse archives
- By thread
-
By date
- October 2022 41
- September 2022 73
- August 2022 38
- July 2022 141
- June 2022 87
- May 2022 59
- April 2022 31
- March 2022 68
- February 2022 77
- January 2022 98
- December 2021 75
- November 2021 74
- October 2021 66
- September 2021 68
- August 2021 50
- July 2021 123
- June 2021 86
- May 2021 90
- April 2021 73
- March 2021 146
- February 2021 87
- January 2021 38
- December 2020 159
- November 2020 100
- October 2020 277
- September 2020 193
- August 2020 94
- July 2020 85
- June 2020 158
- May 2020 50
- April 2020 172
- March 2020 121
- February 2020 210
- January 2020 58
- December 2019 35
- November 2019 97
- October 2019 165
- September 2019 118
- August 2019 86
- July 2019 56
- June 2019 124
- May 2019 77
- April 2019 84
- March 2019 64
- February 2019 53
- January 2019 80
- December 2018 64
- November 2018 31
- October 2018 55
- September 2018 69
- August 2018 28
- July 2018 52
- June 2018 34
- May 2018 81
- April 2018 98
- March 2018 47
- February 2018 77
- January 2018 70
- December 2017 64
- November 2017 159
- October 2017 118
- September 2017 161
- August 2017 18
- July 2017 41
- June 2017 56
- May 2017 106
- April 2017 110
- March 2017 112
- February 2017 69
- January 2017 94
- December 2016 115
- November 2016 132
- October 2016 264
- September 2016 124
- August 2016 143
- July 2016 44
- June 2016 137
- May 2016 84
- April 2016 80
- March 2016 130
- February 2016 98
- January 2016 109
- December 2015 140
- November 2015 189
- October 2015 335
- September 2015 136
- August 2015 208
- July 2015 43
- June 2015 64
- May 2015 8
Security Advisory: runbot_travis2docker - Database Password Exposed
by
LasLabs, Dave Lasley
Hi All,
Please note that an edge case was recently discovered in maintainer-quality-tools that caused Runbot implementations using runbot_travis2docker to expose the host database password when the Odoo container exits with a non-zero code.
I committed the fix yesterday, but it is recommended that you change your Runbot PostgreSQL password immediately if your Runbot deploy meets the following conditions:
- Runbot that builds using the module runbot_travis2docker
- Runbot instance has a configured database host (as opposed to the default `localhost`)
- Runbot test logs are exposed to the public
For anyone that wants to confirm whether your password has been exposed:
- You can create a commit such as this
- Look for your database password at the bottom of the test_all logs.
Follow-Ups
-
Re: Security Advisory: runbot_travis2docker - Database Password Exposed
byLasLabs, Dave Lasley- 17/08/2017 19:36:18 - 1
