De : Jérémy Harris Envoyé : mardi 24 mars 2015 09:57 À : Franck Le Gall; thomas.van.der.auwermeulen at vub.ac.be; vincent LEROY Objet : Fi-ware Keyrock : Security point. Dear Mr. Le Gall, I'm Jeremy Harris, working for Neveo which is supported by Fi-C3. You were recommended by Thomas Van Der Auwermeulen to help with our issue. We currently have an issue with the Keyrock integration. In short, we noticed that install Keyrock on our server present some security risk. I add an attachment file with the detail of the problem. There is a problem with KeyRock Identity Management framework from Fi-Ware. KeyRock uses quite outdated versions of Ruby programming language (1.9.3), and Ruby on Rails framework (3.2.14). Both of those have a pretty big list of known security vulnerabilities: 1. http://www.cvedetails.com/vulnerability-list/vendor_id-7252/product_id-12215/version_id-136531/Ruby-lang-Ruby-1.9.3.html 2. http://www.cvedetails.com/vulnerability-list/vendor_id-12043/product_id-22568/version_id-153894/Rubyonrails-Ruby-On-Rails-3.2.14.html At the same time, i'm contacting other Keyrock specialist (only 2 found on the internet) to get more information. Best Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-fic3-coaching/attachments/20150402/10caaa7f/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy