Making the package manager more secure

Martin Gruner11. Jun 2018 | AdministrationCyber SecurityModifications & Packages

A user recently complained about the OTRS package manager ability to execute code from packages (CVE-2018-7567). There are good reasons for this (packages install code anyway, required for complex setup routines), but of course, it means that admins better double check the packages they install.

After looking for ways to improve the situation, we decided to slightly change the default behaviour of the package manager. By default, only packages verified by OTRS can be installed now; there is a new configuration option to allow installation of packages from other / untrusted sources.

#1
Robert Ullrich at 12.06.2018, 09:07

Nice one! Thanks for this improvement! :-)

Your email address will not be published. Required fields are marked *

This site uses cookies. By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close