post: commit e2761e1 in bojemoi_boot
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
All checks were successful
Hugo Build & Deploy / build-deploy (push) Successful in 11s
This commit is contained in:
Betty
43
content/posts/commits/2026-04-09-commit-e2761e1.md
Normal file
43
content/posts/commits/2026-04-09-commit-e2761e1.md
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
title: "[bojemoi_boot] fix(security): remove dnsmasq webproc port 8080 from public ingress"
|
||||
date: 2026-04-09T22:29:01+02:00
|
||||
draft: false
|
||||
tags: ["commit", "bojemoi_boot", "main"]
|
||||
categories: ["Git Activity"]
|
||||
summary: "Commit e2761e1 par Betty dans bojemoi_boot"
|
||||
author: "Betty"
|
||||
---
|
||||
|
||||
## Commit `e2761e1`
|
||||
|
||||
| | |
|
||||
|---|---|
|
||||
| **Repository** | bojemoi_boot |
|
||||
| **Branch** | `main` |
|
||||
| **Author** | Betty |
|
||||
| **Hash** | `e2761e17dbeb6ea4e6344ca349d4c3fd4fde1b0b` |
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Port 8080 (webproc admin UI) was published directly, accessible from any
|
||||
container on the backend/overlay networks. A compromised container could
|
||||
rewrite dnsmasq config to redirect internal domains.
|
||||
|
||||
Admin UI remains accessible via Traefik at dnsmasq.bojemoi.lab (HTTPS).
|
||||
Port 53 (DNS resolution) unchanged.
|
||||
|
||||
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
||||
|
||||
### Files Changed
|
||||
|
||||
```
|
||||
M stack/01-boot-service.yml
|
||||
```
|
||||
|
||||
### Diff Summary
|
||||
|
||||
```
|
||||
stack/01-boot-service.yml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
```
|
||||
Reference in New Issue
Block a user