vh/rest-server
1
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-12-07 09:36:13 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #340 from MichaelEischer/limit-htpasswd-perms
Some checks failed
test / Linux Go 1.23.x (push) Has been cancelled
Details
test / Linux (race) Go 1.24.x (push) Has been cancelled
Details
test / Linux Go 1.24.x (push) Has been cancelled
Details
test / lint (push) Has been cancelled
Details
test / Analyze results (push) Has been cancelled
Details

Browse Source 
Limit htpasswd perms
This commit is contained in:
Michael Eischer
2025-05-15 20:20:16 +02:00
committed by GitHub
parent 4e6193ceee 95538fe956
commit f018e99109
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
changelog/unreleased/issue-318 Normal file
View File

@@ -0,0 +1,13 @@
Security: Fix world-readable permissions on new `.htpasswd` files
On startup the rest-server Docker container creates an empty `.htpasswd` file
if none exists yet. This file was world-readable by default, which can be
a security risk, even though the file only contains hashed passwords.
This has been fixed such that new `.htpasswd` files are no longer world-readabble.
The permissions of existing `.htpasswd` files must be manually changed
if relevant in your setup.
https://github.com/restic/rest-server/issues/318
https://github.com/restic/rest-server/pull/340