CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals Severity Low Vendor Cloud Foundry Foundation Versions Affected - Cloud Foundry release v241 and earlier versions - UAA release

CVE-2016-6636 UAA Open Redirect Vulnerability for Subdomains Severity Medium Vendor Cloud Foundry Foundation Versions Affected - Cloud Foundry release v241 and earlier versions - UAA

CVE-2016-6651: Privilege Escalation in UAA Severity High Vendor Cloud Foundry Foundation Versions Affected - Cloud Foundry release v242 and earlier versions - UAA release v3.7.0 &

Hi all -- a couple people reached out asking for a date for Viewers can follow. We are currently targeting November of this year. Thanks, Lisa

Hi all, Just to re-iterate, we do have this feature prioritized on the Tracker team. I'm sorry we haven't been able to deliver this yet, but there are a number of other higher priority items that we

Guillaume, thank you so much! One beer at the next CF summit is on me. :) Carlo

Thanks Mike and CF Community. We would like to invite the attendees at CF Summit Europe this week to learn more about .NET tools integration and scenarios these project enables. Please join the

Thanks HPE!

Hi all, In May 2015, the Utilities PMC began incubating a handful of .NET developer tools created and maintained by engineers at HPE. These projects have been maintained by HPE over the last 16

Dear Guillaume, Thanks for your efforts in this direction. As I already stated before, it is really a pain that you are not able to follow stories or comment when not being a member in a

Hi, The mirroring of foundation projects is around 60% complete. See [5] for more detailed coverage. This should enable community members to watch the most active foundation backlogs. I received no

The CF CLI team just cut 6.22.1. Ignore 6.22.0. Binaries and link to release notes are available at: https://github.com/cloudfoundry/cli#downloads Improved help pages The cf help page now lists

As you may have heard, Canonical released a regression USN ( http://www.ubuntu.com/usn/usn-3087-2/) to cover an issue introduced in the fix released yesterday

Hello All, If you get questions about the recent SSL CVE today - it is a high and the BOSH team will be acting on it as soon as we have an Ubuntu update from Canonical. I will reply with new stemcell

I have test noaa's sample to collect metrics from doppler firehose. When i set "DOPPLER_ADDR" to "wss://doppler.bosh-lite.com:443", it worked well. I just wondering if it is possible to connect

Ha, just for fun we detailed how you could, technically, request a letsencrypt cert via a CF app :-) [1] I would agree that a user would like the ability to auto-renew certs, if they are currently

Yes, it's the protocol[1] proposed by ISRG letsencrypt[2] (under the linux foundation umbrella) that allows automated generation and PKI signing of TLS certificates. For the record, there's a go

Our current policy to our users is SNI by default, i.e. unless they explicitly require non-SNI TLS termination they get SNI termination. We went with this because browser support seems good[1] and

Thank you all for your responses. A follow up question: for the gorouter to host certs for multiple domains, it seems only natural that it would do this via SNI. Is client support for SNI ubiquitous

carlo.ferraris(a)rakuten.com> wrote: Wasn't familiar with ACME until I just googled it. Do you mean some mechanism for automated generation of certs?