cf-dev@lists.cloudfoundry.org

CVE-2017-4964: BOSH Azure CPI code injection vulnerability

Please see the following *medium* security advisory and let us know if you have any questions or concerns. https://www.cloudfoundry.org/cve-2017-4964/ Thanks, Molly Crowther Cloud Foundry Foundation

By Molly Crowther · #6638 ·

Re: CloudFoundry PCI-DSS compliance issue?

Thanks a lot. This answers my question now.

By Sze Siong Teo <szesiong@...> · #6637 ·

Re: CloudFoundry PCI-DSS compliance issue?

filtering rules would have affected other apps on the same VM? Or it works in some other different way? In the "batteries included" implementation of cf-networking, policy enforcement is still done

By David McClure · #6636 ·

systemstack called from unexpected goroutine

I have a java application that is deployed in cloud foundry, when I ran performance testing on this application, sometimes this application becomes unresponsive, and there are many errors in the log

By Sam Dai · #6635 ·

Re: CloudFoundry PCI-DSS compliance issue?

Hi, iptables is used when Container Networking is *not* available. If you're using Container Networking, you might want to ask the folks that are writing it on cloudfoundry.slack.com in the

By Daniel Jones · #6634 ·

Re: CloudFoundry PCI-DSS compliance issue?

Hi Daniel, How does the scenario I've mentioned for AppA and AppB to work even if I enable AppA and AppB to communicate via http://docs.cloudfoundry.org/devguide/deploy-apps/cf-networking.html? If

By Sze Siong Teo <szesiong@...> · #6633 ·

Re: CloudFoundry PCI-DSS compliance issue?

Hi Sze, Application Security Groups are implemented via iptables on the host Cell VMs, and not in the containers. Network traffic coming from processes in each container is filtered before leaving

By Daniel Jones · #6632 ·

Re: CloudFoundry PCI-DSS compliance issue?

It seems this mailing list system don't show up newly post instantly. Eventual consistency DB?

By Sze Siong Teo <szesiong@...> · #6631 ·

Re: CloudFoundry PCI-DSS compliance issue?

Thanks, I've read that earlier actually. Does anyone have more experience in about the firewall implementation for CloudFoundry instead of allowing everything between hosts in the private subnet?

By Sze Siong Teo <szesiong@...> · #6629 ·

Re: CloudFoundry PCI-DSS compliance issue?

Hi Alexander, Thanks for the info. I've discovered that post earlier from Google search as well. In fact I'm looking into more specific at implementation level as the post about isolating CDE and

By Sze Siong Teo <szesiong@...> · #6630 ·

Re: CloudFoundry PCI-DSS compliance issue?

Hey! One of my colleague was involved in project with such requirements. You can find his experience in this

By Alexander Lomov <alexander.lomov@...> · #6628 ·

CloudFoundry PCI-DSS compliance issue?

Hi, Does anyone have experience deploying CloudFoundry in an environment that requires PCI-DSS compliance? Would be great to hear from anyone regarding that like how to overcome the concern of

By Sze Siong Teo <szesiong@...> · #6627 ·

Re: Proposal for named service bindings

The proposal still has my vote FWIW. :) Mike

By Mike Youngstrom <youngm@...> · #6626 ·

Re: Proposal for named service bindings

The approach with tags has some issues too: - User-provided services have no tags - Ambiguous. Tags are not unique so it is possible that the same tag appears in multiple service instances bound to

By Peter Dotchev <dotchev@...> · #6625 ·

Re: Incubation Proposal - haproxy-boshrelease

Same here. From the SAP side, we are also big fans of the haproxy-boshrelease and very much support this proposal. Regards, Bernd Bernd Krannich SAP Cloud Platform SAP SE Dietmar-Hopp-Allee 16,

By Krannich, Bernd <bernd.krannich@...> · #6624 ·

Re: Cloud foundry deployment on vSphere : help on stub file parameters

1. Oh, I was hoping you wouldn't ask! The manifest generation scripts expect that you have two networks: `cf1` and `cf2`. In order to deploy to a single network, you can "trick" the scripts into

By David Sabeti · #6623 ·

Re: CF environmental variables - org is missing

Sorry for resurrecting an old thread. Is there any progress on this issue? Recently one of our users also needs to get org and space info from environment variables. I've checked the story[1] Nick

By Noburou TANIGUCHI · #6622 ·

Re: Accessing 192.168.x.x addresses from a diego_cell container

Thank you Eric for the quick response. That was exactly the information I required. I'm finding there is so much information to absorb a lot of the issue is just finding the right topic to look

By Ross Mark · #6621 ·

Re: CF install on vSphere

Hi Marc-Laurent, You're asking some great questions! It might be easier for people to help you out if you join the slack: http://slack.cloudfoundry.org/ as many of these questions can be answered

By Mike Dalessio · #6620 ·

Re: Incubation Proposal - haproxy-boshrelease

Nice ! Hope this release will be able to make it. wrote:

By Gwenn Etourneau · #6619 ·

Messages