Cake: Enable security via HTTPS

Created on 5 Aug 2017  路  13Comments  路  Source: cake-build/cake

There are several security flaws across all cake products when files are downloaded without using HTTPS protocol. Most severe issue is the download of _packages.config_ because there is no time between downloading and continuing code execution.

picture matkoch
👍2

Most helpful comment

This is NOT a duplicate! It's not about the website after all. It's about ensuring that in fact the correct bootstrapper is downloaded and no malicious code is executed.

picture matkoch on 6 Aug 2017
👍3

All 13 comments

Duplicate of cake-build/website#40

We're in the middle of migration to new infrastructure, where both SSL and HSTS will be enabled.

devlead picture devlead on 6 Aug 2017
👎1

This is NOT a duplicate! It's not about the website after all. It's about ensuring that in fact the correct bootstrapper is downloaded and no malicious code is executed.

matkoch picture matkoch on 6 Aug 2017
👍3

@matkoch it was marked as a duplicate due to the fact that you couldn't have one, without the other. I believe that all necessary changes in this regard have now been made.

gep13 picture gep13 on 6 Aug 2017
👎1

@gep13 Doesn't seem so 馃槂 To be correct, the other issue was closed _without_ fixing the issue I've described here.

matkoch picture matkoch on 6 Aug 2017

@matkoch yes, it was, and you will notice as well that it was immediately opened again.

gep13 picture gep13 on 6 Aug 2017

@gep13 as far as I remember it was only re-opened after I've pointed out the actual problem again 馃

https://gitter.im/cake-build/cake?at=59873dd876a757f8087d0c6f

Anyways, great that you've fixed it.

matkoch picture matkoch on 6 Aug 2017

Still no public announcement on that?

matkoch picture matkoch on 22 Aug 2017

@gep13 @devlead ?

matkoch picture matkoch on 26 Aug 2017

@matkoch post is merged and will be out later today

devlead picture devlead on 26 Aug 2017

@devlead are you going to do anything else? Not everyone follows up on blog posts and twitter...

matkoch picture matkoch on 26 Aug 2017

@matkoch what else would you suggest?

gep13 picture gep13 on 26 Aug 2017

I'm going to have a beer and that's about it.

devlead picture devlead on 26 Aug 2017
👍2

@devlead enjoy your beer 馃憤
@gep13 following up here: https://github.com/cake-build/website/pull/398#issuecomment-325134731

matkoch picture matkoch on 26 Aug 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

patriksvensson picture patriksvensson  路  5Comments
tompazourek picture tompazourek  路  3Comments
augustoproiete picture augustoproiete  路  5Comments
ubbeK picture ubbeK  路  5Comments
vktr picture vktr  路  6Comments