[DOCS-13794] Remove .git folder from being published publicly Created: 27/Jul/20  Updated: 29/Oct/23  Resolved: 11/Sep/20

Status: Closed
Project: Documentation
Component/s: drivers
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Minor - P4
Reporter: Darren Gruber Assignee: Christopher Cho
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Participants:
Days since reply: 3 years, 22 weeks, 6 days ago
Epic Link: DOCSP-12162
Story Points: 2

 Description   

Description

Hello,

We've received reports that api.mongodb.com publishes its .git directory publicly. The examples given are:

This is a very minor information leak (specific commit information, private github repository name), but I wanted to ensure it was on your radar for a future remediation.

Please let me know if there's any additional detail I can add to this ticket or if there are any questions I can answer.

Thanks!
Darren

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Christopher Cho [ 03/Sep/20 ]

Waiting for access

Comment by Christopher Cho [ 31/Aug/20 ]

https://github.com/10gen/apidocs/pull/11

Comment by Christopher Cho [ 24/Aug/20 ]

Hi darren.gruber

 

Sorry, I was focusing on other issues this Sprint. Thanks for bringing this back to my attention.

I think I have a fix, but have not been able to test it due to openssl configuration issues specific to the build script that I need to spend some time figuring out.

I am OOO this week, but will schedule this for the Sprint in which I come back.

Comment by Darren Gruber [ 24/Aug/20 ]

Hello chris.cho - just checking in to see if there was any movement on this issue.

Thanks!

Comment by Christopher Cho [ 28/Jul/20 ]

Thanks for identifying and reporting this issue! I'll look into how these are deployed this upcoming Sprint and find a solution.

Generated at Thu Feb 08 08:08:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.