Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove /api/v1/version endpoint #1022

Merged
merged 1 commit into from Sep 2, 2022
Merged

remove /api/v1/version endpoint #1022

merged 1 commit into from Sep 2, 2022

Conversation

bobcallaway
Copy link
Member

@bobcallaway bobcallaway commented Sep 1, 2022
edited

This patch removes the /api/v1/version endpoint in an effort to not disclose the server's operating version to malicious users. This is consistent with Fulcio where we also removed this endpoint.

Note there are some uses in sigstore/scaffolding, sigstore/sigstore-rs which we should get rid of as well.

Signed-off-by: Bob Callaway bcallaway@google.com

@bobcallaway
remove /api/v1/version endpoint
ac0af96 
Signed-off-by: Bob Callaway <bcallaway@google.com>
@bobcallaway bobcallaway added the ga_candidate Proposed blocking issue for GA release label Sep 1, 2022
haydentherapper
haydentherapper reviewed Sep 1, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once its usage is cleaned up elsewhere. We should also notify folks on Slack asap.

@codecov-commenter
Copy link

Codecov Report

Merging #1022 (ac0af96) into main (a0c78e7) will decrease coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1022      +/-   ##
==========================================
- Coverage   41.44%   41.40%   -0.04%     
==========================================
  Files          71       70       -1     
  Lines        6980     6972       -8     
==========================================
- Hits         2893     2887       -6     
+ Misses       3783     3779       -4     
- Partials      304      306       +2
Impacted Files Coverage Δ
pkg/types/alpine/v0.0.1/entry.go 52.43% <0.00%> (-2.44%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

This was referenced Sep 1, 2022
Merged
Closed
@bobcallaway bobcallaway marked this pull request as ready for review September 2, 2022 13:26
@bobcallaway bobcallaway requested a review from a team as a code owner September 2, 2022 13:26
@bobcallaway bobcallaway merged commit dc784c1 into sigstore:main Sep 2, 2022
@github-actions github-actions bot added this to the v1.0.0 milestone Sep 2, 2022
@bobcallaway bobcallaway mentioned this pull request Oct 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper left review comments

@priyawadhwa priyawadhwa priyawadhwa approved these changes

Assignees
No one assigned
Labels
ga_candidate Proposed blocking issue for GA release
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bobcallaway @codecov-commenter @haydentherapper @priyawadhwa