158fee1733
Change pmproxy default configuration for CVE-2024-3019 Resolves: RHEL-30715
28 lines
926 B
Diff
28 lines
926 B
Diff
commit 3bde240a2acc85e63e2f7813330713dd9b59386e
|
|
Author: Nathan Scott <nathans@redhat.com>
|
|
Date: Wed Mar 27 14:51:28 2024 +1100
|
|
|
|
pmproxy: disable Redis protocol proxying by default
|
|
|
|
If a redis-server has been locked down in terms of connections,
|
|
we want to prevent pmproxy from being allowed to send arbitrary
|
|
RESP commands to it.
|
|
|
|
This protocol proxying doesn't affect PCP functionality at all,
|
|
its more of a developer/sysadmin convenience when Redis used in
|
|
cluster mode (relatively uncommon compared to localhost mode).
|
|
|
|
diff --git a/src/pmproxy/pmproxy.conf b/src/pmproxy/pmproxy.conf
|
|
index e54891792e..4cbc1c96af 100644
|
|
--- a/src/pmproxy/pmproxy.conf
|
|
+++ b/src/pmproxy/pmproxy.conf
|
|
@@ -29,7 +29,7 @@ pcp.enabled = true
|
|
http.enabled = true
|
|
|
|
# support Redis protocol proxying
|
|
-redis.enabled = true
|
|
+redis.enabled = false
|
|
|
|
# support SSL/TLS protocol wrapping
|
|
secure.enabled = true
|