Level 9
I was just about to post the same question.
1 like
Jul 19, 2016
8
Level 3
Any thoughts on the HTTPoxy vulnerability?
Should we take any action when running our apps Forge-provisioned servers? Any thoughts on the problem?
Digital Ocean states that only HTTP and not HTTPS is affected and has a general guide on fixing the vulnerability: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-httpoxy-vulnerability
Level 1
I see Guzzle has a patch - but is the framework also at risk (including older versions), or is this purely a vulnerability at the server level?
https://github.com/guzzle/guzzle/releases
This could do with being a cross-post in non-forge related topics
C
1 like
Level 11
Taylor created a new recipe to patch this. You should be able to find it by visiting https://forge.laravel.com/recipes
1 like
Level 9
Great! Just applied the recipe to all our servers!
2 likes
Level 1
@Dan do you have an exact URL to the recipe to patch httpoxy, the above URL redirects to https://forge.laravel.com/
Level 4
If you have a Forge account, log in and click on Recipes on the navigation bar.
Level 11
@Zod You will need to have a Forge account and be logged in, in order to visit that link.
Level 17
I like that I didn't have to lift a finger, and this was patched on my server before I even heard about the vulnerability.
ServerPilot beats Forge, in this respect.
Please or to participate in this conversation.