Critical vulnerability CouchDB upgrade to latest version 1.7.1

Two vulnerabilities were disclosed on CouchDB, one allowing to remotely create admin users (CVE 2017-12635) and the other allowing to execute commands through admin users (CVE 2017-12636).

We recommend to upgrade CouchDB to the latest version supported for Faraday (1.7.1) and review your security configuration using our guide:

Because an old  vulnerability/feature of CouchDB we already recommend to filter using actions "config_whitelist = []" this is a workaround that help only for the vulnerability (CVE 2017-12636)

More information:
Post a Comment
Thanks for your comment