cernan
cernan copied to clipboard
postmates
telemetry aggregation and shipping, last up the ladder
Bumps [net2](https://github.com/deprecrated/net2-rs) from 0.2.32 to 0.2.37. Commits a183475 Release v0.2.37 6081dff haiku: Fix sockaddr_in/sockaddr_in6; Solves #108 71708b7 Release v0.2.36 49b43f2 Do not assume memory layout of std::net::SocketAddr 77a6eb4 Release v0.2.35...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [miow](https://github.com/yoshuawuyts/miow) from 0.2.1 to 0.2.2. Commits 6fd7b9c Bump version to 0.2.2 550efc2 Merge branch 'fix-sockaddr-convertion-v0.2.x' into 0.2.x ca8db53 Stop using from_ne_bytes to be compatible with Rust < 1.32.0 3e217e3...
Bumps [protobuf](https://github.com/stepancheg/rust-protobuf) from 1.7.3 to 2.6.0. Changelog Sourced from protobuf's changelog. [2.6.0] - 2019-05-19 lite_runtime rust-protobuf option Fix OOM on malformed input Minimum supported Rust version is 1.26 Implement Hash...
Bumps [tiny_http](https://github.com/tiny-http/tiny-http) from 0.6.0 to 0.8.0. Release notes Sourced from tiny_http's releases. 0.6.4 Don't honour client TE for 1xx or 204 responses Where we're sending an Informational (1xx) or No...
Bumps [libflate](https://github.com/sile/libflate) from 0.1.14 to 0.1.27. Commits 193fd65 Bump version to v0.1.27 0170b0c Merge pull request #43 from sile/apply-cargo-fix de4dbee Apply cargo fix 3ff53db Bump version to v0.1.26 ec3bd87 Apply...
From the security review bug (https://github.com/postmates/cernan/issues/461): > None of the sources auth, the few sinks that have auth credentials are, iirc, not wired up to authenticate. IP whitelisting and/or presence...
As per: https://github.com/postmates/cernan/issues/461#issuecomment-460741158 "This is part of the generated protobuf code. It'd be reasonable to regen this and see if the unsafe bits have disappeared. It'd also be willing to...
https://github.com/postmates/cernan/wiki/SinksElasticSearch * secure :: whether to attempt HTTPS or not with the elasticsearch host [default: false] It makes sense to change the default to true, as per https://github.com/postmates/cernan/issues/461.
As noticed in security review (https://github.com/postmates/cernan/issues/461): https://github.com/postmates/cernan/blob/4c96e203fdc5eb8f85aee2fd462daf081a0db811/src/config.rs#L849 Followup action: > We should document a limit to this value and check the user's input, emit a warning if the value is...
My comment from the security review (https://github.com/postmates/cernan/issues/461): Is this essentially insecure by default? If it’s insecure with the default setting that should probably at minimum be called out explicitly in...