Addresses security concerns from OWASP audit and CodeQL by enforcing strict host key verification and TLS certificate verification. Security Changes: - Enforced strict SSH host key checking in pkg/container and devops. - Removed insecure SSH host key verification from pkg/ansible. - Added synchronous host key discovery during VM boot using ssh-keyscan. - Updated UniFi client to enforce TLS certificate verification by default. - Added --insecure flag and config option for UniFi to allow opt-in to skipping TLS verification for self-signed certificates. CI and Maintenance: - Fixed auto-merge workflow by providing repository context to 'gh' command. - Resolved merge conflicts in .github/workflows/auto-merge.yml. - Added unit tests for secured Ansible SSH client. - Fixed formatting issues identified by QA checks. |
||
|---|---|---|
| .. | ||
| templates | ||
| container.go | ||
| hypervisor.go | ||
| hypervisor_test.go | ||
| linuxkit.go | ||
| linuxkit_test.go | ||
| state.go | ||
| state_test.go | ||
| templates.go | ||
| templates_test.go | ||