fleet

Elgato_dark/fleet

Fork 0

mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00

Commit graph

Author	SHA1	Message	Date
Victor Lyuboslavsky	ea22c8087b	Bind docker ports to 127.0.0.1 (#42232 ) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #42226 When doing dev in a remote environment, like a public cloud VM, don't expose ports to the public. This is a contributor security improvement. The localstack fail is present on main, and was not caused by this change: https://github.com/fleetdm/fleet/actions/runs/23439965808/job/68187858627 # Checklist for submitter ## Testing - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Chores * Docker Compose configuration updated across multiple services (Redis, MySQL, mail, monitoring, and storage services) to restrict port bindings to localhost only instead of all network interfaces. * Documentation Docker Compose examples updated to reflect localhost-only port binding for core services. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-23 12:30:23 -05:00
Ian Littman	f91aa591b0	Target Redis 6 everywhere rather than a mix of 5 and 6 (#35373 ) Redis 5 has been EOL for a few years, and didn't get updates for the latest high-severity CVEs. We're already using 6 in most places (fleetctl preview, recommended reference architectures, managed cloud environments) so it's safe to set 6 as the new minimum. Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>	2025-11-10 17:05:44 -06:00
Martin Angers	9aab3d628c	Move Redis cluster docker yml to separate file (#11162 )	2023-04-12 15:14:28 -04:00

Author

SHA1

Message

Date

Victor Lyuboslavsky

ea22c8087b

Bind docker ports to 127.0.0.1 (#42232 )

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42226

When doing dev in a remote environment, like a public cloud VM, don't
expose ports to the public.
This is a contributor security improvement.

The localstack fail is present on main, and was not caused by this
change:
https://github.com/fleetdm/fleet/actions/runs/23439965808/job/68187858627

# Checklist for submitter

## Testing

- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Docker Compose configuration updated across multiple services (Redis,
MySQL, mail, monitoring, and storage services) to restrict port bindings
to localhost only instead of all network interfaces.
* Documentation Docker Compose examples updated to reflect
localhost-only port binding for core services.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2026-03-23 12:30:23 -05:00

Ian Littman

f91aa591b0

Target Redis 6 everywhere rather than a mix of 5 and 6 (#35373 )

Redis 5 has been EOL for a few years, and didn't get updates for the
latest high-severity CVEs. We're already using 6 in most places
(fleetctl preview, recommended reference architectures, managed cloud
environments) so it's safe to set 6 as the new minimum.

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>

2025-11-10 17:05:44 -06:00

Martin Angers

9aab3d628c

Move Redis cluster docker yml to separate file (#11162 )

2023-04-12 15:14:28 -04:00

3 commits