deploy: a004fa0de65693c90d2e1d271860353478a6f2a3

affected/ci/index.badge

@@ -0,0 +1,8 @@
+{
+  "schemaVersion": 1,
+  "label": "Info",
+  "message": "OK",
+  "color": "#0a0c0f",
+  "labelColor": "#555555",
+  "isError": false
+}

affected/ci/index.json

@@ -0,0 +1 @@
+{"is":"system","title":"ci","permalink":"https://info.linuxserver.io/affected/ci/","status":"ok","pages":[{"is":"issue","title":"Git Commit Signing For Linuxserver CI","createdAt":"2024-08-18 23:00:00 +0000 UTC","lastMod":"2024-08-18 22:05:21 +0100 +0100","permalink":"https://info.linuxserver.io/issues/2024-08-18-commit-signing/","severity":"<no value>","resolved":false,"informational":true,"resolvedAt":"<no value>","affected":["ci","github"],"filename":"2024-08-18-commit-signing.md"}]}

affected/ci/index.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="2em" width="8ex" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11"><linearGradient id="b" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="a"><rect width="100%" height="100%" rx="3" fill="#fff"/></clipPath><g clip-path="url(#a)" fill="#fff"><rect x="0" y="0" width="100%" height="100%" fill="#555"/><rect x="4ex" y="0" height="100%" width="100%" fill="green"/><rect x="0" y="0" width="100%" height="100%" fill="url(#b)"/><text x="1ex" y="15" fill="#010101" fill-opacity=".3">ci</text><text x="1ex" y="14">ci</text><text x="5ex" y="15" fill="#010101" fill-opacity=".3">OK</text><text x="5ex" y="14">OK</text></g></svg>

affected/ci/index.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><link rel="alternate" type="text/html" href="https://info.linuxserver.io"/><title>ci on Info :: LinuxServer.io</title><link>https://info.linuxserver.io/affected/ci/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>2024-08-18T23:00:00+00:00</lastBuildDate><updated>2024-08-18T23:00:00+00:00</updated><atom:link href="https://info.linuxserver.io/affected/ci/index.xml" rel="self" type="application/rss+xml"/><item><title>Git Commit Signing For Linuxserver CI</title><link>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</link><pubDate>Sun, 18 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</guid><category/><description>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future.</description><content type="html">&lt;p>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future. If you&amp;rsquo;re contributing code via PR, we&amp;rsquo;d appreciate it if you could sign your commits too.&lt;/p>
+&lt;p>Our public key is &lt;code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHjFYCmz+jSuS/tXs/KTtnLlaZhXTzJ/6EM9Ra9hSZB&lt;/code> and the key signature is &lt;code>SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko&lt;/code>. The email associated with the commits is ci@&lt;!-- raw HTML omitted -->linuxserver&lt;!-- raw HTML omitted -->.io.&lt;/p>
+&lt;p>In GitHub this can be seen as a Verified badge against the commit:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/github-commit-signing.png" alt="GitHub Commit Signing">&lt;/p>
+&lt;p>In GitLab it will similarly show a Verified badge against the commit. Unfortunately, because we use Gitlab as a mirror of GitHub it will show commits authored by GitHub on behalf of users - such as via the web UI - as Unverified:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/gitlab-commit-signing.png" alt="Gitlab Commit Signing">&lt;/p>
+&lt;p>And on the command line a &lt;code>git log --show-signature&lt;/code> will output signing data with each signed commit. Note that you will need to add our email and public key to your git allowedSignersFile for it to show as a Good signature:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-shell" data-lang="shell">&lt;span style="display:flex;">&lt;span>$ git log --show-signature
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>commit c76fe36fd9146817c3ec362a371e31f0f76e90c7 &lt;span style="color:#f92672">(&lt;/span>HEAD -&amp;gt; master, tag: 5.8.3.8933-ls233, origin/master, origin/HEAD&lt;span style="color:#f92672">)&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Good &lt;span style="color:#e6db74">&amp;#34;git&amp;#34;&lt;/span> signature &lt;span style="color:#66d9ef">for&lt;/span> ci@linuxserver.io with ED25519 key SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Author: LinuxServer-CI &amp;lt;ci@linuxserver.io&amp;gt;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Date: Sun Aug &lt;span style="color:#ae81ff">18&lt;/span> 16:58:40 &lt;span style="color:#ae81ff">2024&lt;/span> +0000
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> Bot Updating Templated Files
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div></content></item></channel></rss>

affected/ci/page/1/index.html

@@ -0,0 +1 @@
+<!doctype html><html lang=en><head><title>https://info.linuxserver.io/affected/ci/</title><link rel=canonical href=https://info.linuxserver.io/affected/ci/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://info.linuxserver.io/affected/ci/"></head></html>

affected/github/index.badge

@@ -0,0 +1,8 @@
+{
+  "schemaVersion": 1,
+  "label": "Info",
+  "message": "OK",
+  "color": "#0a0c0f",
+  "labelColor": "#555555",
+  "isError": false
+}

affected/github/index.json

@@ -0,0 +1 @@
+{"is":"system","title":"github","permalink":"https://info.linuxserver.io/affected/github/","status":"ok","pages":[{"is":"issue","title":"Git Commit Signing For Linuxserver CI","createdAt":"2024-08-18 23:00:00 +0000 UTC","lastMod":"2024-08-18 22:05:21 +0100 +0100","permalink":"https://info.linuxserver.io/issues/2024-08-18-commit-signing/","severity":"<no value>","resolved":false,"informational":true,"resolvedAt":"<no value>","affected":["ci","github"],"filename":"2024-08-18-commit-signing.md"}]}

affected/github/index.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="2em" width="12ex" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11"><linearGradient id="b" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="a"><rect width="100%" height="100%" rx="3" fill="#fff"/></clipPath><g clip-path="url(#a)" fill="#fff"><rect x="0" y="0" width="100%" height="100%" fill="#555"/><rect x="8ex" y="0" height="100%" width="100%" fill="green"/><rect x="0" y="0" width="100%" height="100%" fill="url(#b)"/><text x="1ex" y="15" fill="#010101" fill-opacity=".3">github</text><text x="1ex" y="14">github</text><text x="9ex" y="15" fill="#010101" fill-opacity=".3">OK</text><text x="9ex" y="14">OK</text></g></svg>

affected/github/index.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><link rel="alternate" type="text/html" href="https://info.linuxserver.io"/><title>github on Info :: LinuxServer.io</title><link>https://info.linuxserver.io/affected/github/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>2024-08-18T23:00:00+00:00</lastBuildDate><updated>2024-08-18T23:00:00+00:00</updated><atom:link href="https://info.linuxserver.io/affected/github/index.xml" rel="self" type="application/rss+xml"/><item><title>Git Commit Signing For Linuxserver CI</title><link>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</link><pubDate>Sun, 18 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</guid><category/><description>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future.</description><content type="html">&lt;p>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future. If you&amp;rsquo;re contributing code via PR, we&amp;rsquo;d appreciate it if you could sign your commits too.&lt;/p>
+&lt;p>Our public key is &lt;code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHjFYCmz+jSuS/tXs/KTtnLlaZhXTzJ/6EM9Ra9hSZB&lt;/code> and the key signature is &lt;code>SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko&lt;/code>. The email associated with the commits is ci@&lt;!-- raw HTML omitted -->linuxserver&lt;!-- raw HTML omitted -->.io.&lt;/p>
+&lt;p>In GitHub this can be seen as a Verified badge against the commit:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/github-commit-signing.png" alt="GitHub Commit Signing">&lt;/p>
+&lt;p>In GitLab it will similarly show a Verified badge against the commit. Unfortunately, because we use Gitlab as a mirror of GitHub it will show commits authored by GitHub on behalf of users - such as via the web UI - as Unverified:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/gitlab-commit-signing.png" alt="Gitlab Commit Signing">&lt;/p>
+&lt;p>And on the command line a &lt;code>git log --show-signature&lt;/code> will output signing data with each signed commit. Note that you will need to add our email and public key to your git allowedSignersFile for it to show as a Good signature:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-shell" data-lang="shell">&lt;span style="display:flex;">&lt;span>$ git log --show-signature
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>commit c76fe36fd9146817c3ec362a371e31f0f76e90c7 &lt;span style="color:#f92672">(&lt;/span>HEAD -&amp;gt; master, tag: 5.8.3.8933-ls233, origin/master, origin/HEAD&lt;span style="color:#f92672">)&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Good &lt;span style="color:#e6db74">&amp;#34;git&amp;#34;&lt;/span> signature &lt;span style="color:#66d9ef">for&lt;/span> ci@linuxserver.io with ED25519 key SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Author: LinuxServer-CI &amp;lt;ci@linuxserver.io&amp;gt;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Date: Sun Aug &lt;span style="color:#ae81ff">18&lt;/span> 16:58:40 &lt;span style="color:#ae81ff">2024&lt;/span> +0000
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> Bot Updating Templated Files
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div></content></item></channel></rss>

affected/github/page/1/index.html

@@ -0,0 +1 @@
+<!doctype html><html lang=en><head><title>https://info.linuxserver.io/affected/github/</title><link rel=canonical href=https://info.linuxserver.io/affected/github/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://info.linuxserver.io/affected/github/"></head></html>

index.html

@@ -14,7 +14,8 @@
 <b>Security</b>
 <span class=category-status></span></div><div class=components><div class=component data-status=ok><a href=/affected/vulnerabilities/ class=no-underline>Vulnerabilities</a>
 <span class=component-status>OK</span></div></div><script>thisCategory=document.currentScript.parentNode,componentsOfThisCategory=thisCategory.querySelectorAll('.component');var highestLevelStatus='',highestLevelStatusReadable;function checkStatus(t){var e=t.getAttribute('data-status');e==='down'?highestLevelStatus='down':e==='disrupted'&&highestLevelStatus!=='down'?highestLevelStatus='disrupted':e==='notice'&&highestLevelStatus!=='down'&&highestLevelStatus!=='disrupted'&&(highestLevelStatus='notice')}componentsOfThisCategory.forEach(e=>checkStatus(e)),highestLevelStatusReadable=highestLevelStatus,highestLevelStatus==='ok'&&(highestLevelStatusReadable='OK'),highestLevelStatus==='notice'&&(highestLevelStatusReadable='Notice'),highestLevelStatus==='disrupted'&&(highestLevelStatusReadable='Disrupted'),highestLevelStatus==='down'&&(highestLevelStatusReadable='Down'),thisCategory.classList.contains('category--titled')&&(thisCategory.querySelector('.category__head').setAttribute('data-status',highestLevelStatus),thisCategory.querySelector('.category-status').innerHTML=highestLevelStatusReadable)</script></div></div></div><div class="contain contain--more"><h2 class=center>History</h2><hr class=clean></div><div class="contain contain--more" id=incidents><p class="center archive__head" id=archive-2024><a href=#archive-2024 class=no-underline><strong>2024</strong>
-<span class=faded>(22)</span></a></p><a href=https://info.linuxserver.io/issues/2024-08-11-unifi-auth/ class="issue no-underline"><small class="date float-right relative-time" title="August 13, 2024 at 11:00 PM" data-date="Aug 13 23:00:00 2024 UTC">August 13, 2024 at 11:00 PM</small><h3>PSA Regarding Potential Misconfiguration of Unifi-Network-Application and MongoDB &nbsp;ℹ</h3><span class=faded>We have recently been notified that if Role Based Access Control (RBAC) is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without …</span></a>
+<span class=faded>(23)</span></a></p><a href=https://info.linuxserver.io/issues/2024-08-18-commit-signing/ class="issue no-underline"><small class="date float-right relative-time" title="August 18, 2024 at 11:00 PM" data-date="Aug 18 23:00:00 2024 UTC">August 18, 2024 at 11:00 PM</small><h3>Git Commit Signing For Linuxserver CI &nbsp;ℹ</h3><span class=faded>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). …</span></a>
+<a href=https://info.linuxserver.io/issues/2024-08-11-unifi-auth/ class="issue no-underline"><small class="date float-right relative-time" title="August 13, 2024 at 11:00 PM" data-date="Aug 13 23:00:00 2024 UTC">August 13, 2024 at 11:00 PM</small><h3>PSA Regarding Potential Misconfiguration of Unifi-Network-Application and MongoDB &nbsp;ℹ</h3><span class=faded>We have recently been notified that if Role Based Access Control (RBAC) is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without …</span></a>
 <a href=https://info.linuxserver.io/issues/2024-08-11-deprecation-changes/ class="issue no-underline"><small class="date float-right relative-time" title="August 12, 2024 at 6:00 PM" data-date="Aug 12 18:00:00 2024 UTC">August 12, 2024 at 6:00 PM</small><h3>Changes To Our Image Deprecation Process &nbsp;ℹ</h3><span class=faded>Currently, when we deprecate an image, we add a note to the readme and to the startup logs to make users aware that the image is no longer actively supported and will not receive further updates. …</span></a>
 <a href=https://info.linuxserver.io/issues/2024-07-26-rust-ungoogled/ class="issue no-underline"><small class="date float-right relative-time" title="July 26, 2024 at 8:00 PM" data-date="Jul 26 20:00:00 2024 UTC">July 26, 2024 at 8:00 PM</small><h3>New Containers: RustDesk and Ungoogled Chromium &nbsp;ℹ</h3><span class=faded>We have released two new desktop application containers for: RustDesk
 RustDesk is a full-featured open source remote control alternative for self-hosting and security with minimal configuration. …</span></a>

index.json

@@ -1 +1 @@
-{"is":"index","cStateVersion":"5.6.1","apiVersion":"2.0","title":"Info :: LinuxServer.io","languageCodeHTML":"en","languageCode":"en","baseURL":"https://info.linuxserver.io","description":"LinuxServer.io Status page","summaryStatus":"ok","categories":[{"name":"Images","description":"Information regarding our images","hideTitle":false,"closedByDefault":false},{"name":"Security","hideTitle":false,"closedByDefault":false}],"pinnedIssues":[],"systems":[{"name":"Deprecations","category":"Images","status":"ok","unresolvedIssues":[]},{"name":"New Containers","category":"Images","status":"ok","unresolvedIssues":[]},{"name":"Vulnerabilities","category":"Security","status":"ok","unresolvedIssues":[]},{"name":"Known Issues","category":"Images","status":"ok","unresolvedIssues":[]},{"name":"Notifications","category":"Images","status":"ok","unresolvedIssues":[]}],"buildDate":"2024-08-18","buildTime":"19:25","buildTimezone":"UTC","colorBrand":"#0a0c0f","colorOk":"#008000","colorDisrupted":"#cc4400","colorDown":"#e60000","colorNotice":"#24478f","alwaysKeepBrandColor":"true","logo":"https://info.linuxserver.io/logo.png","googleAnalytics":"UA-00000000-1"}
+{"is":"index","cStateVersion":"5.6.1","apiVersion":"2.0","title":"Info :: LinuxServer.io","languageCodeHTML":"en","languageCode":"en","baseURL":"https://info.linuxserver.io","description":"LinuxServer.io Status page","summaryStatus":"ok","categories":[{"name":"Images","description":"Information regarding our images","hideTitle":false,"closedByDefault":false},{"name":"Security","hideTitle":false,"closedByDefault":false}],"pinnedIssues":[],"systems":[{"name":"Deprecations","category":"Images","status":"ok","unresolvedIssues":[]},{"name":"New Containers","category":"Images","status":"ok","unresolvedIssues":[]},{"name":"Vulnerabilities","category":"Security","status":"ok","unresolvedIssues":[]},{"name":"Known Issues","category":"Images","status":"ok","unresolvedIssues":[]},{"name":"Notifications","category":"Images","status":"ok","unresolvedIssues":[]}],"buildDate":"2024-08-18","buildTime":"21:14","buildTimezone":"UTC","colorBrand":"#0a0c0f","colorOk":"#008000","colorDisrupted":"#cc4400","colorDown":"#e60000","colorNotice":"#24478f","alwaysKeepBrandColor":"true","logo":"https://info.linuxserver.io/logo.png","googleAnalytics":"UA-00000000-1"}

index.xml

@@ -1,4 +1,18 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Info :: LinuxServer.io</title><link>https://info.linuxserver.io/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>Tue, 13 Aug 2024 23:00:00 +0000</lastBuildDate><atom:link href="https://info.linuxserver.io/index.xml" rel="self" type="application/rss+xml"/><item><title>PSA Regarding Potential Misconfiguration of Unifi-Network-Application and MongoDB</title><link>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</link><pubDate>Tue, 13 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</guid><category/><description>&lt;p>We have recently been notified that if &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">Role Based Access Control (RBAC)&lt;/a> is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without credentials even though the official docs suggest that should only be possible when connecting from 127.0.0.1.&lt;/p>
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Info :: LinuxServer.io</title><link>https://info.linuxserver.io/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>Sun, 18 Aug 2024 23:00:00 +0000</lastBuildDate><atom:link href="https://info.linuxserver.io/index.xml" rel="self" type="application/rss+xml"/><item><title>Git Commit Signing For Linuxserver CI</title><link>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</link><pubDate>Sun, 18 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</guid><category/><description>&lt;p>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future. If you&amp;rsquo;re contributing code via PR, we&amp;rsquo;d appreciate it if you could sign your commits too.&lt;/p>
+&lt;p>Our public key is &lt;code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHjFYCmz+jSuS/tXs/KTtnLlaZhXTzJ/6EM9Ra9hSZB&lt;/code> and the key signature is &lt;code>SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko&lt;/code>. The email associated with the commits is ci@&lt;!-- raw HTML omitted -->linuxserver&lt;!-- raw HTML omitted -->.io.&lt;/p>
+&lt;p>In GitHub this can be seen as a Verified badge against the commit:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/github-commit-signing.png" alt="GitHub Commit Signing">&lt;/p>
+&lt;p>In GitLab it will similarly show a Verified badge against the commit. Unfortunately, because we use Gitlab as a mirror of GitHub it will show commits authored by GitHub on behalf of users - such as via the web UI - as Unverified:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/gitlab-commit-signing.png" alt="Gitlab Commit Signing">&lt;/p>
+&lt;p>And on the command line a &lt;code>git log --show-signature&lt;/code> will output signing data with each signed commit. Note that you will need to add our email and public key to your git allowedSignersFile for it to show as a Good signature:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-shell" data-lang="shell">&lt;span style="display:flex;">&lt;span>$ git log --show-signature
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>commit c76fe36fd9146817c3ec362a371e31f0f76e90c7 &lt;span style="color:#f92672">(&lt;/span>HEAD -&amp;gt; master, tag: 5.8.3.8933-ls233, origin/master, origin/HEAD&lt;span style="color:#f92672">)&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Good &lt;span style="color:#e6db74">&amp;#34;git&amp;#34;&lt;/span> signature &lt;span style="color:#66d9ef">for&lt;/span> ci@linuxserver.io with ED25519 key SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Author: LinuxServer-CI &amp;lt;ci@linuxserver.io&amp;gt;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Date: Sun Aug &lt;span style="color:#ae81ff">18&lt;/span> 16:58:40 &lt;span style="color:#ae81ff">2024&lt;/span> +0000
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> Bot Updating Templated Files
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div></description></item><item><title>PSA Regarding Potential Misconfiguration of Unifi-Network-Application and MongoDB</title><link>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</link><pubDate>Tue, 13 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</guid><category/><description>&lt;p>We have recently been notified that if &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">Role Based Access Control (RBAC)&lt;/a> is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without credentials even though the official docs suggest that should only be possible when connecting from 127.0.0.1.&lt;/p>
 &lt;p>The previous instructions for setting up MongodB we had provided in our &lt;a href="https://github.com/linuxserver/docker-unifi-network-application">Unifi-Network-Application image readme&lt;/a> set up MongoDB without &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">RBAC&lt;/a>. If you set up the MongoDB container with the old instructions we had provided, &lt;strong>do not map or expose port 27017&lt;/strong>. If you are currently not mapping the port in MongoDB and only allowing Unifi-Network-Application to access it over a dedicated user defined docker bridge network, you should be fine. The instructions did not contain the port mapping section.&lt;/p>
 &lt;p>The MongoDB init instructions in our &lt;a href="https://github.com/linuxserver/docker-unifi-network-application">Unifi-Network-Application image readme&lt;/a> have been updated to enable &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">RBAC&lt;/a> to help prevent issues due to such misconfigurations in the future.&lt;/p>
 &lt;p>If you need to map or expose the port because the containers run on different machines, or if you would like to enable auth/RBAC for another reason, we suggest creating new instances of both Unifi-Network-Application and MongoDB with the new instructions and restoring Unifi-Network-Application from a backup.&lt;/p></description></item><item><title>Changes To Our Image Deprecation Process</title><link>https://info.linuxserver.io/issues/2024-08-11-deprecation-changes/</link><pubDate>Mon, 12 Aug 2024 18:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-11-deprecation-changes/</guid><category/><description>&lt;p>Currently, when we deprecate an image, we add a note to the readme and to the startup logs to make users aware that the image is no longer actively supported and will not receive further updates. Users can then make their own decision as to whether to continue using it or not. Despite this, we still see a significant number of pulls for images that we have long since stopped updating, primarily because users don&amp;rsquo;t read the notices, or use a container management platform that doesn&amp;rsquo;t expose them.&lt;/p>

issues/2024-08-18-commit-signing/index.json

@@ -0,0 +1 @@
+{"is":"issue","title":"Git Commit Signing For Linuxserver CI","body":"\u003cp\u003eEffective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we\u0026rsquo;re working on getting everyone else into that position in the near future. If you\u0026rsquo;re contributing code via PR, we\u0026rsquo;d appreciate it if you could sign your commits too.\u003c/p\u003e\n\u003cp\u003eOur public key is \u003ccode\u003essh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHjFYCmz+jSuS/tXs/KTtnLlaZhXTzJ/6EM9Ra9hSZB\u003c/code\u003e and the key signature is \u003ccode\u003eSHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko\u003c/code\u003e. The email associated with the commits is ci@\u003c!-- raw HTML omitted --\u003elinuxserver\u003c!-- raw HTML omitted --\u003e.io.\u003c/p\u003e\n\u003cp\u003eIn GitHub this can be seen as a Verified badge against the commit:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"/img/github-commit-signing.png\" alt=\"GitHub Commit Signing\"\u003e\u003c/p\u003e\n\u003cp\u003eIn GitLab it will similarly show a Verified badge against the commit. Unfortunately, because we use Gitlab as a mirror of GitHub it will show commits authored by GitHub on behalf of users - such as via the web UI - as Unverified:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"/img/gitlab-commit-signing.png\" alt=\"Gitlab Commit Signing\"\u003e\u003c/p\u003e\n\u003cp\u003eAnd on the command line a \u003ccode\u003egit log --show-signature\u003c/code\u003e will output signing data with each signed commit. Note that you will need to add our email and public key to your git allowedSignersFile for it to show as a Good signature:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-shell\" data-lang=\"shell\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$ git log --show-signature\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ecommit c76fe36fd9146817c3ec362a371e31f0f76e90c7 \u003cspan style=\"color:#f92672\"\u003e(\u003c/span\u003eHEAD -\u0026gt; master, tag: 5.8.3.8933-ls233, origin/master, origin/HEAD\u003cspan style=\"color:#f92672\"\u003e)\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eGood \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;git\u0026#34;\u003c/span\u003e signature \u003cspan style=\"color:#66d9ef\"\u003efor\u003c/span\u003e ci@linuxserver.io with ED25519 key SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eAuthor: LinuxServer-CI \u0026lt;ci@linuxserver.io\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eDate:   Sun Aug \u003cspan style=\"color:#ae81ff\"\u003e18\u003c/span\u003e 16:58:40 \u003cspan style=\"color:#ae81ff\"\u003e2024\u003c/span\u003e +0000\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e    Bot Updating Templated Files\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","createdAt":"2024-08-18 23:00:00 +0000 UTC","lastMod":"2024-08-18 22:05:21 +0100 +0100","permalink":"https://info.linuxserver.io/issues/2024-08-18-commit-signing/","severity":"<no value>","resolved":false,"informational":true,"resolvedAt":"<no value>","affected":["ci","github"],"filename":"2024-08-18-commit-signing.md"}

issues/index.xml

@@ -1,4 +1,18 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><link rel="alternate" type="text/html" href="https://info.linuxserver.io"/><title>Issues on Info :: LinuxServer.io</title><link>https://info.linuxserver.io/issues/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>2024-08-13T23:00:00+00:00</lastBuildDate><updated>2024-08-13T23:00:00+00:00</updated><atom:link href="https://info.linuxserver.io/issues/index.xml" rel="self" type="application/rss+xml"/><item><title>PSA Regarding Potential Misconfiguration of Unifi-Network-Application and MongoDB</title><link>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</link><pubDate>Tue, 13 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</guid><category/><description>We have recently been notified that if Role Based Access Control (RBAC) is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without credentials even though the official docs suggest that should only be possible when connecting from 127.0.0.1.
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><link rel="alternate" type="text/html" href="https://info.linuxserver.io"/><title>Issues on Info :: LinuxServer.io</title><link>https://info.linuxserver.io/issues/</link><description>History</description><generator>github.com/cstate</generator><language>en</language><lastBuildDate>2024-08-18T23:00:00+00:00</lastBuildDate><updated>2024-08-18T23:00:00+00:00</updated><atom:link href="https://info.linuxserver.io/issues/index.xml" rel="self" type="application/rss+xml"/><item><title>Git Commit Signing For Linuxserver CI</title><link>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</link><pubDate>Sun, 18 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-18-commit-signing/</guid><category/><description>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future.</description><content type="html">&lt;p>Effective immediately we have started signing all of the git commits created by our CI account (I know, we should have done this a while ago but there were logistical issues that made it difficult). This means you can verify that all commits to our repos were, in fact, authored by us and that any commits to other random repos, were not. Most of the individuals who commit to our repos already sign their commits, but we&amp;rsquo;re working on getting everyone else into that position in the near future. If you&amp;rsquo;re contributing code via PR, we&amp;rsquo;d appreciate it if you could sign your commits too.&lt;/p>
+&lt;p>Our public key is &lt;code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHjFYCmz+jSuS/tXs/KTtnLlaZhXTzJ/6EM9Ra9hSZB&lt;/code> and the key signature is &lt;code>SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko&lt;/code>. The email associated with the commits is ci@&lt;!-- raw HTML omitted -->linuxserver&lt;!-- raw HTML omitted -->.io.&lt;/p>
+&lt;p>In GitHub this can be seen as a Verified badge against the commit:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/github-commit-signing.png" alt="GitHub Commit Signing">&lt;/p>
+&lt;p>In GitLab it will similarly show a Verified badge against the commit. Unfortunately, because we use Gitlab as a mirror of GitHub it will show commits authored by GitHub on behalf of users - such as via the web UI - as Unverified:&lt;/p>
+&lt;p>&lt;img src="https://info.linuxserver.io/img/gitlab-commit-signing.png" alt="Gitlab Commit Signing">&lt;/p>
+&lt;p>And on the command line a &lt;code>git log --show-signature&lt;/code> will output signing data with each signed commit. Note that you will need to add our email and public key to your git allowedSignersFile for it to show as a Good signature:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-shell" data-lang="shell">&lt;span style="display:flex;">&lt;span>$ git log --show-signature
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>commit c76fe36fd9146817c3ec362a371e31f0f76e90c7 &lt;span style="color:#f92672">(&lt;/span>HEAD -&amp;gt; master, tag: 5.8.3.8933-ls233, origin/master, origin/HEAD&lt;span style="color:#f92672">)&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Good &lt;span style="color:#e6db74">&amp;#34;git&amp;#34;&lt;/span> signature &lt;span style="color:#66d9ef">for&lt;/span> ci@linuxserver.io with ED25519 key SHA256:fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Author: LinuxServer-CI &amp;lt;ci@linuxserver.io&amp;gt;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>Date: Sun Aug &lt;span style="color:#ae81ff">18&lt;/span> 16:58:40 &lt;span style="color:#ae81ff">2024&lt;/span> +0000
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> Bot Updating Templated Files
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div></content></item><item><title>PSA Regarding Potential Misconfiguration of Unifi-Network-Application and MongoDB</title><link>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</link><pubDate>Tue, 13 Aug 2024 23:00:00 +0000</pubDate><guid>https://info.linuxserver.io/issues/2024-08-11-unifi-auth/</guid><category/><description>We have recently been notified that if Role Based Access Control (RBAC) is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without credentials even though the official docs suggest that should only be possible when connecting from 127.0.0.1.
 The previous instructions for setting up MongodB we had provided in our Unifi-Network-Application image readme set up MongoDB without RBAC. If you set up the MongoDB container with the old instructions we had provided, do not map or expose port 27017.</description><content type="html">&lt;p>We have recently been notified that if &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">Role Based Access Control (RBAC)&lt;/a> is not enabled in MongoDB, the official MongoDB container allows remote access to the db contents over port 27017 without credentials even though the official docs suggest that should only be possible when connecting from 127.0.0.1.&lt;/p>
 &lt;p>The previous instructions for setting up MongodB we had provided in our &lt;a href="https://github.com/linuxserver/docker-unifi-network-application">Unifi-Network-Application image readme&lt;/a> set up MongoDB without &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">RBAC&lt;/a>. If you set up the MongoDB container with the old instructions we had provided, &lt;strong>do not map or expose port 27017&lt;/strong>. If you are currently not mapping the port in MongoDB and only allowing Unifi-Network-Application to access it over a dedicated user defined docker bridge network, you should be fine. The instructions did not contain the port mapping section.&lt;/p>
 &lt;p>The MongoDB init instructions in our &lt;a href="https://github.com/linuxserver/docker-unifi-network-application">Unifi-Network-Application image readme&lt;/a> have been updated to enable &lt;a href="https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control">RBAC&lt;/a> to help prevent issues due to such misconfigurations in the future.&lt;/p>