Comments (4)
Hi,
AWS has many testing methodologies for our production services. Currently AWS does not have a public bug bounty as a part of that suite of methodologies. If an issue with AWS is discovered in production, please submit that issue to our security team using the instructions available on the Security Vulnerability Reporting page of our website: https://aws.amazon.com/security/vulnerability-reporting/
Thank you
from aws-codedeploy-agent.
Three years for an AWS response, and not even a "thanks for letting us know." This is mind-boggling.
As the original comment stated: yes, I did submit this issue to your security team and did not publish an exploit while waiting for a response or patch. Other researchers may not be as courteous or patient in the future.
from aws-codedeploy-agent.
Ha you're barking up the wrong tree, posting an issue to this project.
That said, I completely agree with you.
from aws-codedeploy-agent.
Thanks @jdrago999! Agreed. I would definitely cut some slack for a startup, but AWS is definitely not a startup.
I'm just surprised that there's so little process or transparency, especially when someone responsibly and courteously notifies regarding a vuln..
The lack of response on this thread is a concern as well; makes me a bit worried about what else is lurking in the hypervisor..
from aws-codedeploy-agent.
Related Issues (20)
- Debian package depends on ruby version < 3.1, even though 3.1 and 3.2 is supported HOT 5
- Windows Deployment Group logs should be in the log folder
- Code deploy falling very frequently HOT 1
- CodeDeplot Access denied when calling "codedeploy-commands.eu-central-1.amazonaws.com:443" HOT 1
- [Feature Request] Debian (12 Bookworm) support HOT 1
- [problem] CodeDeploy Agent systemd service bash-completion error
- [Error] AL2023 - max_revisions - Error deleting directories HOT 3
- CodeDeploy 'Downloading failed bundle.zip from s3 bucket' at "DownloadBundle" step HOT 1
- Service is running but with errors HOT 1
- Codedeploy failing randomly at Install not finding appspec.yml
- Switch to use s3 multipart download when fetching artifacts
- DownloadBundle deployment lifecycle events for troubleshooting UnknownError: execution expired HOT 1
- Failed deployment DownloadBundle events with error "No such file or directory - getcwd" HOT 1
- Add the CodeDeploy agent to the PATH HOT 1
- CodeDeploy agent support for RHEL 9 HOT 1
- Announcement: Releasing Agent 1.7.0 to all regions
- [Feature request] Deployments to ASG Warm pool instances using CodeDeploy lifecycle hooks HOT 1
- [feature] allow codeploy agent service with manual start on windows
- [Issue] : cron job not running as expected after CodeDeploy changes the code in EC2 using CodePipeline
- Install fails using SSM AWS-ConfigureAWSPackage on ARM
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-codedeploy-agent.