Years out of date
What problems does it have? Never ran into an issue for my usecase.
- 0 Posts
- 3 Comments
Joined 2 years ago
Cake day: June 9th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Automatic updates. Works like a dream. Depending on what you are running it can obviously cause issues, either server side breaking or server,client communication issues
Just because there is no update does not mean there are security vulnerabilities to worry about, or do you have a specific one that is not fixed?
The attack vector seems very narrow to me. It checks the container registry downloads the containers and runs some docker commands.
It has no interface, so in order to attack it you either have to compromise the container registry (but then it would be easier to compromise the containers you download) the secure connection used to download the containers (https is quite stable) or something on the server side.
Also the project does not really look that abundant to me.
EDIT: So i have not checked this, but watchtower is probably using docker for most steps anyway? So basically the only thing that could be attacked is via the notifications watchtower is sending?