Why doesn't coolify believe in publishing CVEs? #10737
Replies: 1 comment 1 reply
-
|
Coolify does publish CVEs to the MITRE database. That happens automatically through Github when Andras publishes the CVE on Github. See https://docs.github.com/en/code-security/concepts/vulnerability-reporting-and-management/repository-security-advisories Andras might not publish a CVE immediately until Coolify Cloud was updated. Coolify Cloud is not always on the latest version. He gets per day 10 vulnerability reports, each of them he is still manually reviewing. So it can happen that some things might take longer. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Reached out to the @andrasbacsai a few times via advisory, while a CVE CVE-2026-48742 was generated, nothing was published on MITRE. As a security researcher and I believe this is the case for many others, having the CVE published is pretty much the only benefit that we get from auditing your software. This leads me to believe that coolify doesn't either.
A. Take security serious
B. Appreciate security researchers
C. Both
Beta Was this translation helpful? Give feedback.
All reactions