Skip to content

Security hardening proposal: remove weak defaults, disable plain Docker TCP (2375), and update EOL component in example configs #7503

Description

@youming1970

Hi CDS team,

First, thank you for maintaining CDS — it's a great enterprise-grade CI/CD platform.

While reviewing example configs, we noticed a few copy-paste hazards that may leak into production environments:

1) Weak default credentials (P1)

Lines 11-12, 26:

POSTGRES_PASSWORD: cds
redis-server --requirepass cds

Risk: frequent copy/paste into non-dev deployments, enabling trivial brute-force and lateral movement.

2) Plain Docker Engine over TCP 2375 (P1)

Line 93, 279, 283:

hatchery.swarm.dockerEngines.default.host=tcp://dockerhost:2375
TCP4-LISTEN:2375,fork,reuseaddr

Risk: no TLS or auth; violates CIS Docker guidance. Interception or command injection is possible on untrusted networks.

3) EOL component in examples (P2)

Line 32:

image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2

Risk: 2019 version (EOL), missing patches and compliance issues.

Proposed remediation (backward-compatible and low-noise):

  • Replace hardcoded secrets with .env-driven placeholders (e.g., ${POSTGRES_PASSWORD:?set in .env}) and add an .env.sample with CHANGE_ME values. Add a README warning box: "dev-only defaults — never use in production."
  • For Docker Engine: default to unix:///var/run/docker.sock for local, and provide a TLS 2376 example for remote (CA/cert/key), or document DOCKER_TLS_VERIFY.
  • Mark Elasticsearch as dev-only, restrict binding to localhost, and document a tested path to ES 8.x or OpenSearch 2.x. At minimum, add a note about EOL and isolation.

Happy to open a PR with:

  • .env.sample + docs changes
  • example compose/config updates
  • a lightweight CI check to prevent reintroduction of ":2375", "POSTGRES_PASSWORD=cds", and "elasticsearch:6.7.2"

If you prefer a private channel for security-related items, we can re-send via your preferred contact.

Context: we run "Configuration Security Review Team" (24h config risk review). Focus here is technical contribution; no obligations.

Thanks for considering — we can adapt to your preferred approach.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions