Skip to main content
Delphix

EOL/Obsolete Software - NginX 1.14.x Reported in Security Scan of Delphix Engine (KBA8270)

 

KBA

KBA# 8270

 

Issue

Some security scanning applications will flag EOL or "obsolete" software versions when scanning web applications. As a result, scans of the Delphix Engine may be flagged by the general vendor recommendation to always run the latest release.

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1

Resolution

It is not always possible to render security decisions based on the general version of a given application scan result. Although the Delphix NginX distribution is detected as 1.14, at the time of this article publish the actual NginX version installed is 1.14.0-0ubuntu1.9, which is part of the Canonical Ubuntu 18.04 LTS distribution, from which the Delphix Engine OS is based. This includes numerous security updates beyond the base 1.14.0 release, and as such, many general concerns about security vulnerabilities may not be relevant.  

Beyond this, the generic recommendations of security vendors to always run the latest releases of a given software package are not always preferred, especially in the appliance-based applications such as Delphix Masking or Virtualization. Delphix strives to deliver a secure and stable application, and as such some third party software in use may be selected for their overall stability and long term support while still addressing security concerns as they arise through product updates.

 

 


Related Articles

The following articles may provide more information or related information to this article: