30 lines
813 B
Markdown
30 lines
813 B
Markdown
# Monitor Upstream Nebula CVE Remediation
|
|
|
|
**Created:** 2026-02-10
|
|
**Priority:** P2 (Monitor)
|
|
**Type:** Security - Accepted Risk
|
|
|
|
## Objective
|
|
Monitor upstream dependencies for nebula v1.10.3 compatibility fixes.
|
|
|
|
## Watch List
|
|
- [ ] hslatman/caddy-crowdsec-bouncer releases
|
|
- [ ] hslatman/ipstore releases
|
|
- [ ] smallstep/certificates releases
|
|
- [ ] GHSA-69x3-g4r3-p962 severity changes
|
|
|
|
## Quarterly Check Schedule
|
|
- Q1 2026: 2026-03-31
|
|
- Q2 2026: 2026-06-30
|
|
- Q3 2026: 2026-09-30
|
|
- Q4 2026: 2026-12-31
|
|
|
|
## Check Actions
|
|
1. Visit release pages (links in security exception doc)
|
|
2. Check for nebula version updates in go.mod files
|
|
3. If compatible version found, create remediation task
|
|
4. Update this document with check date and findings
|
|
|
|
## Check Log
|
|
- 2026-02-10: Initial assessment - no compatible versions
|