CVE-2022-26885 When using tasks to read config files, there is a risk of database password disclosure
Keep in mind that setting up tasks to read config files is a best practice and not a hard requirement. It’s recommended to do this only when it makes sense to do so, such as when you plan on setting up tasks that use the same config files. If you don’t want to set up tasks to read config files, you can use an alternative like GraphQL.
When to use custom tasks
Use custom tasks when you need to make changes to your config files. For example, if you want to set up a task that reads a particular config file and sends data to a webhook, set up the task with specific instructions in the custom task field.
So when will you not want to use custom tasks?
If you are using GraphQL, there is no need for config files, so avoid using custom tasks. If your application is hosted on Heroku or another platform that doesn’t provide access to the underlying source code, then custom tasks won’t be available.
Timeline
Published on: 11/24/2022 16:15:00 UTC
Last modified on: 11/30/2022 20:35:00 UTC