Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 6.17.2
Affects Version/s: None
Component/s: Foreman Proxy
Labels:

Story Points:
5
Target Version:

6.17.2
Blocked:
False
Fixed in Build:
foreman-proxy-3.14.0.1
Severity:
Important
AssignedTeam:
sat-endeavour

Release Note Type:
None
Release Note Text:
None
Release Note Status:
None

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Test Coverage:

To Do

Market:

Problem Statement

Enable HTTP Strict Transport Security (HSTS) on the foreman-proxy daemon in Red Hat Satellite. Currently, security scanners flag it as non-compliant, creating issues with security exceptions. Enabling HSTS will improve compliance and reduce the need for variances, enhancing user experience in enterprise environments.

User Experience & Workflow

End-State: Foreman-proxy enforces HSTS, resolving compliance issues.

Requirements

A setting to enable HSTS on the foreman-proxy daemon

Business Impact

Without HSTS, security scanners will continue to flag non-compliance, complicating security exception processes and impacting enterprise security posture and efficiency.

clones

SAT-27937 foreman-proxy lacks HSTS support

Release Pending

depends on

SAT-34194 Add HSTS middleware by ekohl · Pull Request #905 · theforeman/smart-proxy · GitHub

Closed

links to

RHBA-2025:151800 Satellite 6.17.2 Async Update

What is HSTS header, how to enable or disable its support in the RedHat Satellite 6 Server, and why certain ports do not offer HSTS?

Assignee:: Ewoud Kohl van Wijngaarden

Reporter:: Camila Cortes (Inactive)

QA Contact:: Lukas Pramuk

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/06/12 4:18 PM

Updated:: 2025/09/14 12:41 AM

Resolved:: 2025/07/10 3:06 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates