Hi,
When using atlassian-connect-express with postgres, the following depreciation warning appears at app startup:
DeprecationWarning: Implicit disabling of certificate verification is
deprecated and will be removed in pg 8. Specify `rejectUnauthorized:
true` to require a valid CA or `rejectUnauthorized: false` to
explicitly opt out of MITM protection.
The problem with ACE is that we can’t (or at least I don’t know how) set the configuration for the pg connection. In ACE the connection is configured in config.json, and adding the TLS config there has no effect as the additional configuration parameters are not read by ACE.
My impression is that it’s somewhat urgent to fix this.
@BobBergman I’ve tried DEVHELP in the past, and that seemed to not work.
Then I did a pull request for ACE template for the updated security requirements, and that got rewritten and merged.
For another issue I also did a pull request. However no feedback.