| ▲ | superkuh 15 hours ago | |
For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there. That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories. | ||
| ▲ | wolvoleo 15 hours ago | parent [-] | |
Ok fair enough yes a static site is really low risk. Usually it's more involved than that though. | ||