.git directory exposed on docker container

[julianobst]

I'm using the docker image for hosting the part-db webservice and according to a security investigation (ref. to https://www.heise.de/ct/artikel/Massive-Sicherheitsprobleme-durch-offene-Git-Repositorys-4795181.html) a accessible .git directory was found on my part-db instance.
I think this is not that critical becaus no credentials should be stored there but it's also not best practice.
Any access to the .git directory from the web should be denied by adding a rule to the apache.conf file or the .git directory should be removed after cloning.

For now, I have removed the .git directory inside my docker container instance.

[jbtronics]

I have added .git folder to .gitignore so it will not be copied to the docker image.
For normal installations, that's a bit difficult I guess that is the responsibility of the server owner to correctly configure its webserver...

In the new Part-DB version this is no problem as the documentroot is not the project root (where .git normally is put).