Build to resolve vulnerabilities
Closed this issue · 1 comments
dmaclaury commented
It looks like there are a few critical/high vulnerabilities found in the v0.26.0
build. From reviewing the Dockerfile
, I believe a new build should resolve the issues as the effected packages do not appear to be pinned.
It appears the following critical & high CVE's are present:
- Critical
- 3.18:libcurl:8.2.1-r0
- Critical
- github.com/golang/go:1.19.12
- High
- golang.org/x/net:0.8.0
- High
- golang.org/x/net:0.8.0
- High
- 3.18:libcurl:8.2.1-r0
nicholasjackson commented
Thanks David, I have not updated this in a while, will cut a new release today with updated packages.