Build to resolve vulnerabilities

Question

Build to resolve vulnerabilities

Closed this issue 7 months ago · 1 comments

It looks like there are a few critical/high vulnerabilities found in the v0.26.0 build. From reviewing the Dockerfile, I believe a new build should resolve the issues as the effected packages do not appear to be pinned.

It appears the following critical & high CVE's are present:

CVE-2023-38545

Critical
3.18:libcurl:8.2.1-r0

CVE-2023-39323

Critical
github.com/golang/go:1.19.12

CVE-2023-39325

High
golang.org/x/net:0.8.0

CVE-2023-44487

High
golang.org/x/net:0.8.0

CVE-2023-38039

High
3.18:libcurl:8.2.1-r0

Answer 1 · 2024-01-04T11:08:44.000Z

Thanks David, I have not updated this in a while, will cut a new release today with updated packages.