Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vulnerabilities in docker image #2592

Closed
yarongol opened this issue Sep 16, 2024 · 2 comments
Closed

vulnerabilities in docker image #2592

yarongol opened this issue Sep 16, 2024 · 2 comments
Labels
Type: Bug

Comments

@yarongol
Copy link

The following critical and high vulnerabilities are in the redocly image:

runai/redoc CVE-2024-2398 libcurl 8.5.0-r0 8.7.1-r0 High
runai/redoc CVE-2024-2398 curl 8.5.0-r0 8.7.1-r0 High
runai/redoc CVE-2024-6197 curl 8.5.0-r0 8.9.0-r0 High
runai/redoc CVE-2024-45492 libexpat 2.6.2-r0 2.6.3-r0 Critical
runai/redoc CVE-2024-45491 libexpat 2.6.2-r0 2.6.3-r0 Critical
runai/redoc CVE-2024-6197 libcurl 8.5.0-r0 8.9.0-r0 High
runai/redoc CVE-2024-45490 libexpat 2.6.2-r0 2.6.3-r0 Critical

The easiest way to fix these vulnerabilities is what has become an industry standard: base the docker image on top of RedHat UBI 9 minimal https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5
This way, you only need to recompile and release.
@AlexVarchuk AlexVarchuk mentioned this issue Sep 17, 2024
Merged
3 tasks
@yarongol
Copy link
Author

Thank you for fixing. Is is possible to release a version with these fixes?

@AlexVarchuk
Copy link
Collaborator

@yarongol Released

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yarongol @AlexVarchuk