"This image has vulnerabilities" on Docker Hub #195
Comments
|
Hi @teohhanhui, Where does it say that? And for which tag? |
|
https://hub.docker.com/r/library/node/tags/ Basically for all of the current tags... Could be due to |
|
It looks like the vulnerabilities are in the base jessie and wheezy, but it seems to be picking up v8 stuff too. |
|
I'm not sure if those v8 vulnerabilities are necessarily relevant to Node.js or not. There is an update coming this week that might be related: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ |
|
I think we might be waiting on docker-library/official-images#1767 and some other things: docker-library/official-images#1764 |
|
Huh, so now I don't see any security warnings on https://hub.docker.com/r/library/node/tags/ and https://hub.docker.com/r/library/node/tags/6/ returns a 404... |
|
Ah, ignore me, apparently you need to be logged in to see the security report. |
|
If you wait just a tad bit longer, the updated tags will be finished
pushing (not entirely sure how long after that the updated CVE scan results
will take to show up). 👍
|
|
Thanks for the update Tianon 👍🏼
|
|
This hasn't been updated in a while. |
|
@Winglet It'd seem so. |
|
@teohhanhui thanks |
|
I'm not sure what else we can do about this. I assumed that a lot of the vulnerabilities in the base images would be resolved by now... |
|
The vulnerabilities are usually waiting for a fix to land in Debian. But many are given a |
|
Ah, ok, thanks for the context. @teohhanhui OK to close this out now? |
|
Is there anything that can be done or do these vulnerabilities need to get patched upstream? |
No description provided.
The text was updated successfully, but these errors were encountered: