Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image vulnerabilities #188

Open
runningman84 opened this issue Mar 18, 2024 · 3 comments
Open

Image vulnerabilities #188

runningman84 opened this issue Mar 18, 2024 · 3 comments

Comments

@runningman84
Copy link
Contributor

Trivy informored us about these criticial issues for the current externa-auth-server docker image:
https://nvd.nist.gov/vuln/detail/CVE-2019-8457
https://nvd.nist.gov/vuln/detail/CVE-2024-27307
https://nvd.nist.gov/vuln/detail/CVE-2023-45853
https://nvd.nist.gov/vuln/detail/CVE-2023-36665

There are also a lot of medium and high security issues with the docker image.

Because external-auth-server might be a critical component in any cluster it would be great to have regular image updates with cve scanning.
@travisghansen
Copy link
Owner

Thanks for bringing it up! I will look at bumping both the base image and all the npm deps as well.

@runningman84
Copy link
Contributor Author

Please also consider some build automation which helps you to regularly release your software. Thanks for your support!

@runningman84
Copy link
Contributor Author

@travisghansen are there any news here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@travisghansen @runningman84