Closed tim-fitzgerald closed 2 years ago
Hey @tim-fitzgerald,
I just wanted to let you know we're looking into this and hope to have an update as soon as possible.
Thanks for raising this issue!
Any Update on it?
Currently we're planning to roll the base image updates into the next point release, which should be soon, but I unfortunately don't have a precise ETA
Hello Tim,
I wanted to let you know that we've just pushed connect-api and connect-sync version 1.5.7 to Docker Hub, and in addition to a bugfix or two, it should also have cleared the critical and major vulnerabilities that docker scan detects.
Thank you again for raising this with us!
Hi @kpcraig --> I just checked the 1-password helm chart and found that chart is still not updated to use connect images.
https://github.com/1Password/connect-helm-charts/blob/main/charts/connect/Chart.yaml#L14 Can we have updated helm chart for this also?
thanks for noting that, i'll look into it!
Hey folks,
Running
docker scan
on 1password/connect-api produces a report for two critical vulnerabilities as demonstrated blow:Given that Connect is closed source we cannot determine the contextual severity of either. Could we request that these two critical vulnerabilities be addressed (or ideally Connect be open sourced 😉 ).