search

Redocly / redoc

📘 OpenAPI/Swagger-generated API Reference Documentation
https://redocly.github.io/redoc/
MIT License
23.36k stars 2.29k forks source link

vulnerabilities in docker image #2592

Open yarongol opened 2 weeks ago

yarongol commented 2 weeks ago

The following critical and high vulnerabilities are in the redocly image:

runai/redoc CVE-2024-2398 libcurl 8.5.0-r0 8.7.1-r0 High
runai/redoc CVE-2024-2398 curl 8.5.0-r0 8.7.1-r0 High
runai/redoc CVE-2024-6197 curl 8.5.0-r0 8.9.0-r0 High
runai/redoc CVE-2024-45492 libexpat 2.6.2-r0 2.6.3-r0 Critical
runai/redoc CVE-2024-45491 libexpat 2.6.2-r0 2.6.3-r0 Critical
runai/redoc CVE-2024-6197 libcurl 8.5.0-r0 8.9.0-r0 High
runai/redoc CVE-2024-45490 libexpat 2.6.2-r0 2.6.3-r0 Critical

The easiest way to fix these vulnerabilities is what has become an industry standard: base the docker image on top of RedHat UBI 9 minimal https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5 This way, you only need to recompile and release.

yarongol commented 1 week ago

Thank you for fixing. Is is possible to release a version with these fixes?