Closed sennewood closed 4 years ago
Hello,
I've noticed too that docker releases are really long to come out unlike the normal RC, could it be done at the same time ? I guess there is a CI/CD process to get it running ? For 3.5.3 and that security flaw, it should be done fast. Thanks.
Hello,
I've noticed too that docker releases are really long to come out unlike the normal RC, could it be done at the same time ? I guess there is a CI/CD process to get it running ? For 3.5.3 and that security flaw, it should be done fast. Thanks.
Aside from this release which has a security vulnerability, https://github.com/RocketChat/Docker.Official.Image/pull/117#issuecomment-665142698.
thanks @aminvakil .. just to mention that the current version available via docker (3.5.0) is not affected by the security issue mentioned on issue description..
but as a general comment, we'll be looking into automating the process of updating official docker image or at least make it part of the process.
Thanks !
Within 24h everything is done. Thank you :)
The (german) press reported a security issue and how to use it: https://www.heise.de/news/Rocket-Chat-Luecke-erlaubte-Remote-Code-Execution-durch-praeparierte-Nachrichten-4873678.html
The issue is fixed in 3.4.3 and 3.5.0 - but because of known errors, which would effect our installation, which got fixed in 3.5.3, we have to wait for an image for that version.
We would be very happy if an image for one of these versions would be build.