search

axoflow / axosyslog

AxoSyslog - the scalable security data processor
https://axoflow.com
Other
43 stars 13 forks source link

lots of CVEs in axosyslog 4.7.1 #186

Closed ikheifets-splunk closed 1 week ago

ikheifets-splunk commented 2 weeks ago
Screenshot 2024-07-04 at 11 44 53

More details you can find here security issue

ikheifets-splunk commented 2 weeks ago

Made PR with upgrading alpine linux version. requests and urllib3 already upgraded by dependabot 2 weeks ago

ikheifets-splunk commented 2 weeks ago

@alltilla Thanks for merging PR. When you planning to release it? You know it's security fix, and we don't know when 4.8.0 will be available :)

P.S. What do you think if we will add on pipeline automatic CVE detection of docker image? For example we on CI using trivy

alltilla commented 2 weeks ago

Hi @ikheifets-splunk

4.8.0 is on its way: https://github.com/axoflow/axosyslog/pull/189 :) ETA tomorrow or beginning of next week.

P.S. What do you think if we will add on pipeline automatic CVE detection of docker image? For example we on CI using trivy

Sounds reasonable, let's create a feature request for it.

alltilla commented 2 weeks ago

https://github.com/axoflow/axosyslog/issues/190

ikheifets-splunk commented 1 week ago

Released on 4.8.0