wwwdepot
commented
1 year ago The webp vulnerability is resolved in the master tag. BTW, you can use trivy to check the image yourself.
trivy image shumc/imagor:master -s "HIGH,CRITICAL"Closed ArtNattapat closed 1 year ago
wwwdepot
commented
1 year ago The webp vulnerability is resolved in the master tag. BTW, you can use trivy to check the image yourself.
trivy image shumc/imagor:master -s "HIGH,CRITICAL"
ArtNattapat
commented
1 year ago Thank you.
I have checked imagor docker image in docker hub. For master tag, digest a0517db5eec1, has published for 9 days ago. Version of libwebp6 in that image is 0.6.1-2.1+deb11u2. Is that fixed for this vulnerability and stable to use ? I'm not sure because it doesn't tag version.
Refs: https://metadata.ftp-master.debian.org/changelogs/main/libw/libwebp/libwebp_0.6.1-2.1%2bdeb11u2_changelog