I noticed that the Docker hub image taggedlatest has changed but I also noticed that the latest release from the github repo was still 1.7.0 (which has been working nicely for us).
It looks as though perhaps the 1.7.0 release was re-packaged for #411 but my scanning shows latest still has CVE-2023-39325 in it.
Can you confirm that latest was published by you?
I'm sorry if this sounds nervous, but I wanted to check it's not a supply-chain attack.
Hi,
I noticed that the Docker hub image tagged
latesthas changed but I also noticed that the latest release from the github repo was still 1.7.0 (which has been working nicely for us).It looks as though perhaps the 1.7.0 release was re-packaged for #411 but my scanning shows
lateststill has CVE-2023-39325 in it.Can you confirm that
latestwas published by you?I'm sorry if this sounds nervous, but I wanted to check it's not a supply-chain attack.
Thanks