antoineco
commented
5 months ago Hi @unnuetz, Kibana is being maintained and released by Elastic at https://github.com/elastic/kibana. We are only a Docker Compose configuration and are not affiliated with Elastic. All we do is consume the upstream container images produced by Elastic.
If the upstream software contains security vulnerabilities, those need to be reported upstream. Thank you for your understanding.
Problem description
Would it be possible to update nodejs version to at least 18.19.1 / 20.11.1 / 21.6.2 or later in the next version? My Vulnerability Scanner is complaining about the following found CVE in the current version CVE-2024-21892, CVE-2024-22019, CVE-2023-46809, CVE-2024-21896, CVE-2024-22017, CVE-2024-21890, CVE-2024-21891
Path : /var/lib/docker/overlay2/d7ed32067375345f9880a12e0ecc22e11c755558a2e7dd120745a8fe23348b44/diff/usr/share/kibana/node/bin/node Installed version : 18.18.2 Fixed version : 18.19.1 Path : /var/lib/docker/overlay2/1cb05263ca5b1a1239c8c21b0cfd9ca7e176637cb894f478995bdcea112b7085/merged/usr/share/kibana/node/bin/node Installed version : 18.18.2 Fixed version : 18.19.1
https://www.tenable.com/plugins/nessus/190856