Closed tmousaw-ptc closed 3 years ago
We strive to follow upstream releases and so don't really backport patches. Once there is a release available on https://busybox.net/, we'll publish a new image.
Version 1.33.1 (stable) was published today at https://busybox.net/. Is that version acceptable in order to incorporate the fix?
Yep! Bump is done in #102, builds are almost finished (so there'll be a PR to https://github.com/docker-library/official-images soon).
A Prisma Cloud scan of a container using the latest docker image of BusyBox is raising CVE-2021-28831. This issue was fixed in a commit to BusyBox here. This bug requests a new docker image tag be published that contains this fix.
I'm uncertain of whether this requires a new version of BusyBox to be published. If so, I'm willing to write that bug as well.