search

docker-library / ruby

Docker Official Image packaging for Ruby
http://www.ruby-lang.org/
BSD 2-Clause "Simplified" License
590 stars 334 forks source link

CVE-2023-36617 #442

Closed sudiptam123 closed 7 months ago

sudiptam123 commented 7 months ago

It seems that the ruby 2.7 alpine is listing out CVE-2023-36617. is there a way in which it can be resolved in the ruby base image 2.7-alpine. As of now the applications we use, hasn't migrated to use ruby 3.x and hence if this CVE can be fixed in the 2.7 base image then it would be great. Please suggest here. Attaching the scan report below:

https://scout.docker.com/vulnerabilities/id/CVE-2023-36617?s=oracle&n=rubygem-rdoc&ns=oraclelinux&t=rpm&osn=oraclelinux&osv=8&vr=%3C0%3A6.4.0-142.module%2Bel8.9.0%2B90182%2B7bdfc9e5&utm_source=desktop&utm_medium=ExternalLink

LaurentGoderre commented 7 months ago

Ruby 2.7 is no longer supported and won't get further updates.

tianon commented 7 months ago

Indeed, a full year ago now :grimacing: (https://github.com/docker-library/ruby/pull/418)

sudiptam123 commented 7 months ago

Thanks for clarifying that!