Hello,
Do you have an upgrade strategy related to vpp?
What is the reason not to use latest release in govpp? (I am aware of possibility to change vpp version our-self)
The issue comes from a security vulnerability scan which report some risks for old third parties and old 3pp's of this 3pp :smiling_face_with_tear:
For example: mbedtls-devel package is a build dependency for currently used vpp version (on opensuse) and using mbedtls version 2.28.0. That contained a vulnerability which does not affect us but must be revealed and explained. The latest vpp version build does not depend on mbedtls.
Hello, Do you have an upgrade strategy related to vpp? What is the reason not to use latest release in govpp? (I am aware of possibility to change vpp version our-self)
The issue comes from a security vulnerability scan which report some risks for old third parties and old 3pp's of this 3pp :smiling_face_with_tear: For example: mbedtls-devel package is a build dependency for currently used vpp version (on opensuse) and using mbedtls version 2.28.0. That contained a vulnerability which does not affect us but must be revealed and explained. The latest vpp version build does not depend on mbedtls.
Regards, Laszlo