search

ehough / docker-nfs-server

A lightweight, robust, flexible, and containerized NFS server.
https://hub.docker.com/r/erichough/nfs-server/
GNU General Public License v3.0
669 stars 221 forks source link

Update dependencies in Docker image #85

Open ngosang opened 2 months ago

ngosang commented 2 months ago

I was doing a security scanner using Grype => https://github.com/anchore/grype And I detected your Docker image has some outdated dependencies. I don't think they are a security risk but it's a good practice to publish releases more often. Thank you for your work!

grype fschuindt/docker-nfs-server:2.2.1 --only-fixed | grep -i -E '(High|Critical)'

Docker image: fschuindt/docker-nfs-server:2.2.1
apk-tools     2.10.4-r3  2.10.7-r0   apk   CVE-2021-36159  Critical  
apk-tools     2.10.4-r3  2.10.6-r0   apk   CVE-2021-30139  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42386  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42385  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42384  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42383  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42382  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42381  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42380  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42379  High      
busybox       1.31.1-r9  1.31.1-r11  apk   CVE-2021-42378  High      
busybox       1.31.1-r9  1.31.1-r10  apk   CVE-2021-28831  High      
krb5-libs     1.17.1-r0  1.17.2-r0   apk   CVE-2020-28196  High      
libcrypto1.1  1.1.1d-r3  1.1.1l-r0   apk   CVE-2021-3711   Critical  
libcrypto1.1  1.1.1d-r3  1.1.1l-r0   apk   CVE-2021-3712   High      
libcrypto1.1  1.1.1d-r3  1.1.1k-r0   apk   CVE-2021-3450   High      
libcrypto1.1  1.1.1d-r3  1.1.1j-r0   apk   CVE-2021-23840  High      
libcrypto1.1  1.1.1d-r3  1.1.1g-r0   apk   CVE-2020-1967   High      
libssl1.1     1.1.1d-r3  1.1.1l-r0   apk   CVE-2021-3711   Critical  
libssl1.1     1.1.1d-r3  1.1.1l-r0   apk   CVE-2021-3712   High      
libssl1.1     1.1.1d-r3  1.1.1k-r0   apk   CVE-2021-3450   High      
libssl1.1     1.1.1d-r3  1.1.1j-r0   apk   CVE-2021-23840  High      
libssl1.1     1.1.1d-r3  1.1.1g-r0   apk   CVE-2020-1967   High      
sqlite-libs   3.30.1-r1  3.30.1-r2   apk   CVE-2020-11655  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42386  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42385  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42384  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42383  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42382  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42381  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42380  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42379  High      
ssl_client    1.31.1-r9  1.31.1-r11  apk   CVE-2021-42378  High      
ssl_client    1.31.1-r9  1.31.1-r10  apk   CVE-2021-28831  High      
zlib          1.2.11-r3  1.2.11-r4   apk   CVE-2022-37434  Critical