I uploaded f5-appsvcs-3.5.1-5.noarch.rpm to our repository used for delivery of software into a secure environment where it is scanned by the JFrog X-Ray Scanner.
Version 3.5.1 was flagged with a number of vulnerabilities:
High: lodash4.17.10
High: handlebars:4.0.11
Medium: mime:1.2.10
Medium: marked:03.12
When I pulled the latest version 3.17.0, it fared much better with a single medium (mime:1.2.10)
In addition, the current f5-cloud-libs-azure.tar.gz gets flagged with a Medium for it's use of mime:1.2.10.
I believe the two mime:1.2.10 warnings come from the embedded q v1.5.1.
Can these ARM templates be updated to use the latest AS3 version (and the templates over in the official F5 repo)?
Every finding we see in the scanner requires answering questions and potential mitigation actions, so the less findings and lower the severity the better.
I uploaded f5-appsvcs-3.5.1-5.noarch.rpm to our repository used for delivery of software into a secure environment where it is scanned by the JFrog X-Ray Scanner. Version 3.5.1 was flagged with a number of vulnerabilities: High: lodash4.17.10 High: handlebars:4.0.11 Medium: mime:1.2.10 Medium: marked:03.12 When I pulled the latest version 3.17.0, it fared much better with a single medium (mime:1.2.10)
In addition, the current f5-cloud-libs-azure.tar.gz gets flagged with a Medium for it's use of mime:1.2.10.
I believe the two mime:1.2.10 warnings come from the embedded q v1.5.1.
Can these ARM templates be updated to use the latest AS3 version (and the templates over in the official F5 repo)?
Every finding we see in the scanner requires answering questions and potential mitigation actions, so the less findings and lower the severity the better.
Thank you