Hello,
we are using dockerized fluentd with fluent-plugin-gelf-hs which use also gelf-rb.
Our vulnerability scaner found CRITICAL: 2, MEDIUM: 21 and HIGH: 7 in gelf-3.1.0.
Can we kindly ask to upgrade dependencies to the new secure versions?
Steps to reproduce the issue:
1) build docker image with Dockerfile
FROM fluent/fluentd:v1.7.4-1.0
# Use root account to use apk
USER root
# below RUN includes plugin as examples elasticsearch is not required
# you may customize including plugins as you wish
RUN apk add --no-cache --update --virtual .build-deps \
sudo build-base ruby-dev \
&& apk add -U tzdata \
&& sudo gem install fluent-plugin-gelf-hs \
&& sudo gem sources --clear-all \
&& apk del .build-deps \
&& rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
USER fluent
and build command docker build . -t fluentd-gelf
2) scan image with dockerized trivy
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/cache:/root/.cache/ aquasec/trivy fluentd-gelf
Hello, we are using dockerized fluentd with
fluent-plugin-gelf-hs
which use alsogelf-rb
. Our vulnerability scaner found CRITICAL: 2, MEDIUM: 21 and HIGH: 7 ingelf-3.1.0
. Can we kindly ask to upgrade dependencies to the new secure versions?Steps to reproduce the issue: 1) build docker image with Dockerfile
and build command
docker build . -t fluentd-gelf
2) scan image with dockerized trivy
Scan result for gelf is:
Thank you.