mattermost / docker

Install Mattermost server via Docker
Apache License 2.0
338 stars 209 forks source link

Please update images to address curl CVE-2023-38545 #140

Open mig5 opened 1 year ago

mig5 commented 1 year ago

Hi!

Would you please be able to release new images that address the vulnerable version of curl that is shipped in your Docker image?

I am running mattermost/mattermost-enterprise-edition:7.8, image ID 6ee424896aa4

curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16
Release-Date: 2022-01-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd

Please see 'Affected versions' at https://curl.se/docs/CVE-2023-38545.html

Thanks! :)