Open erikzwart opened 5 months ago
@StuartWheater Do you have a description of the CVE anywhere? I can't find it by just googling it. I would like to read into it to see if it actually affects the way we use it and if so see if they're planning on fixing it soon, as we are using the last version of this library. And whether previous versions of the library have the same issue.
The Docker image build here: datashield/molgenis-armadillo:test has a critical cve identified by docker scout:
(Stuart) Traced back the serious complaint to org.apache.hadoop packages hadoop-client via jar
In molgenis-service-armadillo/armadillo/build.gradle it appears
https://github.com/molgenis/molgenis-service-armadillo/blob/2fb6825a73d5c1d59024d3a5f71503f7919e8032/armadillo/build.gradle#L56