josemore
commented
2 years ago Thanks for reporting the details @BrianKopp Happy to collaborate on the PR if you want to submit it. We should release a new version early next year.
Closed BrianKopp closed 2 years ago
josemore
commented
2 years ago Thanks for reporting the details @BrianKopp Happy to collaborate on the PR if you want to submit it. We should release a new version early next year.
josemore
commented
2 years ago Released in 2.1.0
Could this get upgraded to a more current version of atlassian/gostatsd? The current version is based on 20.3.2 which uses alpine 3.10. The latest nri-statsd 2.0.3 has CVE-2021-30139 (high, apk-tools), CVE-2021-36159 (crit, libfetch), CVE-2021-28831 (high, busybox), and CVE-2020-28928 (med, musl). These don't appear to pose a threat to the nri-statsd app.
However, from the standpoint of having a clean bill-of-health and keeping up to date with the primary upstream dependency, it'd be good to get a version bump on this. It looks like 20.3.2 in atlassian/gostatsd was published back in Apr 2020. They've been actively patching and are now on 33.0.2, running alpine 3.14 (latest).
I'd be happy to submit a PR if that'd be welcome!
Cheers