hardillb
commented
1 month ago They come from the alpine base container, not something we have any influence over.
Closed OlgasAcc closed 1 month ago
hardillb
commented
1 month ago They come from the alpine base container, not something we have any influence over.
hardillb
commented
1 month ago I've kicked off a respin of the 3.1.9 containers, they will pick up the latest NodeJS Alpine base contianers.
OlgasAcc
commented
1 month ago @hardillb thanks for the response. We're using v3.1.9-18-minimal where "18" probably means Node version 18, right? But what exact version of Node do you use as a base for Node-red? I mean maybe it's possible to use this one - https://github.com/nodejs/docker-node/tree/main/18/alpine3.19 (Node 18 + alpine v3.19)? This latest stable Alpine version solved all security tickets in our images.
hardillb
commented
1 month ago The builds have been respun
OlgasAcc
commented
1 month ago The builds have been respun
could this affect the node-red-dashboard dependency?
hardillb
commented
1 month ago Unlikely, that looks like a problem with permissions on a volume mounted on /data
OlgasAcc
commented
1 month ago @hardillb probably some temp issue, works well now. Thanks a lot!
Hello, We pull the Node-red image in our project, the Aqua security scan has reported a few vulnerabilities which could be release blocker for us:
[CVE-2024-32465] [git] [2.43.0-r0] https://nvd.nist.gov/vuln/detail/CVE-2024-32465 Fix Version : 2.43.4-r0
[CVE-2024-32004] [git] [2.43.0-r0] https://nvd.nist.gov/vuln/detail/CVE-2024-32004 Fix Version : 2.43.4-r0
[CVE-2024-32002] [git] [2.43.0-r0] https://nvd.nist.gov/vuln/detail/CVE-2024-32002 Fix Version : 2.43.4-r0
The Node-red version we use - v3.1.9-18-minimal
Could you please upgrade this dependency version?
Thanks