Follow up on next update release to handle security fixes

[jhakass22]

Creating this issue to follow up on the next release timelines. We require new version with current security related issues fixed. https://github.com/advisories/GHSA-4v7x-pqxf-cx7m

[nickpalmer]

You can build a version that runs on alpine and doesn't have any CVEs against it with the following Dockerfile:

FROM golang:1.21-alpine AS builder

RUN apk update && apk add --no-cache git make

WORKDIR /.build
RUN go install github.com/prometheus/promu@latest
RUN git clone https://github.com/prometheus/statsd_exporter.git
RUN cd statsd_exporter && go get golang.org/x/net && make build

FROM alpine:3.20

COPY --from=builder /.build/statsd_exporter/statsd_exporter /bin/statsd_exporter
USER        65534
EXPOSE      9102 9125 9125/udp
HEALTHCHECK CMD wget --spider -S "http://localhost:9102/metrics" -T 60 2>&1 || exit 1
ENTRYPOINT  [ "/bin/statsd_exporter" ]

[simfeld]

Hi @matthiasr, are you planning for a release to mitigate https://nvd.nist.gov/vuln/detail/CVE-2023-45288?

[matthiasr]

On it!