Bump gosu to 1.16 - Githubissues

redis / docker-library-redis

Docker Official Image packaging for Redis

http://redis.io

BSD 3-Clause "New" or "Revised" License

1.12k stars 563 forks source link

Bump gosu to 1.16 #341

Closed jmthomas closed 1 year ago

jmthomas commented 1 year ago

I believe this addresses a number of CVEs that are related to the old version of gosu. See https://github.com/tianon/gosu/releases.

tianon commented 1 year ago

Looks good, thanks!

I'll also quote https://github.com/docker-library/redis/issues/328#issuecomment-1409223155 here to be explict/clear:

There are no CVEs actually fixed by upgrading gosu to 1.16, but it does allow govulncheck to scan the binary correctly so that CVEs can be reported more correctly in the future.