Open ndmitch311 opened 1 month ago
natebynum20
commented
1 month ago @ndmitch311 Is there a version number or a tag for which elastic_datashader is running on the highside?
I've built master from the lowside and push'ed a docker image to our Harbor for Trivy scan and only received 3 CVE's (shown below) which don't match the list you added above
CVE-2024-1135 gunicorn CVE-2024-22195 Jinja2 CVE-2024-34064 Jinja2
ndmitch311
commented
1 month ago The latest release number (57) is running on the other network.
While our Trivy might not catch the same ones that the scan on the other network did, we're still on the hook for all the others. If our Trivy is catching additional, i.e. the 3 listed, that likely means those will hit soon on the other network. We should fix all CVE. Please include all CVE (the ones in the ticket and caught in our scan ) in the release notes so we can include those in what we inform the customer was addressed.
These are as identified on the other system, but run against Trivy in our system to see if there are additional that pop up sooner than the other system has them loaded
CVE-2023-6246 libc-bin CVE-2023-6246 libc6 CVE-2023-6779 libc-bin CVE-2023-6779 libc6
CVE-2024-0553 libgnutils30 CVE-2024-0567 libgnutils30 CVE-2024-24862 fastapi CVE-2024-24762 starlette CVE-2024-28085 bsdutils CVE-2024-28085 libblkid1 CVE-2024-28085 libmount1 CVE-2024-28085 libsmartcols1 CVE-2024-28085 libuuid1 CVE-2024-28085 mount CVE-2024-28085 util-linux CVE-2024-28085 util-linux-extra