There is no change in functionality. It will include some security fixes.
Most of these are unrelated to the running for Jpsonic server. However at Jpsonic, we believe it is very important to keep platform caveats to a minimum. Too many warnings can hide a really big problem 🙄
Alpine's Jpsonic image had curl installed. This has been changed so that it is no longer installed as it was only used during testing. (Fixed to use "curl on Github" during testing.) CVE-2024-0853 Basically, our policy is to eliminate unnecessary modules.
CVE warning counts are transitive. However, at the time this patch is released, the analysis results for the entire Docker image will be as follows.
Jpsonic - Alpine
Jpsonic - Ubunts (Jammy)
What's the last CVE warning?
The last CVE warning is CVE-2024-25062. This has already been resolved in the upstream Alpine.
In other words, there is a problem with Jpsonic's layer. You can use the following command to find out where the problem occurs.
docker exec jpsonic apk info -r libxml2
libxml2-2.11.7-r0 is required by:
ffmpeg-libavformat-6.1.1-r0
If ffmpeg is updated in the near future, this may be resolved. False positive ? 🙄
(I do not consider this warning to be serious.)
A few days later, security checks on Docker no longer display warnings regarding CVE-2024-25062. It seems like it was a false positive after all.
There is no change in functionality. It will include some security fixes.
Most of these are unrelated to the running for Jpsonic server. However at Jpsonic, we believe it is very important to keep platform caveats to a minimum. Too many warnings can hide a really big problem 🙄
🐥Maintenance
Fix not to install curl on Alpine
Alpine's Jpsonic image had curl installed. This has been changed so that it is no longer installed as it was only used during testing. (Fixed to use "curl on Github" during testing.) CVE-2024-0853 Basically, our policy is to eliminate unnecessary modules.
CVE warning counts are transitive. However, at the time this patch is released, the analysis results for the entire Docker image will be as follows.
Jpsonic - Alpine
Jpsonic - Ubunts (Jammy)
What's the last CVE warning?
The last CVE warning is CVE-2024-25062. This has already been resolved in the upstream Alpine.
In other words, there is a problem with Jpsonic's layer. You can use the following command to find out where the problem occurs.
docker exec jpsonic apk info -r libxml2If ffmpeg is updated in the near future, this may be resolved.False positive ? 🙄(I do not consider this warning to be serious.)
A few days later, security checks on Docker no longer display warnings regarding CVE-2024-25062. It seems like it was a false positive after all.