Closed coltonfreeman26 closed 4 weeks ago
Miles-Garnsey
commented
1 year ago Hi @coltonfreeman26 can you please give us some details on where you're seeing that dependancy and what versions of the various applications you're running?
Cassandra trunk is on 4.1.96, which would address your concerns I think.
coltonfreeman26
commented
1 year ago Good morning,
Of course. We are currently using your thelastpickle/cassandra-reaper:3.3.4 as a builder image. Our scan tools (Twistlock and Anchore) found this finding. The path our scan tools are showing are /usr/local/lib/cassandra-reaper.jar. There are a handful of findings ranging from low to high. I can share the list here if you would like.
bschoening
commented
4 weeks ago @adejanovski this appears resolved with https://github.com/thelastpickle/cassandra-reaper/pull/1457
Project board link
Hello all, Are there any plans to update the version of netty-handler currently being used 4.1.70.Final? Our scan tools have found a vulnerability with the current version https://nvd.nist.gov/vuln/detail/CVE-2023-34462 This has been fixed in 4.1.94.Final
┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-50