travisghansen
commented
6 months ago Thanks for bringing it up! I will look at bumping both the base image and all the npm deps as well.
Open runningman84 opened 8 months ago
travisghansen
commented
6 months ago Thanks for bringing it up! I will look at bumping both the base image and all the npm deps as well.
runningman84
commented
6 months ago Please also consider some build automation which helps you to regularly release your software. Thanks for your support!
runningman84
commented
2 months ago @travisghansen are there any news here?
Trivy informored us about these criticial issues for the current externa-auth-server docker image: https://nvd.nist.gov/vuln/detail/CVE-2019-8457 https://nvd.nist.gov/vuln/detail/CVE-2024-27307 https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://nvd.nist.gov/vuln/detail/CVE-2023-36665
There are also a lot of medium and high security issues with the docker image.
Because external-auth-server might be a critical component in any cluster it would be great to have regular image updates with cve scanning.