kevag4
commented
1 year ago Hello, Any news on that? There is also one more vulnerability detected about gosu using an outdated Go version.
Closed Kesavadas closed 1 year ago
kevag4
commented
1 year ago Hello, Any news on that? There is also one more vulnerability detected about gosu using an outdated Go version.
kevag4
commented
1 year ago @Kesavadas it looks like the new version that uses latest 2.35.0 wiremock version eliminates the aforementioned CVE. Hint: If you want to also skip the CVEs coming from gosu, you can use the alpine version
rodolpheche
commented
1 year ago @Kesavadas yes, the nightly and main versions of this repository do not match yet those of the main repository. I'll work on this with Tom
@kevag4 you're right about gosu, I'll bring changes to do without it
rodolpheche
commented
1 year ago Nightly image based on the sources of Wiremock is now available
In the docker file for creation of nightly or main branch it always uses the tag 2.34.0 so there is no latest changes from the merged main branch reflected in the nightly effectively all the builds (nightly, main, 2.34) all of them create the same docker image.
i am here looking for the fix of [CVE-2022-42889] and it is available in the main branch but the docker build uses only 2.34.0 in all the builds could you update the nightly-alpine docker file to use master branch?