Security Vulnerability CVE2023-4911 detected by scanners

Question

Security Vulnerability CVE2023-4911 detected by scanners

dmitridou opened this issue 9 months ago · comments

In the latest docker image (2.9.0) a security scanner has identified a vulnerability CVE2023-4911 described here:
https://access.redhat.com/security/cve/cve-2023-4911

Could you please let me know if you are planning releasing an updated image?

Alberto Donato · Answer 1 · Sat Oct 28 2023 22:46:24 GMT+0800 (China Standard Time)

Can you please provide a link to the report from the security scanner?
Also, I've published 2.9.1 which has been rebuilt from latest dependencies.
Can you confirm the issue is solved?

dmitridou · Answer 2 · Mon Oct 30 2023 20:35:09 GMT+0800 (China Standard Time)

Alberto, Thank you for fixing the image, I will update our local instance and wait for the next scanner results. Unfortunately, we are talking about internal security scans, whose results aren't available for access from outside of the network. I will keep you posted on the outcome. Thanks again. Dmitri

…

On Sat, Oct 28, 2023 at 10:46 AM Alberto Donato ***@***.***> wrote: Can you please provide a link to the report from the security scanner? Also, I've published 2.9.1 which has been rebuilt from latest dependencies. Can you confirm the issue is solved? — Reply to this email directly, view it on GitHub <#163 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALX7XUD6WYYP74KBDRI72LTYBULEVAVCNFSM6AAAAAA6PZ36J6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBTHAZTKMZRGQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Alberto Donato · Answer 3 · Wed Jan 17 2024 00:16:20 GMT+0800 (China Standard Time)

I'm closing this as it should be fixed. Please reopen with new info if it's still happening.