Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug Report: Security vulnerabilities #34

Open
nroose opened this issue Jul 19, 2024 · 1 comment
Open

Bug Report: Security vulnerabilities #34

nroose opened this issue Jul 19, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@nroose
Copy link

nroose commented Jul 19, 2024

Note: We also welcome PRs to fix bugs! This helps us take action faster where a bug has been identified!

For our official CircleCI Docker Convenience Image support policy, please see CircleCI docs.

This policy outlines the release, update, and deprecation policy for CircleCI Docker Convenience Images.


Describe the bug
The image has multiple vulnerabilities, many of which are fixed in the upstream packages and so just a rebuild should fix them. From my count: "critical_fixable":1,"high_fixable":14,"medium_fixable":45

To Reproduce
Scan the image

Expected behavior
The packages to be up to date.

Workarounds
It's costly, but we could run the updates and host our own images.

Screenshots and Build Links
If possible, add screenshots and links to jobs to help explain your problem.

Additional context
We use this image in our ci workflows and ci is a major point of exploitation.

@nroose nroose added the bug Something isn't working label Jul 19, 2024
@bjohnso5
Copy link
Contributor

We've cut a new image tag 2024.08 built against the latest ubuntu 22.04 cimg/base, and with some updated tooling. Please run your scan on that image and see if it closes the vulnerabilities you have reported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants