You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: We also welcome PRs to fix bugs! This helps us take action faster where a bug has been identified!
For our official CircleCI Docker Convenience Image support policy, please see CircleCI docs.
This policy outlines the release, update, and deprecation policy for CircleCI Docker Convenience Images.
Describe the bug
The image has multiple vulnerabilities, many of which are fixed in the upstream packages and so just a rebuild should fix them. From my count: "critical_fixable":1,"high_fixable":14,"medium_fixable":45
To Reproduce
Scan the image
Expected behavior
The packages to be up to date.
Workarounds
It's costly, but we could run the updates and host our own images.
Screenshots and Build Links
If possible, add screenshots and links to jobs to help explain your problem.
Additional context
We use this image in our ci workflows and ci is a major point of exploitation.
The text was updated successfully, but these errors were encountered:
We've cut a new image tag 2024.08 built against the latest ubuntu 22.04 cimg/base, and with some updated tooling. Please run your scan on that image and see if it closes the vulnerabilities you have reported.
Note: We also welcome PRs to fix bugs! This helps us take action faster where a bug has been identified!
For our official CircleCI Docker Convenience Image support policy, please see CircleCI docs.
This policy outlines the release, update, and deprecation policy for CircleCI Docker Convenience Images.
Describe the bug
The image has multiple vulnerabilities, many of which are fixed in the upstream packages and so just a rebuild should fix them. From my count: "critical_fixable":1,"high_fixable":14,"medium_fixable":45
To Reproduce
Scan the image
Expected behavior
The packages to be up to date.
Workarounds
It's costly, but we could run the updates and host our own images.
Screenshots and Build Links
If possible, add screenshots and links to jobs to help explain your problem.
Additional context
We use this image in our ci workflows and ci is a major point of exploitation.
The text was updated successfully, but these errors were encountered: