[EDGCOURSES-3] apk upgrade fixing security vulnerabilities in Dockerfile Created: 21/Sep/23 Updated: 13/Oct/23 |
|
| Status: | Open |
| Project: | edge-courses |
| Components: | None |
| Affects versions: | None |
| Fix versions: | v1.3.0 |
| Type: | Bug | Priority: | P3 |
| Reporter: | Julian Ladisch | Assignee: | Radhakrishnan Gopalakrishnan |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | Other dev |
| RCA Group: | Related dependency upgrade |
| Description |
|
Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/ If not running apk upgrade in Dockerfile edge-courses may ship with vulnerable Alpine packages even when fixed packages are available. |
| Comments |
| Comment by Ann-Marie Breaux (Inactive) [ 25/Sep/23 ] |
|
Hi Khalilah Gambrell and Radhakrishnan Gopalakrishnan It looks like there's no dev team assigned to this module. How would you like to handle the bug? |
| Comment by Craig McNally [ 28/Sep/23 ] |
|
Radhakrishnan Gopalakrishnan the security team wanted to make sure this was on your radar. Let us know if you have any questions. Thanks |