Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ekuiper image (v1.13.3-alpine) has security vulnerabilities #2858

Closed
OlgasAcc opened this issue May 19, 2024 · 2 comments · Fixed by #2872
Closed

Ekuiper image (v1.13.3-alpine) has security vulnerabilities #2858

OlgasAcc opened this issue May 19, 2024 · 2 comments · Fixed by #2872
Assignees
@Yisaer
Milestone
1.14

Comments

@OlgasAcc
Copy link

Hello,
We pull Ekuiper image (v1.13.3-alpine) in our project, and the Aqua scan has reported a few security vulnerabilities which could be release blocker for us:

[CVE-2024-0727] [libcrypto1.1] [1.1.1w-r1]
https://nvd.nist.gov/vuln/detail/CVE-2024-0727

[CVE-2024-0727] [libssl1.1] [1.1.1w-r1]
https://nvd.nist.gov/vuln/detail/CVE-2024-0727

[CVE-2023-6992] [zlib] [1.2.12-r3]
https://nvd.nist.gov/vuln/detail/CVE-2023-6992

Possible fix:
In our images we use Alpine v3.19 (v3.19.1) as a base image, it resolves all the vulnerabilities that we faced in the older Alpine versions.
Is it possible for you to fix your image accordingly?

Thanks
@ngjaying ngjaying added this to the 1.14 milestone May 23, 2024
@ngjaying ngjaying mentioned this issue May 24, 2024
Merged
@ngjaying
Copy link
Collaborator

Release 1.13.4 to fix this. Thanks for reporting.

@OlgasAcc
Copy link
Author

@ngjaying Thanks a lot for so quick fixing it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yisaer Yisaer

Labels
None yet
Projects
None yet
Milestone
1.14
Development

Successfully merging a pull request may close this issue.

fix: bump alpine version Yisaer/ekuiper
3 participants
@ngjaying @Yisaer @OlgasAcc