New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Addressing a lot of security vulnerabilities in the latest Temporal admin-tools release 1.23.0 #5741
Comments
|
Update: Team is still discussing if |
We are also seeing these security vulnerabilities after deploying 1.23.0 via DockerHub, could I know any updates on this? |
So, many of these ( For the remaining tctl issues, I've merged a fix which addresses all the relevant vulnerabilities—note that security scanning tools may still find vulnerabilities in code that happens to be linked in but is not used. (For example, I see that it's complaining about the HTTP library, because there's a server-side issue—but tctl does not contain an HTTP server.) Will try to get a release out in a bit for server folks to pick up. |
tctl 1.18.1 will be available shortly; passing back to @alexshtin for the server side things. |
Expected Behavior
There is no CVE found in the
temporalio/admin-tools
image.Actual Behavior
There are 30 vulnerabilities found for image temporalio/admin-tools:1.23.0, including 7 high, 20 medium and 3 low CVEs.
Scan results:
Steps to Reproduce the Problem
temporalio/admin-tools:1.23.0
from DockerhubSpecifications
1.23.0
The text was updated successfully, but these errors were encountered: