fluentd-docker-image icon indicating copy to clipboard operation
fluentd-docker-image copied to clipboard
verified publisher icon fluent

fluent/fluentd:v1.11-2 security vulnerabilities

Open g3kr opened this issue 5 years ago • 5 comments

We are using this image and we have the following vulnerability

due to package ruby and webrick. Is there a way to fix this?

Or can you recommend an image with no vulnerability issues.

g3kr avatar Nov 03 '20 20:11 g3kr

Quick fix - build your own docker image with ruby 2.7.2. Long fix, update all docker images/templates in this repo.

nvtkaszpir avatar Nov 04 '20 07:11 nvtkaszpir

@nvtkaszpir Is there a sample you can provide for building custom image with ruby 2.7.2. I tried to use this Dockerfile and pull from ruby 2.7.2 (fluentd-docker-image/v1.11/debian/Dockerfile) it seems to cause more vulnerabilities.

g3kr avatar Nov 04 '20 19:11 g3kr

not really. welcome to security, I hope you sleep well ;)

nvtkaszpir avatar Nov 04 '20 20:11 nvtkaszpir

@edsiper do you have some thoughts on this?

g3kr avatar Nov 04 '20 23:11 g3kr

Any idea when you plan to update your images for the busybox vuln? It should be as simple as updating to the latest alpine by now, though of course it's docker so who knows what could go wrong lol

baygaillardclasspass avatar Apr 19 '21 16:04 baygaillardclasspass