flyway icon indicating copy to clipboard operation
flyway copied to clipboard
verified publisher icon flyway

Vulnerability issue on flyway migration packages of ubuntu

Open ayushitiwari-eaton opened this issue 9 months ago • 2 comments

we are encountering security vulnerabilities related to ubuntu packages in our flyway migration image. Please help us fixing these issues.

Ubuntu | libtasn1-6 | 4.18.0-4ubuntu0.1 | CVE-2024-12133 Ubuntu | libcap2 | 1:2.44-1ubuntu0.22.04.2 | CVE-2025-1390 Ubuntu | libgnutls30 | 3.7.3-4ubuntu1.6 | CVE-2024-12243 Ubuntu | libssl3 | 3.0.2-0ubuntu1.19 | CVE-2024-9143 Ubuntu | openssl | 3.0.2-0ubuntu1.19 | CVE-2024-9143 Ubuntu | libssl3 | 3.0.2-0ubuntu1.19 | CVE-2024-13176

ayushitiwari-eaton avatar Mar 03 '25 04:03 ayushitiwari-eaton

Thanks for the information but these come in from the base image used to build Flyway and we'll get updates when they are available there: eclipse-temurin:21-jre-jammy

alistair-RG avatar Mar 07 '25 11:03 alistair-RG

Please consider updating to an image based on the next Ubuntu LTS version: 24.04 LTS (Noble Numbat).

Even though Ubuntu still promises support for 22.04 (Jammy Jellyfish), many of the packages there are not actually updated (such as the packages in the original description). As another example, the maven package available in 22.04 is from the year 2019.

Eduu avatar Oct 16 '25 15:10 Eduu