cyberark-conjur-cli-docker-based icon indicating copy to clipboard operation
cyberark-conjur-cli-docker-based copied to clipboard

Published 20 hours ago verified publisher icon cyberark

CONJSE-1802: Changes to publish.sh for ruby CVE-2023-5129

Open bunnyhopkinton opened this issue 2 years ago • 0 comments

6 repos still use the container built in the conjurinc/publish_rubygem repo. This container uses Ruby 2.7 as its base image which contains a version of libwebp that is vulnerable to CVE-2023-5129. We are not vulnerable to this CVE, but need to use software that includes a fixed version.

Rather than upgrading publish_rubygem to Ruby 3, we should instead convert the remaining repositories that still use the container over to use the release-tools version, and then archive the conjurinc/publish_rubygem repo entirely.

bunnyhopkinton avatar Oct 20 '23 18:10 bunnyhopkinton