external-auth-server icon indicating copy to clipboard operation
external-auth-server copied to clipboard

Published 20 hours ago verified publisher icon travisghansen

Image vulnerabilities

Open runningman84 opened this issue 11 months ago • 3 comments

Trivy informored us about these criticial issues for the current externa-auth-server docker image: https://nvd.nist.gov/vuln/detail/CVE-2019-8457 https://nvd.nist.gov/vuln/detail/CVE-2024-27307 https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://nvd.nist.gov/vuln/detail/CVE-2023-36665

There are also a lot of medium and high security issues with the docker image.

Because external-auth-server might be a critical component in any cluster it would be great to have regular image updates with cve scanning.

runningman84 avatar Mar 18 '24 12:03 runningman84

Thanks for bringing it up! I will look at bumping both the base image and all the npm deps as well.

travisghansen avatar May 13 '24 03:05 travisghansen

Please also consider some build automation which helps you to regularly release your software. Thanks for your support!

runningman84 avatar May 13 '24 05:05 runningman84

@travisghansen are there any news here?

runningman84 avatar Sep 12 '24 13:09 runningman84