-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Addressing a lot of security vulnerabilities in the latest Cadence release #5037
Comments
Echo on this topic and I would like to add more Critical CVEs found with later twistlock version which put our system into high risk state |
With new version of twistlock, more critical CVEs found which impact to security of our system OS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version of Cadence server, and client(which language)
This is very important to root cause bugs.
v0.24.0
Describe the bug
A clear and concise description of what the bug is.
There are a lot of CVEs found by scanning the latest release image
v0.24.0
. Most of these CVEs are resolved in the image built frommaster
. Following is the list of CVEs:CVEs that may be fixed by [#5035] (pending review):
CVEs that have already been fixed by [#4957], but have not been released:
CVEs that have already been fixed by [#4804], but have yet made it to
v0.24.0
:curl
zlib
openssl
busybox
ncurses
Not fixed:
Would it be possible for another release of Cadence to make it in a few weeks left of this year? The latest one has been released for more than half year already.
To Reproduce
Is the issue reproducible?
Steps to reproduce the behavior:
A clear and concise description of the reproduce steps.
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here, E.g. Stackstace, workflow history.
I have made a similar request back in August: #4803 (comment).
The text was updated successfully, but these errors were encountered: