We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security scanners such as Trivy will flag the 1.28.0 release binary with CVE-2023-39325.
The main branch seems to use updated libraries, so making a release should fix this issue.
Run Trivy on any Docker image that contains the release binary:
┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2023-39325 │ HIGH │ fixed │ v0.11.0 │ 0.17.0 │ golang: net/http, x/net/http2: rapid stream resets can cause │ │ │ │ │ │ │ │ excessive work (CVE-2023-44487) │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-39325 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered:
The new release v1.28.1 should fix this.
Sorry, something went wrong.
No branches or pull requests
Describe the issue
Security scanners such as Trivy will flag the 1.28.0 release binary with CVE-2023-39325.
The main branch seems to use updated libraries, so making a release should fix this issue.
To reproduce
Run Trivy on any Docker image that contains the release binary:
Your environment
The text was updated successfully, but these errors were encountered: