Addressing a lot of security vulnerabilities in the latest Cadence release #5037
Labels
Comments
|
Echo on this topic and I would like to add more Critical CVEs found with later twistlock version which put our system into high risk state |
|
With new version of twistlock, more critical CVEs found which impact to security of our system OS |
ibarrajo
added
security
dependencies
|
Closing this since we are giving support to more recent releases, currently the latest one is v1.2.13. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version of Cadence server, and client(which language)
This is very important to root cause bugs.
v0.24.0Describe the bug
A clear and concise description of what the bug is.
There are a lot of CVEs found by scanning the latest release image
v0.24.0. Most of these CVEs are resolved in the image built frommaster. Following is the list of CVEs:CVEs that may be fixed by [#5035] (pending review):
CVEs that have already been fixed by [#4957], but have not been released:
CVEs that have already been fixed by [#4804], but have yet made it to
v0.24.0:curl
zlib
openssl
busybox
ncurses
Not fixed:
Would it be possible for another release of Cadence to make it in a few weeks left of this year? The latest one has been released for more than half year already.
To Reproduce
Is the issue reproducible?
Steps to reproduce the behavior:
A clear and concise description of the reproduce steps.
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here, E.g. Stackstace, workflow history.
I have made a similar request back in August: #4803 (comment).
The text was updated successfully, but these errors were encountered: