lots of CVEs in axosyslog 4.7.1 #186

ikheifets-splunk · 2024-07-04T10:16:21Z

More details you can find here security issue

ikheifets-splunk · 2024-07-04T11:29:04Z

Made PR with upgrading alpine linux version.
requests and urllib3 already upgraded by dependabot 2 weeks ago

ikheifets-splunk · 2024-07-04T13:02:28Z

@alltilla Thanks for merging PR. When you planning to release it? You know it's security fix, and we don't know when 4.8.0 will be available :)

P.S. What do you think if we will add on pipeline automatic CVE detection of docker image? For example we on CI using trivy

alltilla · 2024-07-04T13:05:13Z

4.8.0 is on its way: #189 :)
ETA tomorrow or beginning of next week.

P.S. What do you think if we will add on pipeline automatic CVE detection of docker image? For example we on CI using trivy

Sounds reasonable, let's create a feature request for it.

alltilla · 2024-07-04T13:06:57Z

ikheifets-splunk · 2024-07-15T17:22:06Z

Released on 4.8.0

ikheifets-splunk mentioned this issue Jul 4, 2024

syslog-ng: update to alpine:3.20 #187

Merged

alltilla mentioned this issue Jul 4, 2024

CVE detection in CI #190

Closed

ikheifets-splunk closed this as completed Jul 15, 2024

Provide feedback