Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the latest image/installation file for vulnerabilities and fix. #6134

Closed
Mohit-3196 opened this issue Feb 26, 2024 · 2 comments
Closed

Check the latest image/installation file for vulnerabilities and fix. #6134

Mohit-3196 opened this issue Feb 26, 2024 · 2 comments
Assignees
@lastpeony
Labels
Priority: Important

Comments

@Mohit-3196
Copy link
Contributor

Mohit-3196 commented Feb 26, 2024
edited

  • Create a docker image with the latest AMS EE using Ubuntu 22.04
  • Check and fix the major and critical vulnerabilities
@mekya
Copy link
Contributor

mekya commented Mar 21, 2024

Hi @lastpeony ,

About the jackson-databind 2.9.6 vulnerability

#6122 (comment)

FYI

This was referenced Mar 21, 2024
Merged
Merged
@lastpeony
Copy link
Contributor

lastpeony commented Mar 21, 2024
edited

I updated some packages and fixed most of the vulnerabilities.
Before mentioned PRs:

134 vulnerabilities found in 30 packages
  UNSPECIFIED  1   
  LOW          18  
  MEDIUM       43  
  HIGH         53  
  CRITICAL     19

After the PRs:

49 vulnerabilities found in 24 packages
  LOW       17  
  MEDIUM    28  
  HIGH      4   
  CRITICAL  0

Analysis done with docker scout cves

We can discuss the leftovers. I can share the report with you.

@mekya
FYI

@mekya mekya mentioned this issue Mar 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lastpeony lastpeony

Labels
Priority: Important
Projects
Ant Media Server
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mekya @lastpeony @burak-58 @Mohit-3196