-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerabilities #132
Comments
We could definitely do a PR with suggested updates, the builder-base Dockerfile is here https://github.com/expfactory/expfactory/tree/master/expfactory/templates/build/docker/builder-base and then that is bootstrapped by https://github.com/expfactory/expfactory/blob/master/expfactory/templates/build/docker/builder/Dockerfile. Let me give it a quick shot and push a test image, and then we can see if the analysis improves. If not, I'll share the changes and you can take a shot, and if it does, then I can open a PR and see if anything is broken (and you can further test too). Sound good? |
Also, I'm going to transfer this issue to expfactory/expfactory - this expfactory-docker repository is for the Poldracklab deployed version of expfactory.org. |
Great, thanks for the quick response! |
okay, I've pushed a test image, the same repository with tag |
Oops one second, I didn't build the image from the branch that is now for PR. Give me a second to build again! |
okay, all set. |
Great, have a meeting and will test afterwards! |
Seems like it worked (though keep in mind this is my second day using expfactory)... |
No worries! We have basic tests in the CI (and they have passed) and I'm of the opinion that it's better to release often, and we can address any issues that might arise. |
Issues fixed, closing issue. |
I noticed that there are some high level vulnerabilities on the
latest
image.Is this cause for concern? I am about to submit a project proposal to a Research Ethics Board and felt like I should know what these vulnerabilities actually mean in terms of data security. Is it a matter of updating the packages?
The text was updated successfully, but these errors were encountered: