You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First time engaging with the Consul community, apologies if this isn't the right place to raise this. (I don't think this is a matter of responsible disclosure since it relates to a known & already disclosed vulnerability in one of Consul's dependencies.)
Our vulnerability scans are picking up CVE-2022-0778 being present in the Consul docker image (an OpenSSL vulnerability allowing crafted certs to create infinite validation loops).
Heya,
First time engaging with the Consul community, apologies if this isn't the right place to raise this. (I don't think this is a matter of responsible disclosure since it relates to a known & already disclosed vulnerability in one of Consul's dependencies.)
Our vulnerability scans are picking up CVE-2022-0778 being present in the Consul docker image (an OpenSSL vulnerability allowing crafted certs to create infinite validation loops).
It looks like Consul's container image is based on Alpine 3.13.7 and now 3.13.8 is available with a fixed version of OpenSSL. The fix is being rolled out pretty quickly.
Is there a plan to patch release Consul to take the fix?
The text was updated successfully, but these errors were encountered: