-
Notifications
You must be signed in to change notification settings - Fork 406
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The lfedge/ekuiper:1.5.1-alpine image has a few High saverity vulnerabilities. #1326
Comments
@bighb69738 I don't think we directly use those, maybe they are imported by the dependencies. Where do you run the scan and do you have more information where do these vulnerabilities happen? Thanks |
These libraries are from Alpine. |
Thank you, I think we need to upgrade the base alpine version. |
Hi @bighb69738, this is the docker file for 1.5.1-alpine you can modify the dependencies and build a new docker image by yourself with this command
we would appreciate that if you could verify the images and make a pr for us |
Close because of inactivity |
Hi all:
I tried to use the latest image lfedge/ekuiper:1.5.1-alpine on EdgeX.
But there is a few High saverity vulnerabilities when the image was scaned.
These High saverity vulnerabilities:
Library:libcrypto1.1-1.1.1n-r0.apk
Vulnerability id : CVE-2022-2097 (Upgrade to version OpenSSL_1_1_1q,openssl-3.0.5)
Library:libssl1.1-1.1.1n-r0.apk
Vulnerability id : CVE-2022-2097 (Upgrade to version OpenSSL_1_1_1q,openssl-3.0.5)
These Medium saverity vulnerabilities:
Libery:musl-utils-1.2.2-r7.apk
Vulnerability id : CVE-2020-28928 (Upgrade to version musl - 1.2.2-1,1.2.2-1,1.1.16-3+deb9u1)
Library:musl-1.2.2-r7.apk
Vulnerability id : CVE-2020-28928 (Upgrade to version musl - 1.2.2-1,1.2.2-1,1.1.16-3+deb9u1)
How to fix ?
The text was updated successfully, but these errors were encountered: