New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tagging a 7.1.4 with CVE fixes #1383
Comments
Can the alpine version be updated to 3.14.2 instead of 3.14 for 7.1.4 tag? 3.14.2 fixes the CVE-2021-3712. |
I would also like to see a 7.1.4 (or 7.2.0) tag. The diff to 7.1.3 to pull in the CVE fixes is 9k lines :/ |
We will be releasing 7.2.0 very shortly. As we are both quite short on time to work on the project lately and there's a lot involved in doing the release process, we won't be doing any further patches on the 7.1.z stream. We are hoping to have the new release out in the next week or so.
The 3.14 tag will pull in the latest z-stream release of the alpine image, so we will already be pulling in the fix for that CVE in our next builds |
Please use the new 7.2.0 release which has just been published |
Hi all,
Since 7.1.3 there have been two PRs (1244 and 1276) which contain version bumps to fix CVEs. I understand that version 7.2.0 is due to be released soon, but we would really appreciate it if we could get a 7.1.4 version with these CVE fixes out this week. Would it be okay if I were to take a branch off 7.1.3, apply these two PRs, and then tag 7.1.4?
Thanks,
Andrew
The text was updated successfully, but these errors were encountered: