New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trivy scan report about opensearchproject/opensearch:1.3.6 #5126
Comments
vulnerabilities include : |
Hi @SpringYang004. TL;DR: yes. Long answer: we try to follow OpenSSF's best practices and fix all MEDIUM+ vulns within 60 days of publication (see https://opensearch.org/releases.html#maintenance-policy), so we'll update dependencies with vulnerabilities in our upcoming 1.3.7 (currently scheduled for 12/8). |
Describe the bug
Hi, team,
There are some vulnerabilities in "trivy scan report". Is there any plan to upgrade the version of libs to fix them? Thanks.
A clear and concise description of what the bug is.
opensearch-trivy-scan-report.xlsx
The text was updated successfully, but these errors were encountered: