Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the docker image from golang:1.22.3-alpine3.18 to golang:1.22.4-alpine3.20 #5214

Open
edwbuck opened this issue Jun 11, 2024 · 1 comment
Open

Update the docker image from golang:1.22.3-alpine3.18 to golang:1.22.4-alpine3.20 #5214

edwbuck opened this issue Jun 11, 2024 · 1 comment
Labels
help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog

Comments

@edwbuck
Copy link
Contributor

edwbuck commented Jun 11, 2024
edited
Loading

When building the images from the Makefile, I noticed that our Docker image references Alpine Linux version 3.18. There are a few trivial (low impact) CVEs in Alpine 3.18, and it might be a good idea to update to Alpine 3.20.

I noticed in the comments that we chose not to update to Alpine 3.19 due to issues in go-sqlite. I am hoping that they are resolved with either the 1.22.3 -> 1.22.4 transition or the Alpine 3.18 -> Alpine 3.20 transition.
@amartinezfayo amartinezfayo added priority/backlog Issue is approved and in the backlog help wanted Issues with this label are ready to start work but are in need of someone to do it labels Jun 13, 2024
@zzy2210 zzy2210 mentioned this issue Jul 25, 2024
Closed
3 tasks
@nweisenauer-sap
Copy link
Contributor

nweisenauer-sap commented Aug 2, 2024
edited
Loading

Looking forward to an updated Go version as well, the currently used version (1.22.3) suffers from a CVE with a rating of 9.8 according to nist. Not saying that this one is actually exploitable here (I did not verify), but it shows in scans nevertheless.

@zzy2210 zzy2210 mentioned this issue Aug 7, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@edwbuck @amartinezfayo @nweisenauer-sap