Skip to content

v0.3.7

Choose a tag to compare

View all tags
@github-actions github-actions released this 18 Apr 17:15
· 231 commits to main since this release
v0.3.7
This tag was signed with the committer’s verified signature.
tmatens Todd Matens
SSH Key Fingerprint: rXwV6kh4InD248G0NM3tcK2kJPaX3GqTj/Zdwm+F5Oo
Verified
Learn about vigilant mode.
5d5a43a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changed

  • CL-0003 fix guidance now warns that no-new-privileges breaks
    images whose entrypoint switches users via gosu/su-exec (e.g.
    official postgres, redis, minecraft-server). The finding's
    fix field gains a one-line caveat; full compatibility notes and
    a testing workflow live in docs/rules/CL-0003.md. Closes #2.
  • CL-0007 fix guidance now describes the writable-path discovery
    workflow (docker diff) and the chown-on-startup pitfall seen on
    netdata and valkey. The finding's fix field gains a one-line
    caveat; details live in docs/rules/CL-0007.md. Closes #3.

No rule logic, severity, or finding-shape changes. A compose file
that passed on 0.3.6 passes identically on this revision; only the
fix field text and rule docs changed.

Assets 6
Loading