-
Notifications
You must be signed in to change notification settings - Fork 773
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cadence Server Image Contains Vulnerable Packages (CVE-2022-0778) #4803
Comments
Hi, PR #4804 might help fix CVE-2022-29458 and CVE-2021-39537 caused by |
Hi, yes #4804 will be picked up in the next release. |
Great! Thanks a lot for this! I have been able to built Cadence server image on local (on tag
|
Version of Cadence server, and client(which language)
This is very important to root cause bugs.
master
branchDescribe the bug
Automated vulnerability scanner reports vulnerable OS package OpenSSL 1.1.1l, coming from Alpine-3.11. Vulnerabliity: https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-0778. Fixed in 1.1.1n, which is included in Alpine-3.15.
To Reproduce
N/A
Steps to reproduce the behavior:
N/A
Expected behavior
N/A
Screenshots
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: