-
Notifications
You must be signed in to change notification settings - Fork 856
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVEs in the 3.30.0 #403
Comments
Is there a plan about when to release next versoin? I can help with those security issues and hope those issues could be fixed in next release. |
/assign |
Any help is appreciated! If someone can create a Pull Request explaining the fix I will be happy to merge it. |
@cbl315 Can you share the list of CVE numbers? Just a Fortify scan report isn't very helpful, as Fortify is known to provide very many false positives. The report (the detailed one, not the high-level summary) needs to be interpreted by one who knows both Fortify and the product (Kafdrop) very well. |
Sure I can share the CVEs list, btw I use |
Just a curiosity, which security scan tool is used before for kafdrop? |
Update: after I replace the base image to the latest release from upstream, the CVEs number has been reduced from 79 to 41. But there are still donzens, I will keep looking and try to check whether they are false positive. Base image I use to replace: New report: obsidiandynamics-kafdrop3300-vulnerabilities-UpdateBaseImage.csv |
Exactly. That's why I created PR #404. Given the wide use of the Temurin distribution, you should ask yourself whether you should take the responsibility of scanning and analyzing that container image or whether you rely on Adoptium. |
This issue is stale because it has been open for 30 days with no activity. |
This issue was closed because it has been inactive for 14 days since being marked as stale. |
I scan the image
obsidiandynamics/kafdrop:3.30.0
, and find many CVEs to be fixed.See report:
obsidiandynamics-kafdrop3300-2022-08-10-030036.pdf
The text was updated successfully, but these errors were encountered: