You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The use of GOSU introduces critical vulnerabilities that mean this image can't be used in many production environments. The cause is that the current release of GOSU uses Go 1.18.2 and these issues were fixed in 1.19.9
@yosifkit I'm aware that it isn't actually vulnerable to those CVEs but that doesn't change the fact I can't deploy something that's being flagged for critical CVEs. Yes the industry should do better, but the right here and now means this is an issue. IMO
The use of GOSU introduces critical vulnerabilities that mean this image can't be used in many production environments. The cause is that the current release of GOSU uses Go 1.18.2 and these issues were fixed in 1.19.9
Two of these are 9.8s
[CVE-2023-24540]
[CVE-2023-24538]
This version also causes alerts for another 29 High vulnerabilities in tools like docker scout etc.
The text was updated successfully, but these errors were encountered: