Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go Related CVEs Raised During Trivy Scanning Resolution Timeline by Upgrading Go #3768

Open
4 of 5 tasks
isaac-mercieca opened this issue May 13, 2024 · 0 comments
Open
4 of 5 tasks

Go Related CVEs Raised During Trivy Scanning Resolution Timeline by Upgrading Go #3768

isaac-mercieca opened this issue May 13, 2024 · 0 comments
Labels
bug Something is not working.

Comments

@isaac-mercieca
Copy link

isaac-mercieca commented May 13, 2024
edited

Preflight checklist

Ory Network Project

No response

Describe the bug

Will the Go version of the project be updated to latest 1.22.3 to address CVEs such as https://avd.aquasec.com/nvd/2023/cve-2023-45289/. I see Go on version 1.21 in the latest Hydra version v2.2.0. CVEs like this one are being raised during Trivy scanning on the Hydra binaries present in the docker image. Would this be in the next release and would you happen to know the timeline for that release?

Reproducing the bug

Run Trivy scan on Hydra image.

Relevant log output

No response

Relevant configuration

No response

Version

2.2.0

On which operating system are you observing this issue?

None

In which environment are you deploying?

Docker

Additional Context

None
@isaac-mercieca isaac-mercieca added the bug Something is not working. label May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@isaac-mercieca