Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrading all apk packages to solve CVE-2024-2511 #173

Merged
merged 3 commits into from
Apr 18, 2024
Merged

chore: upgrading all apk packages to solve CVE-2024-2511 #173

merged 3 commits into from
Apr 18, 2024

Conversation

andreas-unleash
Copy link
Contributor

@andreas-unleash andreas-unleash commented Apr 18, 2024
edited
Loading

Steps taken:

  • Run yarn audit - reports 0 vulnerabilities (kind-of seems to be a transitive dep that is not reported here)
  • Modified the docker file to update all apk packages to latest version - this solve CVE-2024-2511 by updating openssl to 3.1.4-r6

Closes #172
Screenshot 2024-04-18 at 13 21 45

sighphyre
sighphyre approved these changes Apr 18, 2024
View reviewed changes
Copy link
Member

@sighphyre sighphyre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fantastic! Nice work here!

@andreas-unleash andreas-unleash merged commit 566c9e8 into main Apr 18, 2024
3 checks passed
@andreas-unleash andreas-unleash deleted the chore/upgrade_CVE_2024-2511 branch April 18, 2024 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sighphyre sighphyre sighphyre approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openssl:3.1.4-r5/CVE-2024-2511
2 participants
@andreas-unleash @sighphyre