You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/11/28 05:08:13 UTC

[GitHub] [superset] tooptoop4 opened a new issue, #22235: CVEs on 2.0.1 docker image

tooptoop4 opened a new issue, #22235:
URL: https://github.com/apache/superset/issues/22235

   i pulled docker image for 2.0.1rc4
   
   findings:
   upgrade Pillow to 9.3.0 to resolve CVE-2022-30595, CVE-2022-45198, CVE-2022-45199
   upgrade Flask-Caching to 1.11.0 to resolve CVE-2021-33026
   upgrade Werkzeug to 2.1.1 to resolve CVE-2022-29361
   upgrade aiohttp to 3.8.3 to resolve CVE-2022-33124
   curl is also affected by CVE-2022-42916 , can it be removed from the image?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on issue #22235: CVEs on 2.0.1 docker image

Posted by GitBox <gi...@apache.org>.

rusackas commented on issue #22235:
URL: https://github.com/apache/superset/issues/22235#issuecomment-1330921023

   We'll add these to the security roadmap, and have it on the agenda to tackle and discuss at the next Security working group meeting. Let me know if you have any interest in attending. Thanks again!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] villebro closed issue #22235: CVEs on 2.0.1 docker image

Posted by GitBox <gi...@apache.org>.

villebro closed issue #22235: CVEs on 2.0.1 docker image
URL: https://github.com/apache/superset/issues/22235


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on issue #22235: CVEs on 2.0.1 docker image

Posted by GitBox <gi...@apache.org>.

rusackas commented on issue #22235:
URL: https://github.com/apache/superset/issues/22235#issuecomment-1330917516

   Thank you for pointing out these issues. 2.0.1 is close to fully baked, and resolves a number of issues already. I think these additional fixes will have to wait for a fast-follow 2.0.2 release. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org