You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/11/28 05:08:13 UTC
[GitHub] [superset] tooptoop4 opened a new issue, #22235: CVEs on 2.0.1 docker image
tooptoop4 opened a new issue, #22235:
URL: https://github.com/apache/superset/issues/22235
i pulled docker image for 2.0.1rc4
findings:
upgrade Pillow to 9.3.0 to resolve CVE-2022-30595, CVE-2022-45198, CVE-2022-45199
upgrade Flask-Caching to 1.11.0 to resolve CVE-2021-33026
upgrade Werkzeug to 2.1.1 to resolve CVE-2022-29361
upgrade aiohttp to 3.8.3 to resolve CVE-2022-33124
curl is also affected by CVE-2022-42916 , can it be removed from the image?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] rusackas commented on issue #22235: CVEs on 2.0.1 docker image
Posted by GitBox <gi...@apache.org>.
rusackas commented on issue #22235:
URL: https://github.com/apache/superset/issues/22235#issuecomment-1330921023
We'll add these to the security roadmap, and have it on the agenda to tackle and discuss at the next Security working group meeting. Let me know if you have any interest in attending. Thanks again!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro closed issue #22235: CVEs on 2.0.1 docker image
Posted by GitBox <gi...@apache.org>.
villebro closed issue #22235: CVEs on 2.0.1 docker image
URL: https://github.com/apache/superset/issues/22235
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] rusackas commented on issue #22235: CVEs on 2.0.1 docker image
Posted by GitBox <gi...@apache.org>.
rusackas commented on issue #22235:
URL: https://github.com/apache/superset/issues/22235#issuecomment-1330917516
Thank you for pointing out these issues. 2.0.1 is close to fully baked, and resolves a number of issues already. I think these additional fixes will have to wait for a fast-follow 2.0.2 release.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org