fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-22 00:18:27 +00:00

History

Lucas Manuel Rodriguez ae00add76e Update alpine to patch vulnerability with severity "HIGH" (#26593 ) The vulnerability was posted by a prospect. Posting manual command until we get #25902 done. ```sh trivy image --ignore-unfixed --pkg-types os,library --severity CRITICAL,HIGH --show-suppressed fleetdm/fleet:v4.64.1 [...] fleetdm/fleet:v4.64.1 (alpine 3.21.0) Total: 2 (HIGH: 2, CRITICAL: 0) ┌────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤ │ libcrypto3 │ CVE-2024-12797 │ HIGH │ fixed │ 3.3.2-r4 │ 3.3.3-r0 │ openssl: RFC7250 handshakes with unauthenticated servers │ │ │ │ │ │ │ │ don't abort as expected │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-12797 │ ├────────────┤ │ │ │ │ │ │ │ libssl3 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘ ```		2025-02-25 18:33:24 -03:00
..
apple	Scope pending host profile rebuilds (#23772 )	2024-11-15 11:55:30 -05:00
assets	Updating golangci-lint to 1.61.0 (#22973 )	2024-10-18 12:38:26 -05:00
decrypt-disk-encryption-key	Initial implementation of decrypt tool (#21044 )	2024-08-05 11:53:15 -04:00
migration	Update alpine to patch vulnerability with severity "HIGH" (#26593 )	2025-02-25 18:33:24 -03:00
windows	Bump Go version from 1.23.1 to 1.23.4, Alpine on Docker images from 3.20 to 3.21 (#24518 )	2024-12-09 11:06:07 -06:00