fleet

mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00

History

Lucas Manuel Rodriguez ae00add76e Update alpine to patch vulnerability with severity "HIGH" (#26593 ) The vulnerability was posted by a prospect. Posting manual command until we get #25902 done. ```sh trivy image --ignore-unfixed --pkg-types os,library --severity CRITICAL,HIGH --show-suppressed fleetdm/fleet:v4.64.1 [...] fleetdm/fleet:v4.64.1 (alpine 3.21.0) Total: 2 (HIGH: 2, CRITICAL: 0) ┌────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤ │ libcrypto3 │ CVE-2024-12797 │ HIGH │ fixed │ 3.3.2-r4 │ 3.3.3-r0 │ openssl: RFC7250 handshakes with unauthenticated servers │ │ │ │ │ │ │ │ don't abort as expected │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-12797 │ ├────────────┤ │ │ │ │ │ │ │ libssl3 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘ ```	2025-02-25 18:33:24 -03:00
..
Dockerfile	Reorg infrastructure and add changes for frontend's loadtesting environment (#4947 )	2022-04-12 12:49:00 -04:00
loadtest.Dockerfile	Update alpine to patch vulnerability with severity "HIGH" (#26593 )	2025-02-25 18:33:24 -03:00

Lucas Manuel Rodriguez ae00add76e

Update alpine to patch vulnerability with severity "HIGH" (#26593 )

The vulnerability was posted by a prospect.

Posting manual command until we get #25902 done.
```sh
trivy image --ignore-unfixed --pkg-types os,library --severity CRITICAL,HIGH --show-suppressed fleetdm/fleet:v4.64.1
[...]
fleetdm/fleet:v4.64.1 (alpine 3.21.0)

Total: 2 (HIGH: 2, CRITICAL: 0)

┌────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                          Title                           │
├────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2024-12797 │ HIGH     │ fixed  │ 3.3.2-r4          │ 3.3.3-r0      │ openssl: RFC7250 handshakes with unauthenticated servers │
│            │                │          │        │                   │               │ don't abort as expected                                  │
│            │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-12797               │
├────────────┤                │          │        │                   │               │                                                          │
│ libssl3    │                │          │        │                   │               │                                                          │
│            │                │          │        │                   │               │                                                          │
│            │                │          │        │                   │               │                                                          │
└────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
```

2025-02-25 18:33:24 -03:00

Dockerfile

Reorg infrastructure and add changes for frontend's loadtesting environment (#4947 )

2022-04-12 12:49:00 -04:00

loadtest.Dockerfile

Update alpine to patch vulnerability with severity "HIGH" (#26593 )

2025-02-25 18:33:24 -03:00