https://cerbos.dev logo
#help
Title
# help
d

Dmitry Meyerson

10/19/2023, 3:39 PM
Hey cerbos - looks like there an image vulnerability - is this something that is fixed in a later image?
Copy code
New vulnerabilities discovered in image:
<http://ghcr.io/cerbos/cerbos:0.29.0|ghcr.io/cerbos/cerbos:0.29.0> ID: sha256:875b6797c523eda6a868374c0f11245c6540d49ef53a3d20a39a886f4e6cb1ca
Alert Profile
my-dev-cluster
OS Distribution
High (1)
CVE-2023-45142
New vulnerabilities discovered in image:
bitnami/postgresql:11.14.0-debian-10-r28 ID: sha256:856622fa7d83ea0f46567b8964ed52b53680b24f5008b72a7a5a718fc8cd3bdb
Alert Profile
my-dev-cluster
OS Distribution
Debian GNU/Linux 10 (buster)
High (2)
CVE-2020-11080 | CVE-2023-44487
o

oguzhan

10/19/2023, 4:18 PM
Hey @Dmitry Meyerson, Currently released images of cerbos includes this vulnerability including the latest v0.30 version. We are planning to release a new version next week or so where this vulnerability is fixed. In the meantime, you could temporarily use the cerbos image with
dev
image tag where the vulnerability is already fixed.
d

Dmitry Meyerson

10/19/2023, 4:45 PM
cool thanks - so v0.31 will probably have the fix?
o

oguzhan

10/20/2023, 7:15 AM
Yes, it will