Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

confluentinc/cp-schema-registry:7.1.1 has vulnerabilities. 7.2 isn't yet uploaded. #58

Open
abhinavbakaya opened this issue May 16, 2022 · 1 comment
Open

confluentinc/cp-schema-registry:7.1.1 has vulnerabilities. 7.2 isn't yet uploaded. #58

abhinavbakaya opened this issue May 16, 2022 · 1 comment

Comments

@abhinavbakaya
Copy link

We are using the below Dockerfile to do a dnf upgrade on the image confluentinc/cp-schema-registry:7.1.1 and then we are using the built image to run schema registry on Kubernetes.

FROM confluentinc/cp-schema-registry:7.1.1
USER root
RUN dnf upgrade -y
USER appuser

Even after that, I am being continuously asked by my organisation's Security Team to remove the vulnerabilities.
CVE-2020-36518
PRISMA-2021-0213
CVE-2022-24329

Please help.
@abhinavbakaya abhinavbakaya changed the title confluentinc/cp-schema-registry:7.1.1 has vulnerabilities confluentinc/cp-schema-registry:7.1.1 has vulnerabilities. 7.2 isn't yet uploaded. May 23, 2022
@janjwerner-confluent
Copy link
Member

Thank you for raising this issue. The CVEs are addressed in the latest release 7.1.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abhinavbakaya @janjwerner-confluent