You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Will the Go version of the project be updated to latest 1.22.3 to address CVEs such as https://avd.aquasec.com/nvd/2023/cve-2023-45289/. I see Go on version 1.21 in the latest Hydra version v2.2.0. CVEs like this one are being raised during Trivy scanning on the Hydra binaries present in the docker image. Would this be in the next release and would you happen to know the timeline for that release?
I feel like it's not enough to just cut a Docker image release when you release new versions of Hydra.. if it bundles 3rd party dependencies that have their own security vulnerabilities, it'd be great if Ory made routine new Docker images even if the Hydra version itself isn't changing. Other open source projects often work this way, in the containerized world we now live in.
I appreciate it's added burden for the maintainers, but it's good for the community :)
Preflight checklist
Ory Network Project
No response
Describe the bug
Will the Go version of the project be updated to latest 1.22.3 to address CVEs such as https://avd.aquasec.com/nvd/2023/cve-2023-45289/. I see Go on version 1.21 in the latest Hydra version v2.2.0. CVEs like this one are being raised during Trivy scanning on the Hydra binaries present in the docker image. Would this be in the next release and would you happen to know the timeline for that release?
Reproducing the bug
Run Trivy scan on Hydra image.
Relevant log output
Relevant configuration
No response
Version
2.2.0
On which operating system are you observing this issue?
None
In which environment are you deploying?
Docker
Additional Context
None
The text was updated successfully, but these errors were encountered: