| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | sathyendran(dot)vellaisamy(at)intel(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #18702: Critical & High Security vulnerability issue with Trivy Scan in postgres 16 |
| Date: | 2024-11-13 09:05:48 |
| Message-ID: | 7AC8642F-725B-4CB2-AAD3-22E8F08C767D@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> On 12 Nov 2024, at 11:12, PG Bug reporting form <noreply(at)postgresql(dot)org> wrote:
> We are using postgres 16 docker image from hub and we found some Critical
> and High vulnerability.
The postgres docker image is not maintained by the postgres committers, the
page on docker.com lists (and links to) "Maintained by: the PostgreSQL Docker
Community" as the ones you should be contacting. They may call it "Docker
Official Image" but that doesn't mean it's official by postgresql.org.
> This fix is essential for our releases. Please provide fix for the
> vulnerability issue below.
While it's none of my business, but if something which you are unsure over who
maintains is essential to your business, then maybe consider compiling a Docker
image yourself inhouse?
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2024-11-13 09:14:08 | Re: BUG #18699: Checksum verification failed for: edb_pgagent_pg17.app.zip |
| Previous Message | RECHTÉ Marc | 2024-11-13 08:00:46 | Very long loop breaking logical replication walsender / walreceiver connection |