You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Earlier this month CVE-2023-39417 and several other HIGH & CRITICAL CVEs have been reported with postgres 15.3 and older versions.
We use the latest pgstac v0.7.10 image, which is running with postgres 15.3 and has been flagged with CVE-2023-39417. Since your Dockerfile is using postgres:15-bullseyehttps://github.com/stac-utils/pgstac/blob/main/Dockerfile#L1 as the base image, the only action needed is to re-kick an image publishing action, and the newest postgres:15-bullseye already contains postgres 15.4 which is the recommended fix for most of the CVEs.
Would building/publishing a new image of pgstac be possible in the short term? Is there a timeline for the next pgstac release?
The text was updated successfully, but these errors were encountered:
Earlier this month CVE-2023-39417 and several other HIGH & CRITICAL CVEs have been reported with postgres 15.3 and older versions.
We use the latest pgstac v0.7.10 image, which is running with postgres 15.3 and has been flagged with CVE-2023-39417. Since your Dockerfile is using
postgres:15-bullseye
https://github.com/stac-utils/pgstac/blob/main/Dockerfile#L1 as the base image, the only action needed is to re-kick an image publishing action, and the newestpostgres:15-bullseye
already contains postgres 15.4 which is the recommended fix for most of the CVEs.Would building/publishing a new image of pgstac be possible in the short term? Is there a timeline for the next pgstac release?
The text was updated successfully, but these errors were encountered: