High Software vulnerability issue in thanos because of busybox #4167
Assignees
Comments
|
Thank you for reporting! I'll look into this |
|
Actually, I've been pointed that we already use the latest. In the build the sha in the Makefile is used. However I guess it's fine to update the base as-well. :D |
|
@wiardvanrij thank you very much, any idea when will be the new version available? |
I actually edited something that as no effect basically :D - The hash was already updated in our Makefile. The latest Thanos releases already have the latest busybox version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi All,
Thanos latest version is having high software vulnerability issue because of busy-box which was come as part of black duck binary software analysis
issue reported : https://nvd.nist.gov/vuln/detail/CVE-2021-28831
note: prometheus also faced it and fixed it like this prometheus/graphite_exporter#154
The text was updated successfully, but these errors were encountered: