Jonathan Kwan created GUACAMOLE-1768: ----------------------------------------
Summary: Docker - Guacamole Vulnerability Updates Key: GUACAMOLE-1768 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1768 Project: Guacamole Issue Type: Improvement Components: guacamole, guacd-docker Affects Versions: 1.5.0 Reporter: Jonathan Kwan Hi, I was doing a synk vulnerability scan with "docker scan" to see what vulnerabilities were in the docker image. I saw the below, and was inquiring how the docker components get updated from a vulnerability perspective? Issues to fix by upgrading: Upgrade com.fasterxml.woodstox:woodstox-core@5.2.1 to com.fasterxml.woodstox:woodstox-core@5.4.0 to fix ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135] in com.fasterxml.woodstox:woodstox-core@5.2.1 introduced by com.fasterxml.woodstox:woodstox-core@5.2.1 ✗ XML External Entity (XXE) Injection [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754] in com.fasterxml.woodstox:woodstox-core@5.2.1 introduced by com.fasterxml.woodstox:woodstox-core@5.2.1 The above is from the latest guacamole docker image. For guacd, there wasn't anything shown at the moment. -- This message was sent by Atlassian Jira (v8.20.10#820010)