Thanks for the update @Honza Horak <hho...@redhat.com>. On Thu, Mar 26, 2020 at 7:18 PM Honza Horak <hho...@redhat.com> wrote:
> Version nodejs v12.16.1 is already available in the container, the > updated container was released few days back. > > Regards, > Honza > > On 3/25/20 7:14 AM, Abhinay Purty wrote: > > Hello, > > > > Any updates on the last 2 queries ? > > > > Thanks in advance. > > > > On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apu...@redhat.com > > <mailto:apu...@redhat.com>> wrote: > > > > @ Petr, Thanks for the update and opening up a ticket for the > > mentioned issue. > > > > On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pku...@redhat.com > > <mailto:pku...@redhat.com>> wrote: > > > > Hi Abhinay, > > > > On 3/19/20 8:28 AM, Abhinay Purty wrote: > >> Hello Team, > >> > >> IHAC with a few queries. > >> > >> 1. Does the following images contain the security fixes that > >> is mentioned in > >> ' > https://nodejs.org/en/blog/vulnerability/february-2020-security-releases' > >> (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? [*] > >> > https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12 > >> [*] > >> > https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12 > >> If I understand correctly, the latest version of those images > >> are built before security fixes CVE-2019-15604[1], > >> CVE-2019-15605[2], CVE-2019-15606[3] were released. [1] > >> https://access.redhat.com/security/cve/CVE-2019-15604 [2] > >> https://access.redhat.com/security/cve/CVE-2019-15605 [3] > >> https://access.redhat.com/security/cve/CVE-2019-15606 > > > > The released images seem to be affected by the CVEs mentioned, > > but do not show up as such in the catalog. This is a problem and > > I have opened up a ticket against container grading to check > > what went wrong: > > > https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125 > > > > The CVEs will soon be fixed (I have checked fixed builds are > > present) once the following advisory gets pushed: > > https://errata.devel.redhat.com/advisory/52592 > > > > > >> 2. Is there any plans to release ubi8/nodejs-12 and > >> rhel8/nodejs-12 s2i builder images that would include current > >> LTS version of nodejs (12.16.1)? 3. Does the ubi8/nodejs-12 > >> and rhel8/nodejs-12 have vanilla installation of the nodejs > >> runtime? Or is the nodejs runtime in those images Red Hat's > >> own implementation of the nodejs runtime ? > > > > I will leave these two to be answered by nodejs maintainers > > (added to CC). > > > > Petr > > > >> > >> > >> -- > >> Regards, > >> > >> Abhinay Purty > >> > >> Associate Technical Support Engineer > >> > >> Red Hat India Pvt. Ltd. <https://www.redhat.com> > >> > >> <https://red.ht/sig> > >> > >> _______________________________________________ > >> SCLorg mailing list > >> SCLorg@redhat.com <mailto:SCLorg@redhat.com> > >> https://www.redhat.com/mailman/listinfo/sclorg > > > > > > > > -- > > Regards, > > > > Abhinay Purty > > > > Associate Technical Support Engineer > > > > Red Hat India Pvt. Ltd. <https://www.redhat.com> > > > > <https://red.ht/sig> > > > > > > > > -- > > Regards, > > > > Abhinay Purty > > > > Associate Technical Support Engineer > > > > Red Hat India Pvt. Ltd. <https://www.redhat.com> > > > > <https://red.ht/sig> > > > > _______________________________________________ > > SCLorg mailing list > > SCLorg@redhat.com > > https://www.redhat.com/mailman/listinfo/sclorg > > > > -- Regards, Abhinay Purty Associate Technical Support Engineer Red Hat India Pvt. Ltd. <https://www.redhat.com> <https://red.ht/sig>
_______________________________________________ SCLorg mailing list SCLorg@redhat.com https://www.redhat.com/mailman/listinfo/sclorg