[scl.org] Queries regarding nodejs 12 image
Honza Horak
hhorak at redhat.com
Thu Mar 26 13:48:24 UTC 2020
Version nodejs v12.16.1 is already available in the container, the
updated container was released few days back.
Regards,
Honza
On 3/25/20 7:14 AM, Abhinay Purty wrote:
> Hello,
>
> Any updates on the last 2 queries ?
>
> Thanks in advance.
>
> On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apurty at redhat.com
> <mailto:apurty at redhat.com>> wrote:
>
> @ Petr, Thanks for the update and opening up a ticket for the
> mentioned issue.
>
> On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pkubat at redhat.com
> <mailto:pkubat at redhat.com>> wrote:
>
> Hi Abhinay,
>
> On 3/19/20 8:28 AM, Abhinay Purty wrote:
>> Hello Team,
>>
>> IHAC with a few queries.
>>
>> 1. Does the following images contain the security fixes that
>> is mentioned in
>> 'https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
>> (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? [*]
>> https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
>> [*]
>> https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
>> If I understand correctly, the latest version of those images
>> are built before security fixes CVE-2019-15604[1],
>> CVE-2019-15605[2], CVE-2019-15606[3] were released. [1]
>> https://access.redhat.com/security/cve/CVE-2019-15604 [2]
>> https://access.redhat.com/security/cve/CVE-2019-15605 [3]
>> https://access.redhat.com/security/cve/CVE-2019-15606
>
> The released images seem to be affected by the CVEs mentioned,
> but do not show up as such in the catalog. This is a problem and
> I have opened up a ticket against container grading to check
> what went wrong:
> https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125
>
> The CVEs will soon be fixed (I have checked fixed builds are
> present) once the following advisory gets pushed:
> https://errata.devel.redhat.com/advisory/52592
>
>
>> 2. Is there any plans to release ubi8/nodejs-12 and
>> rhel8/nodejs-12 s2i builder images that would include current
>> LTS version of nodejs (12.16.1)? 3. Does the ubi8/nodejs-12
>> and rhel8/nodejs-12 have vanilla installation of the nodejs
>> runtime? Or is the nodejs runtime in those images Red Hat's
>> own implementation of the nodejs runtime ?
>
> I will leave these two to be answered by nodejs maintainers
> (added to CC).
>
> Petr
>
>>
>>
>> --
>> Regards,
>>
>> Abhinay Purty
>>
>> Associate Technical Support Engineer
>>
>> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>>
>> <https://red.ht/sig>
>>
>> _______________________________________________
>> SCLorg mailing list
>> SCLorg at redhat.com <mailto:SCLorg at redhat.com>
>> https://www.redhat.com/mailman/listinfo/sclorg
>
>
>
> --
> Regards,
>
> Abhinay Purty
>
> Associate Technical Support Engineer
>
> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
> <https://red.ht/sig>
>
>
>
> --
> Regards,
>
> Abhinay Purty
>
> Associate Technical Support Engineer
>
> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
> <https://red.ht/sig>
>
> _______________________________________________
> SCLorg mailing list
> SCLorg at redhat.com
> https://www.redhat.com/mailman/listinfo/sclorg
>
More information about the SCLorg
mailing list