Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch needed for MS ASP.NET 6.0.26 #282

Closed
djciaro opened this issue May 16, 2024 · 2 comments
Closed

Patch needed for MS ASP.NET 6.0.26 #282

djciaro opened this issue May 16, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@djciaro
Copy link

djciaro commented May 16, 2024

Report

There is a known vulnerability for ASP.NET dotnet/announcements#295
the latest version resolves this issue. Would it be possible to update to version 6.0.27

Expected Behavior

To be able to scan for vulnerabilities and not find any critical vulnerabilities

Actual Behavior

Whne using Trivy iin harbor to scan this image CVE-2024-21386 is detected and marked as critical

Steps to Reproduce the Problem

  1. Pull image from DockerHub
  2. Scan using Trivy
  3. reveiw report

Logs from self-hosted gateway

example

Self-hosted Gateway Version

stv2.1

Deployment

Other

Platform

Microsoft Azure

Kubernetes Version

None

Anything else?

image
Result of trivy scan
@djciaro djciaro added the bug Something isn't working label May 16, 2024
@tomkerkhove
Copy link
Member

A new version will be shipped soon that should resolve this

@tomkerkhove
Copy link
Member

Fixed in https://github.com/Azure/api-management-self-hosted-gateway/releases/tag/Container-v2.6.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomkerkhove @djciaro