CVE issues in Drools
24 views
Skip to first unread message
Richa Singh
Jan 3, 2023, 5:33:15 PM1/3/23
to Drools Setup
Hi,
We use the kie-server docker container https://quay.io/repository/kiegroup/kie-server?tab=info. We are using the latest version i.e. 7.73.0. The base images and libraries have many CVE vulnerabilities
Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-3f7h-mf4q-vrm4)
Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-w37g-rhq8-7m4j)
We use the kie-server docker container https://quay.io/repository/kiegroup/kie-server?tab=info. We are using the latest version i.e. 7.73.0. The base images and libraries have many CVE vulnerabilities
e.g
Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-3f7h-mf4q-vrm4)
Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-w37g-rhq8-7m4j)
What is a recommended approach to handle the vulnerabilities? How do we contribute to resolving these vulnerabilities?
I saw a related post regarding contributing to resolve the Synk issues but there was no response to the thread.
Thanks
Reply all
Reply to author
Forward
0 new messages