Updated base image with vulnerability patches.
Feature: Enhance Process by adding make file, support multi-arch and added Changelogs.
Fix: Resolve vulnerabilities in Docker image and Java dependencies
This PR highlights the vulnerabilities that have been resolved in the Docker image and associated Java dependencies. Below is the delta of vulnerabilities that were present in the previous scan but are no longer found in the current state.
Resolved Vulnerabilities:
Docker Image (alpine 3.13.12)
-
busybox- Vulnerability: CVE-2022-48174
- Severity: Critical
-
Issue: Stack overflow vulnerability in
ash.cleads to arbitrary code execution. -
Resolution: Upgraded from
1.32.1-r9to1.36.1-r2.
-
busybox- Multiple high and medium vulnerabilities related to use-after-free and out-of-bounds read/write issues in various
awkapplet versions. - Resolved via image upgrade.
- Multiple high and medium vulnerabilities related to use-after-free and out-of-bounds read/write issues in various
-
OS Version
- Upgraded from unsupported
alpine 3.13.12toalpine 3.19.4, ensuring continued security updates and reduced vulnerabilities.
- Upgraded from unsupported
Java Dependencies
-
com.azure:azure-identity- Vulnerability: CVE-2024-35255
- Severity: Medium
- Issue: Elevation of privilege vulnerability in Azure Identity libraries.
-
Resolution: Upgraded from
1.12.0to1.12.2.
-
com.microsoft.azure:msal4j- Addressed minor vulnerabilities and improved stability by upgrading from
1.15.0to1.15.1.
- Addressed minor vulnerabilities and improved stability by upgrading from
-
io.netty:netty-common- Vulnerability: CVE-2024-47535
- Severity: Medium
- Issue: Denial of Service attack on Windows apps using Netty.
-
Resolution: Upgraded from
4.1.109.Finalto4.1.115.
By resolving these vulnerabilities, the project achieves enhanced security, improved stability, and alignment with the latest software and OS updates. Please review and approve this PR.