Replies: 2 comments 1 reply
-
|
Hey @vertigo15 Thank you for the heads up! We will work on that ASAP. |
Beta Was this translation helpful? Give feedback.
-
|
From what I can see, we are using the latest version of |
Beta Was this translation helpful? Give feedback.
-
|
Docker_8678c23_Security_Export.csv |
Beta Was this translation helpful? Give feedback.
-
HI,
We scaned langflow backend and front end images for vulnerability ( Jfrog) and most of them we related to debian:
CVE-2023-45853 zlib1g
CVE-2024-45492 (libexpat1:2.5.0-1)
CVE-2024-45491 libexpat1
CVE-2024-37371 libkrb5-3:1.20.1-2+deb12u1
CVE-2024-33663 python-jose ( this is python related )
they can be fixed by using an updated version of debian or by running:
sudo apt install --only-upgrade -y zlib1g libexpat1 libk5crypto3 libkrb5support0 libgssapi-krb5-2 libkrb5-3
sudo apt install --only-upgrade -y libssl3 libssl1.1 libc6 libcurl4 libcurl3
if pip show python-jose &>/dev/null; then
pip install --upgrade python-jose
else
echo "python-jose not installed via pip. Skipping pip upgrade."
fi
Update python3-jose via apt if installed via package manager
if dpkg -l | grep -q python3-jose; then
echo "Upgrading python3-jose via apt..."
sudo apt install --only-upgrade -y python3-jose
else
echo "python3-jose not installed via apt. Skipping apt upgrade."
fi
Beta Was this translation helpful? Give feedback.
All reactions