Home > mailing lists

Re: BUG #18702: Critical & High Security vulnerability issue with Trivy Scan in postgres 16 - Mailing list pgsql-bugs

From	Daniel Gustafsson
Subject	Re: BUG #18702: Critical & High Security vulnerability issue with Trivy Scan in postgres 16
Date	November 13 15:05:48
Msg-id	7AC8642F-725B-4CB2-AAD3-22E8F08C767D@yesql.se Whole thread Raw
In response to	BUG #18702: Critical & High Security vulnerability issue with Trivy Scan in postgres 16 (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

> On 12 Nov 2024, at 11:12, PG Bug reporting form <noreply@postgresql.org> wrote:

> We are using postgres 16 docker image from hub and we found some Critical
> and High vulnerability.

The postgres docker image is not maintained by the postgres committers, the
page on docker.com lists (and links to) "Maintained by: the PostgreSQL Docker
Community" as the ones you should be contacting.  They may call it "Docker
Official Image" but that doesn't mean it's official by postgresql.org.

> This fix is essential for our releases.  Please provide fix for the
> vulnerability issue below.

While it's none of my business, but if something which you are unsure over who
maintains is essential to your business, then maybe consider compiling a Docker
image yourself inhouse?

--
Daniel Gustafsson

pgsql-bugs by date:

From: RECHTÉ Marc
Date: 13 November, 14:00:46
Subject: Very long loop breaking logical replication walsender / walreceiver connection

From: Daniel Gustafsson
Date: 13 November, 15:14:08
Subject: Re: BUG #18699: Checksum verification failed for: edb_pgagent_pg17.app.zip

Re: BUG #18702: Critical & High Security vulnerability issue with Trivy Scan in postgres 16 - Mailing list pgsql-bugs

Previous

Next