Liquibase image 4.17.2 flagged by Aqua Security

Hi Community,

I have a puzzling problem with Liquibase 4.17.2 build. During a pipeline run, it is getting flagged by Aqua Security. Several vulnerabilities are flagged: bash, binutils, coreutils, libtasn1-6, libxml2, wget. The type of vulnerabilities is given as ‘PACKAGE’.

Are these known vulnerabilities? I was not able to find anything on this online. Would greatly appreciate any help.

1 Like

Welcome to the Liquibase Forum, @alemac !

I will ask for someone on the dev team to take a look at this post. Could you take a screenshot or copy the exact text of the warning message and include it in a reply to this message? Thanks!

Hi @alemac - I have an update for you!

This issue was due to the underlying OS of the upstream docker image we use. There was a PR open that updated this issue, and was released in this week’s 4.18 release: