Hi Community,
I have a puzzling problem with Liquibase 4.17.2 build. During a pipeline run, it is getting flagged by Aqua Security. Several vulnerabilities are flagged: bash, binutils, coreutils, libtasn1-6, libxml2, wget. The type of vulnerabilities is given as ‘PACKAGE’.
Are these known vulnerabilities? I was not able to find anything on this online. Would greatly appreciate any help.
Welcome to the Liquibase Forum, @alemac !
I will ask for someone on the dev team to take a look at this post. Could you take a screenshot or copy the exact text of the warning message and include it in a reply to this message? Thanks!
Hi @alemac - I have an update for you!
This issue was due to the underlying OS of the upstream docker image we use. There was a PR open that updated this issue, and was released in this week’s 4.18 release:
