GitHub user PragmaTwice edited a comment on the discussion: CVEs in official docker image apache/kvrocks:2.14.0
2.14.0 has been already released and we should not change a released image. For releasing a patch version like 2.14.1, I don't think we have enough reason. We will not release a new version just due to a random scanner saying that there's some CVEs (that actually have no security impact.) If you do care about the scanner result (e.g. due to your company policy), I suggest you create a docker image by yourself with the new base image. (We will not release new images just to conform a company policy.) We can update the base image in 2.15.0. Release proposal is here: https://github.com/apache/kvrocks/discussions/3363. But I don't think debian 13 is a good choice. We can just use the latest bookworm (which is a LTS version). GitHub link: https://github.com/apache/kvrocks/discussions/3364#discussioncomment-15716018 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
