JayaniH opened a new issue, #20994: URL: https://github.com/apache/superset/issues/20994
We are hoping to deploy Apache Superset for a data visualization task, and we carried out a Trivy scan (https://github.com/aquasecurity/trivy) of the superset image prior to the deployment which detected a significant number of vulnerabilities. > **apache/superset:2.0.0 (debian 11.2) (Digest sha256:ca32ff641daca7447edfe78345e1abbc3b278895b1d4a245e69e28020e3310b7)** > Total: 879 (MEDIUM: 384, HIGH: 428, CRITICAL: 67) > > **Python** > Total: 4 (MEDIUM: 0, HIGH: 2, CRITICAL: 2) The latest image of superset has less number of vulnerabilities. > **apache/superset:latest (debian 11.4) (Digest sha256:1397d3d4f1c5da406175df6b1529d7c39cb6cab486f6852577dc985a0208f151)** > Total: 635 (MEDIUM: 250, HIGH: 343, CRITICAL: 42) > > **Python** > Total: 4 (MEDIUM: 1, HIGH: 1, CRITICAL: 2) 1. Can we know when the superset team is planning to do a new release that includes this new Debian version in the image? 2. As the latest image also contain many vulnerabilities and fixed versions have been released for some of these, is it possible to get these packages upgraded as well? E.g. Curl version 7.74.0-1.3+deb11u1 in the image has been detected as vulnerable. There is a fixed version 7.74.0-1.3+deb11u2. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
