Security issues with in runner images utilities (git-lfs) #2832

jb-2020 · 2023-08-23T15:59:19Z

jb-2020
Aug 23, 2023

The version of git-lfs in Ubuntu 20 uses git-lfs/2.9.2 (GitHub; linux arm64; go 1.13.5). This version of golang is old and has quite a few known vulnerabilities causing our security scanning to fail.

Ubuntu 22 is better but is using go 1.18.1 which also has a fair number of vulnerabilities.

The good news is that without git-lfs the scan results look good.

Any thoughts here? Ubuntu 23 solves many of these issues: git-lfs/3.4.0 (GitHub; linux arm64; go 1.20.7). Is Ubuntu 23 on the roadmap?

odyhunter · 2023-08-23T20:30:35Z

odyhunter
Aug 23, 2023

Github Action falls behind with Enterprise Level Security enhancement, this is some thing good to put into roadmap for sure!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security issues with in runner images utilities (git-lfs) #2832

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Security issues with in runner images utilities (git-lfs) #2832

Uh oh!

jb-2020 Aug 23, 2023

Replies: 1 comment

Uh oh!

Uh oh!

odyhunter Aug 23, 2023

jb-2020
Aug 23, 2023

odyhunter
Aug 23, 2023