Summary
Hello team. There is an open Critical CVE the Go Crypto package - GHSA-v778-237x-gjrc
This is present in any Docker image build from an Alpine 3.20 base image, which includes all DragonflyOSS images. In order to resolve this, please consider upgrading the base images for these artifacts to Alpine 3.21 or above.
Details
GHSA-v778-237x-gjrc
This is not a directly used or included package in the Dragonfly project, but is present in all Docker artifacts produced by the project.
Impact
Any user who is downloading, installing or running Dragonfly in a containerized environment. This is present in the latest stable release of Dragonfly v2.3.0
Patches
- Dragonfly v2.3.2 and above
- Dragonfy v2.2.5 and above
Workarounds
Rebuild the Dragonfly Docker images using Alpine 3.21 or later as the base image.
For more information
If you have any questions or comments about this advisory, please email us at [email protected].
Summary
Hello team. There is an open Critical CVE the Go Crypto package - GHSA-v778-237x-gjrc
This is present in any Docker image build from an Alpine 3.20 base image, which includes all DragonflyOSS images. In order to resolve this, please consider upgrading the base images for these artifacts to Alpine 3.21 or above.
Details
GHSA-v778-237x-gjrc
This is not a directly used or included package in the Dragonfly project, but is present in all Docker artifacts produced by the project.
Impact
Any user who is downloading, installing or running Dragonfly in a containerized environment. This is present in the latest stable release of Dragonfly v2.3.0
Patches
Workarounds
Rebuild the Dragonfly Docker images using Alpine 3.21 or later as the base image.
For more information
If you have any questions or comments about this advisory, please email us at [email protected].