Skip to content

Vulnerability patch in hub #3732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2025
Merged

Vulnerability patch in hub #3732

merged 1 commit into from
Sep 8, 2025

Conversation

@jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Sep 8, 2025

A rebuild of quay.io/jupyterhub/k8s-hub has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-hub:4.2.1-0.dev.git.7137.h9dc2ee90.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2023-31484 libperl5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2023-31484 perl 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2023-31484 perl-base 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2023-31484 perl-modules-5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2023-52425 libexpat1 2.5.0-1+deb12u1 2.5.0-1+deb12u2
debian CVE-2024-50602 libexpat1 2.5.0-1+deb12u1 2.5.0-1+deb12u2
debian CVE-2024-8176 libexpat1 2.5.0-1+deb12u1 2.5.0-1+deb12u2
debian CVE-2025-3576 libgssapi-krb5-2 1.20.1-2+deb12u3 1.20.1-2+deb12u4
debian CVE-2025-3576 libk5crypto3 1.20.1-2+deb12u3 1.20.1-2+deb12u4
debian CVE-2025-3576 libkrb5-3 1.20.1-2+deb12u3 1.20.1-2+deb12u4
debian CVE-2025-3576 libkrb5support0 1.20.1-2+deb12u3 1.20.1-2+deb12u4
debian CVE-2025-40909 libperl5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2025-40909 perl 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2025-40909 perl-base 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2025-40909 perl-modules-5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
debian CVE-2025-4802 libc-bin 2.36-9+deb12u10 2.36-9+deb12u11
debian CVE-2025-4802 libc6 2.36-9+deb12u10 2.36-9+deb12u11
debian CVE-2025-6965 libsqlite3-0 3.40.1-2+deb12u1 3.40.1-2+deb12u2
debian CVE-2025-6965 sqlite3 3.40.1-2+deb12u1 3.40.1-2+deb12u2
debian CVE-2025-8058 libc-bin 2.36-9+deb12u10 2.36-9+deb12u13
debian CVE-2025-8058 libc6 2.36-9+deb12u10 2.36-9+deb12u13
debian CVE-2025-8713 libpq5 15.13-0+deb12u1 15.14-0+deb12u1
debian CVE-2025-8714 libpq5 15.13-0+deb12u1 15.14-0+deb12u1
debian CVE-2025-8715 libpq5 15.13-0+deb12u1 15.14-0+deb12u1

After

Target Vuln. ID Package Name Installed v. Fixed v.

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Sep 8, 2025
@manics manics merged commit bac149a into main Sep 8, 2025
16 checks passed
@manics manics deleted the vuln-scan-hub branch September 8, 2025 07:02
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Sep 8, 2025
[jupyterhub] Automatic update for commit 4.2.1-0.dev.git.7144.hbac149a9
12a86e1 
jupyterhub/zero-to-jupyterhub-k8s#3732 Merge pull request #3732 from jupyterhub/vuln-scan-hub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees

No one assigned

Labels

image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jupyterhub-bot @manics