feast icon indicating copy to clipboard operation
feast copied to clipboard
verified publisher icon feast-dev

CVEs due the current version of Debian that Feast uses

Open sourabh-raja-murali opened this issue 2 years ago • 3 comments

  • https://security-tracker.debian.org/tracker/CVE-2023-45853
  • https://security-tracker.debian.org/tracker/CVE-2023-38408
  • https://security-tracker.debian.org/tracker/CVE-2023-45871

Above are some vulnerabilities as part of the current Debian version that Feast uses.

Possible Solution

Updating the Debian version would solve these CVEs.

PS: Have indicated just a few critical CVEs. There are other moderate ones as well again due to the Debian version.

sourabh-raja-murali avatar Dec 04 '23 20:12 sourabh-raja-murali

Feast uses the Python3.8/3.9 images as base images. The Python3.10 does not seem to have high Vulnerabilities.

I'll keep an eyeeye on this when we do the upgration. It will involve multiple tests. The current CI/CD is using Python3.8.

shuchu avatar Dec 05 '23 02:12 shuchu

at this point feast should prob drop 3.8 entirely and start phasing out 3.9. see python version calendar.

image

robhowley avatar Jan 02 '24 20:01 robhowley

Feast is upgraded to support Python >= 3.9.

shuchu avatar Apr 16 '24 01:04 shuchu