operator-sdk icon indicating copy to clipboard operation
operator-sdk copied to clipboard
verified publisher icon operator-framework

Bump docker package to v25.0.6 to fix critical CVE GHSA-v23v-6jw2-98fq

Open jordigilh opened this issue 1 year ago • 0 comments

Fixes a critical CVE found in the docker/docker package: https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq

This is a minor z-stream bump that should not introduce a regression. There's an existing bot PR that is bumping the same package to 26.1.4 (https://github.com/operator-framework/operator-sdk/pull/6794), but this version still contains the bug as per advisory. It would be better to use version 26.1.5, which has the fix for this bug.

jordigilh avatar Aug 01 '24 13:08 jordigilh