Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 28C15225CCC for <~alpine/users@lists.alpinelinux.org>; Fri, 6 Sep 2024 15:56:09 +0000 (UTC) Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5bef295a429so2446172a12.2 for <~alpine/users@lists.alpinelinux.org>; Fri, 06 Sep 2024 08:56:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kubra.com; s=google; t=1725638166; x=1726242966; darn=lists.alpinelinux.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0EdkEE3V910UagAz0ffSFGOFuBBQq6St7v3jI9JoB4A=; b=F0e9G01L0mIGocNxa2rfrFqxUeQFsJSZ29Gx/LryTufKb6lya1vMUVK5DevOHXr65t W96oA+O/Bk7LGyabg0EeXaU0UdmLbPbdg827vMZfUG9A8EewRw7HXhZ1QRHu5qcFFE/v YvUggLBmL9nx3xvxohJmZWiIvvbSyQfAd4BKY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725638166; x=1726242966; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0EdkEE3V910UagAz0ffSFGOFuBBQq6St7v3jI9JoB4A=; b=DcL1Zku7mnEDnCraktKnrbopd/C85V8cX3v9obrCLJh2oSjP5cxRM8A3o1/e9bbyNz wVkfy2HRYwMh0MP1pRr/OPCWOZD/ytanJcU8yT2w9nFRHx6Ls60Kdmdg1GO2/sGgQiEU FsMgDSQdjo+aQR67ETQX2kyjqNP2xPHuHGXe70qiaKs2WoukEtkPbSgxUr/OKDOc+dto DoGsT3MPFY7WL7WU61FCsNdrukSMzYv9xd8uH7FGgKf65tLA6elrLSrLXb4L9AbDiYBI PYqG7ozUyKK7dU2OcfbEJO6vaRUasUvascGYcJlvuVvJCo1aqLFADD27VXvpYKzUqlF8 vLqw== X-Gm-Message-State: AOJu0YzcUHz9QPRpSHOLzFLjrXKUt1olWRS2thSCY/2cX2Iq9jlnbEd+ llQ7en7xZ33ZCee0xrHni/jnbxxXumJIrYxLC3+OW0FzCps93j51fRGz4nATpOAqcwd3ANkA5bw FjKGBL0m01F7Oty8z7uUl2NMAzQ8lT506K0Wj X-Google-Smtp-Source: AGHT+IFe45gfqYMUxoN3eARsm4HitAt3XrKCVX6U03/pCScJh3Aj4hAGF+4gVXqg3okzCgB44V7M2+5ClqRU/Nz58Gw= X-Received: by 2002:a05:6402:5207:b0:5c0:adad:98a2 with SMTP id 4fb4d7f45d1cf-5c3dc7802afmr2034762a12.1.1725638165911; Fri, 06 Sep 2024 08:56:05 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Rick Hanton Date: Fri, 6 Sep 2024 08:55:38 -0700 Message-ID: Subject: Re: Curious about next alpine release after 3.20.2 To: Konstantin Kulikov Cc: ~alpine/users@lists.alpinelinux.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Konstantin, Aha, perfect - I was wondering when the APK upgrade would pick it up, thanks for answering that. To Pete's question, we're running Sysdig Secure scans on our docker containerized (Java) services built on alpine-linux after the container is built. Sysdig is able to both introspect the .jar package [lib folder] for vulnerable dependencies and also analyzes the linux operating system. Most of the time the findings are due to application dependency issues, but occasionally something like this issue with the expat lib comes up on the O/S. We do run an updated build of our underlying container once a day and part of that build process runs apk upgrade, so thanks to Celeste and others for pushing the update to aports master quickly! Thanks, Rick Hanton Rick Hanton Sr. Manager, Communications Product Engineering, KUBRA P: 651.747.5864 E: rick.hanton@kubra.com *This email message, and any attachments, is intended only for the named recipient(s) and may contain information that is privileged and confidential. If you have received this message in error, please immediately notify the sender and delete this email message. On Fri, Sep 6, 2024 at 2:13=E2=80=AFAM Konstantin Kulikov wrote: > > Update was merged in 3.20 branch, no need to wait for a new tag. Run > apk upgrade on affected systems. > > On Thu, Sep 5, 2024 at 8:40=E2=80=AFPM Rick Hanton wrote: > > > > Hi folks, new to the mailing list but was just trying to understand > > the normal pattern for patch releases of Alpine. It seemed like > > releases usually were happening the 2nd/3rd week of each month until > > there was none in August. > > > > I have a security dependency scanner screaming about CVE-2024-45490, > > CVE-2024-45491, & CVE-2024-45492 that it looks like Celeste patched a > > few hours ago in > > https://git.alpinelinux.org/aports/commit/?id=3D342f67bbfd2ade7f7582ca7= e1ad878ec41181997 > > > > I was just wondering if there is any estimate of when the next patch > > release of 3.20.x might occur with Celeste's fix so I can mute the > > scanner till approximately that date. Thanks for the help! > > > > Rick Hanton