We're getting a lot of vulns in FusionReactor show...
# fusion-reactora
Adam Cameron
02/29/2024, 9:35 AM
We're getting a lot of vulns in FusionReactor showing up in our Snyk scan of our Lucee Docker image, which includes fusionreactor.jar.
Does the FusionReactor team stay on top of this sort of thing?
Nothing critical, but it's contributes the most vulns compared to anything else in that image.
Adam Cameron
02/29/2024, 9:36 AM
We D/L the latest FR jar file every time we build the image, so we're at most one week behind ATM
b
bdw429s
02/29/2024, 2:11 PMI'm curious what version of the jar is included?
bdw429s
02/29/2024, 2:11 PMI didn't realize the Lucee docker image bundled that
a
Adam Cameron
02/29/2024, 2:25 PM
It doesn't. We add that. I should have said "our Lucee-based docker image"
b
bdw429s
02/29/2024, 2:25 PMOh, sorry. Got it.
a
Adam Cameron
02/29/2024, 2:26 PM
No worries. My wording was inaccurate.
n
Nicholas Millard
03/01/2024, 3:02 PMHi Adam, if you're concerned about any vulnerabilities please send the information to support@fusion-reactor.com and we'll look into it
a
Adam Cameron
03/01/2024, 3:20 PM
Will do. it'll be next week @ this stage. Cheers for getting back to me
👍 1
4 Views