You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For at least a week, this has been showing up as a vulnerability on scans of my deployments that use the 8.2-apache tag.
Deployments appear to contain libxml2 version 2.9.14, which Gnome's Gitlab repo shows no updates to for the past two years. Is there any plan to update the image to 2.10+.X? Can we expect a solution to this in the near future? And if not, if anyone can point me towards instructions on manually changing the version myself that would be appreciated.
The text was updated successfully, but these errors were encountered:
See https://security-tracker.debian.org/tracker/CVE-2025-27113 -- this isn't fixed in Debian (Bookworm/Stable, anyhow), and the Debian Security Team didn't add any notes, but my best guess is that the likelihood of exploit is really low (and as with any change, the likelihood of breakage from the fix is always non-zero).
https://nvd.nist.gov/vuln/detail/CVE-2025-27113
For at least a week, this has been showing up as a vulnerability on scans of my deployments that use the 8.2-apache tag.
Deployments appear to contain libxml2 version 2.9.14, which Gnome's Gitlab repo shows no updates to for the past two years. Is there any plan to update the image to 2.10+.X? Can we expect a solution to this in the near future? And if not, if anyone can point me towards instructions on manually changing the version myself that would be appreciated.
The text was updated successfully, but these errors were encountered: