https://dagster.io/ logo
Title
c

ChrisO

05/04/2023, 3:48 AM
Hi All, has anyone tried to update the daggers container images as it's full of vulnerabilities based on AWS ECR scanning.
d

daniel

05/04/2023, 2:26 PM
Hello - I suspect those vulnerabilities are all from the official Python docker base image: https://hub.docker.com/_/python The High severity one listed there would normally be cause for alarm, but it appears to be present in every Debian distro and the Debian maintainers have marked it as not actually exploitable: https://security-tracker.debian.org/tracker/CVE-2019-8457
We can help with instructions for building the image on a different base image if there's one that you'd prefer, it should be pretty quick to do so as the image is basically just a couple of pip install commands