You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using IRIS in a Docker environment for my organization. We try to keep our instance as up-to-date as possible, but our internal security scans still flag several vulnerabilities in the base images and dependencies (notably in PostgreSQL, libxml2, Werkzeug, Flask, and ImageMagick dependencies).
To help us align with our internal hardening policies, could you clarify:
What is the project's strategy for updating base Docker images (e.g., move to more recent versions or Alpine-based images)?
Is there a planned roadmap to address the current CVEs found in the latest stable stack?
As IRIS is a core security tool, we want to ensure its underlying stack remains as resilient as possible.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
DFIR-IRIS
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm using IRIS in a Docker environment for my organization. We try to keep our instance as up-to-date as possible, but our internal security scans still flag several vulnerabilities in the base images and dependencies (notably in PostgreSQL, libxml2, Werkzeug, Flask, and ImageMagick dependencies).
To help us align with our internal hardening policies, could you clarify:
As IRIS is a core security tool, we want to ensure its underlying stack remains as resilient as possible.
Thanks for your help!
Beta Was this translation helpful? Give feedback.
All reactions