Assigned
Status Update
No update yet.
Comments
va...@google.com
ku...@google.com
ku...@google.com
Hello,
Thank you for reaching out to us with your request.
We have duly noted your feedback and will thoroughly validate it. While we cannot provide an estimated time of implementation or guarantee the fulfillment of the issue, please be assured that your input is highly valued. Your feedback enables us to enhance our products and services.
We appreciate your continued trust and support in improving our Google Cloud Platform products. In case you want to report a new issue, Please do not hesitate to create a new issue on the
Once again, we sincerely appreciate your valuable feedback; Thank you for your understanding and collaboration.
Description
Artifact Registry vulnerability scanner flagged GCF-produced image (Python 3.11 runtime) as it contains Go stdlib v1.21.7 vulnerable to the CVEs noted in the title. As noted
In our builds,
us-central1-docker.pkg.dev/serverless-runtimes/google-22-full/builder/python:python_20240708_RC00base image appears to be used. It's not entirely clear if/how this corresponds to the base images listedautomatic, so the expectation is that the rollout of patched images should not require manual deployment/intervention.Is there a way to specify the base image to be used in CF builds or force it to use the latest? We would like to get this patched as soon as possible given the critical rating of
CVE-2024-24790.Thank you.