From 5aca81263d35f983e551fa789663dd8d9d3e40fa Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Fri, 22 Nov 2024 13:04:37 -0500 Subject: [PATCH] Backport of Add alpine image cves to suppress list into release/1.20.x (#21970) backport of commit 82857bb91e23cf2b9a0670739dbb905a6d8d240e Co-authored-by: Sarah Alsmiller --- .release/security-scan.hcl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 20c105f3b4..f690cbe906 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -39,6 +39,11 @@ container { vulnerabilities = [ "CVE-2024-8096", # curl@8.9.1-r2, "CVE-2024-9143", # openssl@3.3.2-r0, + "CVE-2024-3596", # openssl@3.3.2-r0, + "CVE-2024-2236", # openssl@3.3.2-r0, + "CVE-2024-26458", # openssl@3.3.2-r0, + "CVE-2024-2511", # openssl@3.3.2-r0, + #the above can be resolved when they're resolved in the alpine image ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*",