The Authelia Docker Image tagged under latest didn’t receive an update over an year, i only see the newest beta releases being updated. Is that a problem security wise, or is it fine letting that run until the next release?

  • khorak@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    10 months ago

    The problem is, the libraries and SDK used to build the app will have had vulnerabilities for sure. Same for the underlying image (unless scratch / distroless). We run extensive vulnerability scanning in our pipelines, and Go libs occasionally pop up. The Go SDK also had multiple security fixes in the last year.