Security Updates

Portal container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.1.x Gloo Portal Release: v1.1.0

Gloo Portal gloo-portal-controller image

No scan found

Gloo Portal gloo-portal-admin-envoy image

No scan found

Gloo Portal gloo-portal-admin-server image

No scan found

Gloo Portal gloo-portal-admin-ui image

No scan found

Latest 1.0.x Gloo Portal Release: v1.0.4

Gloo Portal gloo-portal-controller image

No scan found

Gloo Portal gloo-portal-admin-envoy image

No scan found

Gloo Portal gloo-portal-admin-server image

No scan found

Gloo Portal gloo-portal-admin-ui image

No scan found

Release v1.0.3

Gloo Portal gloo-portal-controller image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712

No Vulnerabilities Found for package-lock.json Vulnerability ID|Package|Severity|Installed Version|Fixed Version|Reference —|—|—|—|—|— CVE-2020-26160|github.com/dgrijalva/jwt-go|HIGH|v3.2.0+incompatible||https://avd.aquasec.com/nvd/cve-2020-26160 CVE-2019-12995|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.2|https://avd.aquasec.com/nvd/cve-2019-12995 CVE-2019-14993|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.4|https://avd.aquasec.com/nvd/cve-2019-14993

Gloo Portal gloo-portal-admin-envoy image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.3 (alpine 3.13.4) No Vulnerabilities Found for package-lock.json Vulnerability ID|Package|Severity|Installed Version|Fixed Version|Reference —|—|—|—|—|— CVE-2020-26160|github.com/dgrijalva/jwt-go|HIGH|v3.2.0+incompatible||https://avd.aquasec.com/nvd/cve-2020-26160

Gloo Portal gloo-portal-admin-ui image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22924 curl HIGH 7.74.0-r1 7.78.0-r0 https://avd.aquasec.com/nvd/cve-2021-22924
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22924 libcurl HIGH 7.74.0-r1 7.78.0-r0 https://avd.aquasec.com/nvd/cve-2021-22924
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518

Release v1.0.2

Gloo Portal gloo-portal-controller image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139

No Vulnerabilities Found for package-lock.json Vulnerability ID|Package|Severity|Installed Version|Fixed Version|Reference —|—|—|—|—|— CVE-2020-26160|github.com/dgrijalva/jwt-go|HIGH|v3.2.0+incompatible||https://avd.aquasec.com/nvd/cve-2020-26160 CVE-2019-12995|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.2|https://avd.aquasec.com/nvd/cve-2019-12995 CVE-2019-14993|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.4|https://avd.aquasec.com/nvd/cve-2019-14993

Gloo Portal gloo-portal-admin-envoy image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.2 (alpine 3.13.4) No Vulnerabilities Found for package-lock.json Vulnerability ID|Package|Severity|Installed Version|Fixed Version|Reference —|—|—|—|—|— CVE-2020-26160|github.com/dgrijalva/jwt-go|HIGH|v3.2.0+incompatible||https://avd.aquasec.com/nvd/cve-2020-26160

Gloo Portal gloo-portal-admin-ui image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518

Release v1.0.1

Gloo Portal gloo-portal-controller image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139

No Vulnerabilities Found for package-lock.json Vulnerability ID|Package|Severity|Installed Version|Fixed Version|Reference —|—|—|—|—|— CVE-2019-12995|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.2|https://avd.aquasec.com/nvd/cve-2019-12995 CVE-2019-14993|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.4|https://avd.aquasec.com/nvd/cve-2019-14993

Gloo Portal gloo-portal-admin-envoy image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.1 (alpine 3.13.4) No Vulnerabilities Found for package-lock.json No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518

Release v1.0.0

Gloo Portal gloo-portal-controller image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139

No Vulnerabilities Found for package-lock.json Vulnerability ID|Package|Severity|Installed Version|Fixed Version|Reference —|—|—|—|—|— CVE-2019-12995|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.2|https://avd.aquasec.com/nvd/cve-2019-12995 CVE-2019-14993|istio.io/istio|HIGH|v0.0.0-20210423173126-13fb8ac89420|v1.2.4|https://avd.aquasec.com/nvd/cve-2019-14993

Gloo Portal gloo-portal-admin-envoy image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.0 (alpine 3.13.4) No Vulnerabilities Found for package-lock.json No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518