I am one of the potential licence user and using version 2022.3.10692 image, which is having 259 vulnerabilities. Can you please provide the valid justifications for critical and high severity, so that we can proceed further.
Thanks for the query around vulnerabilities in the recent version of Octopus.
Firstly I would point you to our CVE site where we generate and maintain all vulnerabilities in our Octopus products:
We are very proactive with any security issues in our product so if you can send us a report from your scanning software we can definitely take a look and see if we need to take any action.
For more recent issues we have dealt with see this site we maintain for our customers:
As for certification and secure practices in our product we have various certifications in place:
Let us know if we can help further.
Thanks for the reply. Can you please share the email id where I can reach out with my report from my professional id.
I noticed you put up this forum post and you have the one here too where you are asking about base images we use for our Octopus releases. I hope you don’t mind but I put two and two together and I hope my answer in that post answers your question here.
Please feel free to take a look at that post (also for anyone else asking this question head over to that post for the answer) and see what you think.
You can always email firstname.lastname@example.org to send us any files you want or you can request a link to our secure file share where you can upload the files to and we can get the link sent to you on this forum post.
I will note though that other post goes into detail about the fact we do not backport OS patches to earlier Octopus versions so you would need to either have a regular upgrade cadence to get the latest OS patches or have your own custom Octopus container based off of our image and run some bash commands to keep that container updated.
We are unable to backport any OS updates to earlier versions I am afraid so those are your only options when it comes to making sure you stay up to date with any vulnerabilities.