You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
Do you have an upgrade strategy related to vpp?
What is the reason not to use latest release in govpp? (I am aware of possibility to change vpp version our-self)
The issue comes from a security vulnerability scan which report some risks for old third parties and old 3pp's of this 3pp 🥲
For example: mbedtls-devel package is a build dependency for currently used vpp version (on opensuse) and using mbedtls version 2.28.0. That contained a vulnerability which does not affect us but must be revealed and explained. The latest vpp version build does not depend on mbedtls.
Regards,
Laszlo
The text was updated successfully, but these errors were encountered:
Hello,
Do you have an upgrade strategy related to vpp?
What is the reason not to use latest release in govpp? (I am aware of possibility to change vpp version our-self)
The issue comes from a security vulnerability scan which report some risks for old third parties and old 3pp's of this 3pp 🥲
For example: mbedtls-devel package is a build dependency for currently used vpp version (on opensuse) and using mbedtls version 2.28.0. That contained a vulnerability which does not affect us but must be revealed and explained. The latest vpp version build does not depend on mbedtls.
Regards,
Laszlo
The text was updated successfully, but these errors were encountered: