Take latest Redis security vulnerability as and example to document how security fixes are applied to Stackspin
CVE-2022-0543 is a critical Redis vulnerability which only exists when running on non-patched Debian. We use Redis in Stackspin for Nextcloud and Zulip. Both time the bitnami chart + image is used, but neither the bitnami image history or the bitnami redis chart show any CVE references.
- Original website post about this CVE, published 2022-03-08 (in contrast to the date included in the URL).
so I'm releasing this post on 8/Mar/2022.
-
CVE-2022-0543 was published 2022-02-18
-
We got a MR for updating redis in wordpress, but apparently we don't use it ?
Edited by Varac