PDP-1681 - Release 2.1.3

[benjben]

$ snyk container test --app-vulns snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless

Testing snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless...

✗ Low severity vulnerability found in glibc/libc6
  Description: Out-of-Bounds
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Uncontrolled Recursion
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Use of Insufficiently Random Values
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Information Exposure
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: CVE-2019-1010023
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Uncontrolled Recursion
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Resource Management Errors
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: Use After Free
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10

✗ Low severity vulnerability found in glibc/libc6
  Description: CVE-2025-0395
  Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-8658670
  Introduced through: glibc/[email protected]+deb11u10
  From: glibc/[email protected]+deb11u10



Organization:      benjamin.benoist
Package manager:   deb
Project name:      docker-image|snowplow/elasticsearch-loader
Docker image:      snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless
Platform:          linux/amd64
Licenses:          enabled

Tested 4 dependencies for known issues, found 10 issues.

Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice.
Example: $ snyk container test snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless --file=path/to/Dockerfile

To remove this message in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless...

Tested 113 dependencies for known issues, found 6 issues.


Issues to fix by upgrading:

  Upgrade org.typelevel:[email protected] to org.typelevel:[email protected] to fix
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGTYPELEVEL-2331744] in org.typelevel:[email protected]
    introduced by org.typelevel:[email protected]


License issues:

  ✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.pureconfig:pureconfig_2.12:MPL-2.0] in com.github.pureconfig:[email protected]
    introduced by com.github.pureconfig:[email protected]

  ✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.pureconfig:pureconfig-generic_2.12:MPL-2.0] in com.github.pureconfig:[email protected]
    introduced by com.github.pureconfig:[email protected]

  ✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.pureconfig:pureconfig-generic-base_2.12:MPL-2.0] in com.github.pureconfig:[email protected]
    introduced by com.github.pureconfig:[email protected]

  ✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.pureconfig:pureconfig-enumeratum_2.12:MPL-2.0] in com.github.pureconfig:[email protected]
    introduced by com.github.pureconfig:[email protected]

  ✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.pureconfig:pureconfig-core_2.12:MPL-2.0] in com.github.pureconfig:[email protected]
    introduced by com.github.pureconfig:[email protected]



Organization:      benjamin.benoist
Package manager:   maven
Target file:       /opt/snowplow/lib
Project name:      snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless:/opt/snowplow/lib
Docker image:      snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless
Licenses:          enabled

Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice.
Example: $ snyk container test snowplow/elasticsearch-loader:2.1.2-2-078b46c5-distroless --file=path/to/Dockerfile

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

[oguzhanunlu]

All good except release date in README, thanks!