Selfhosted

60177 readers

837 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Vulnerabilities on Dockerhub (lemmy.ml)

submitted 22 hours ago by _Nemo_@lemmy.ml to c/selfhosted@lemmy.world

8 comments fedilink hide all child comments

Apologies if this is a rookie question, but I keep wondering what the vulnerabilities section on DockerHub is trying to tell me. Take nextcloud images for instance: The most current images seem to list 3 critical and 22 severe vulnerabilities. Does that mean those vulns are part of the image? If so, why would anyone want to run this?

you are viewing a single comment's thread
view the rest of the comments

[–] irmadlad@lemmy.world 8 points 21 hours ago

Apologies if this is a rookie question

That's not a rookie question at all, and actually shows you're paying attention to what you are deploying on your server.....which is what you should be doing. In addition to what others have said so far, images like Nextcloud are often updated quickly, but scans lag in reality. A critical label reflects known vulnerabilities in a version, but not necessarily 'this instance is definitely compromised.'