Comments (2)
This upgrade is needed as it is being flagged by security scanners. The sooner it can be updated the better!
from amazon-linux-2023.
I could confirm the same behaviour on my end on AL2023
sh-5.2$ /usr/sbin/nginx -v
nginx version: nginx/1.24.0
sh-5.2$ nginx -v
nginx version: nginx/1.24.0
I can see that Nginx is still being actively updated with security patches until 2028-03-15 [1] as such the security of Nginx 1.24 should not be a concern.
You can find the same information with regards to the security patches provided by AWS here [2]:
Q: Why does a security scanner report an unfixed CVE in an Amazon Linux package when an Amazon Linux Security Advisory claims the CVE to be fixed in that version?
A: Amazon Linux, like most Linux distributions, routinely backports security fixes to stable package versions vended in its repositories. When these packages are updated with a backport, the Amazon Linux security bulletin for the particular issue will list the specific package version(s) in which the issue is fixed for Amazon Linux. Security scanners that rely on versioning from a project’s authors sometimes won’t pick up that a given CVE fix has been applied in an older version. Customers can refer to Amazon Linux Security Center (ALAS) for updates regarding security issues and fixes.
References:
[1] https://docs.aws.amazon.com/linux/al2023/release-notes/support-info-by-support-statement.html#support-info-by-support-statement-eol_nginx
[2] https://aws.amazon.com/linux/amazon-linux-2023/faqs/
from amazon-linux-2023.
Related Issues (20)
- [Missing Documentation] - DockerHub vs ECR gallery discrepancies HOT 3
- [Package Request] - Node v22
- WebDav/DavFS and "neon" library are not on AL2023
- [Package Request] - Amazon Redshift ODBC Driver
- [Bug] - updating aws-cfn-bootstrap HOT 9
- [Package Request] - below HOT 10
- [Package Request] - postgis/postgis-util
- [Package Request] - Kernel backport of 3584718cf2ec bugfix status HOT 4
- [Bug] - AttributeError: module 'libdnf.conf' has no attribute 'ConfigParser_substitute' in python3-dnf-plugin-post-transaction-actions-4.1.0-1.amzn2023.0.2.noarch
- [Package Request] - glpk
- Lambda Insights
- libnsl.so.1 for AL2023 HOT 4
- [Bug] - rsyslog.service: Failed with result 'core-dump'. HOT 1
- [Package Request] - munin-node
- [Bug] - Exported disk image of AL2023 not recognizing keyboard actions in Redhat Virtualization HOT 7
- [Package Request] - Pacemaker, corosync
- [Package Request] - DRBD
- [Bug] - CVE-2024-6387 affecting openssh-8.7p1 used in AL2023 HOT 4
- [Feature Request] - libvips
- [Package Request] - libvips
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amazon-linux-2023.