Just some additional info 1. We pull jupyter/datascience-notebook:latest as "Base" image in our DOCKERFILE which is for our custom Jupyter configuration and deployment 2. We deploy the image above in our internal collaboration environment for notebook usage.
Hence, my concern is that by rebuilding image at #1 above, we might not be pulling the latest "minimal-notebook" base image - or rather, I don't know if we would On Sunday, 5 June 2022 at 17:33:09 UTC+1 M. Manna wrote: > Hi, > > With regards to the Subjet CVEs – we’re currently using jupyter Docker > Stacks. To be precise, we’re using the latest of datascience-notebook > docker image. > > > > My questions are: > > > > 1. If we pull the latest image to configure our Jupyter environment, > would that remediate the issue? > 1. I can see that the latest base image is recommended, but not > sure if that would actually be pulled - > > https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55 > 2. If not, could you kindly recommend what to do here? > > Thanks in advance for the kind consideration. > > Regards, > M. Manna > -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/0ad5f237-94e4-429d-9d2b-94c29ae403dan%40googlegroups.com.
