After about a year, a litany of issues with:
OpenSSL, krb5, ldap, curl
Have appeared. They don't generally seem to effect the exposed interfaces though, cargo audit tells a more meaningful story there.
Krb5 and LDAP are unconfigured, unused. Possibly these can be blacklisted, or use an image that doesn't incorporate them.
Curl is only used internally on a trusted interface (though with SSL anyway)
OpenSSL is used to initialize the system, but otherwise not on any data path.
On a similar note, npm audit and cargo audit are distant and not well-reported on for the image build.
After about a year, a litany of issues with:
OpenSSL, krb5, ldap, curl
Have appeared. They don't generally seem to effect the exposed interfaces though, cargo audit tells a more meaningful story there.
Krb5 and LDAP are unconfigured, unused. Possibly these can be blacklisted, or use an image that doesn't incorporate them.
Curl is only used internally on a trusted interface (though with SSL anyway)
OpenSSL is used to initialize the system, but otherwise not on any data path.
On a similar note, npm audit and cargo audit are distant and not well-reported on for the image build.