To receive fixes for security vulnerabilities it is required to always upgrade to the latest version of the respective Dockerfile present in the docker_exec_phusion folder or any folder prefixed with co_execenv_. See https://github.com/openHPI/dockerfiles/tree/main for the latest versions.

If you have found a vulnerability or you are uncertain whether what you have discovered is a vulnerability, please send an email to [email protected] (GPG Key).

If you have a patch for the issue please use git format-patch and attach it to the email. Please do not open an issue or pull request on GitHub as that may disclose sensitive details around the vulnerability.