Hi Ke,

Some of these vulnerabilities are in upstream communities.  We typically try our best to address them, but some of them will require getting a fix pushed to the upstream codebase itself.  As Juana says, if you can open issues, we'd be happy to take a look and if the community is interested, push a fix upstream.

Thanks,
Sherard

On Thu, Aug 13, 2020 at 3:21 PM Juana Nakfour <jnakfour@redhat.com> wrote:
Hi Ke,

For reporting vulnerability in components included in ODH please open an issue at the component github (or follow any other guidelines they have)  and point to it in another issue you open in ODH. For any OCP security issues please follow Red Hat guidelines listed here: https://access.redhat.com/security/team/contact

Juana

On Thu, Aug 13, 2020 at 2:05 PM Ke Zhu - kzhu@us.ibm.com <kzhu@us.ibm.com> wrote:
I’m interested in adopting OpenDataHub for curious on methods/tool/process on vulnerabilities detection/remediation/fixes for included components.

For example, given several Apache components in a deployed OpenDataHub including Airflow, Hive and Spark, if any high severity vulnerabilities are discovered  in libraries like JDK or nmm modules used by Airflow, what’s the suggested action? Or it can be included into the cloud platform like OpenShift?_______________________________________________
Users mailing list -- users@lists.opendatahub.io
To unsubscribe send an email to users-leave@lists.opendatahub.io
_______________________________________________
Users mailing list -- users@lists.opendatahub.io
To unsubscribe send an email to users-leave@lists.opendatahub.io


--
Thanks,
Sherard Griffin