Skip to content

chore(deps): update redis:7.2.11-alpine docker digest from 7.2.11 to v (docker-compose.yml) #13399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 15, 2025
Merged

chore(deps): update redis:7.2.11-alpine docker digest from 7.2.11 to v (docker-compose.yml) #13399

merged 1 commit into from
Oct 15, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 10, 2025

This PR contains the following updates:

Package Update Change
redis digest cd3e4db -> 1a34bdb

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Oct 10, 2025
@renovate renovate bot requested review from Maffooch and mtesauro as code owners October 10, 2025 22:18
@dryrunsecurity
Copy link

dryrunsecurity bot commented Oct 10, 2025

DryRun Security

This pull request includes a docker-compose change that pins the redis service to version 7.2.11-alpine, which is known to be vulnerable to CVE-2025-49844 (critical, CVSS 9.9) allowing an authenticated user to execute crafted Lua scripts and potentially compromise the instance. Consider upgrading to a patched Redis release or removing the vulnerable pin to mitigate this high-severity issue.

Use of Outdated Component with Known Vulnerabilities in docker-compose.yml
Vulnerability Use of Outdated Component with Known Vulnerabilities
Description The redis service in docker-compose.yml is pinned to version 7.2.11-alpine. This version of Redis is affected by CVE-2025-49844, a critical vulnerability (CVSS 9.9). This vulnerability allows an authenticated user to execute a specially crafted Lua script, leading to potential compromise of the Redis instance.

django-DefectDojo/docker-compose.yml

Lines 132 to 135 in 765fd55

image: redis:7.2.11-alpine@sha256:1a34bdba051ecd8a58ec8a3cc460acef697a1605e918149cc53d920673c1a0a7
volumes:
- defectdojo_redis:/data
volumes:

All finding details can be found in the DryRun Security Dashboard.

mtesauro
mtesauro approved these changes Oct 11, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 97f1069 into dev Oct 15, 2025
148 checks passed
@renovate renovate bot deleted the renovate/redis-7.2.11-alpine branch November 3, 2025 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file docker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mtesauro @Maffooch