Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi Team - We noticed in prefecthq/prefect:2.10.20-python3.10 and prefecthq/prefect:2.17.1-python3.10 contains a critical vulnerability in zlib.
<https://security-tracker.debian.org/tracker/CVE-2023-45853>

Can we upgrade zlib to this version? 1:1.3.dfsg-3

We are using the Prefect images as our base image.

hi <@U02U61Q47QR> - thanks for the report! looking into this

hi <@U02U61Q47QR> - I do see that the version listed as vulnerable is installed on prefect images

however it seems like this version is coming from the `python:{MINOR}-slim` base images that our images are built `FROM`.

&gt; Can we upgrade zlib to this version? 1:1.3.dfsg-3
Have you encountered any issues while trying to do this?

Hi <@U02GMEZU18B> - I wasn't able to upgrade to the latest version which is on linux release trixie or sid.  I think this is due to being on the bookworm release.

The python image may need to be updated first.