Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

I am using the 2.18.3-python3.12 docker base image and am running a vulnerability scan against the image. It looks like there are a number of vulnerabilities in the linux distro coming from the `debian-linux` base image that's used by the prefect image. e.g:

<https://security-tracker.debian.org/tracker/CVE-2023-52760|CVE-2023-52760> in v6.1.85, fixed in 6.1.99

Is this a known issue / is there an expectation that these will be resolved? In the past I forked the prefect repo and created a custom image based on the alpine linux base image but that is a) a hassle and b) has proven problematic when trying to keep prefect up to date

What kind of vulnerabilities are you trying to protect from?
We keep prefect workers in an isolated network. I feel confident that infrastructure is reducing a lot risk in any vulnerability that linux kernel may contain.

we're hosting prefect workers in our GCP VPC and GCP has its own vulnerability detection system. I'm mostly trying to ensure that a) this infrastructure is protecting against those vulnerabilities or if not b) we're able to resolve them

the vulnerabilities are a security compliance question for us