Snyk Failures

Hello,
I started using that latest Alpine image (uploaded 16 days ago).
on Oct 31 it was fine, on Nov 2 Snyk failed with the following error:

✗ High severity vulnerability found in libx11/libx11
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-ALPINE318-LIBX11-6042398
Introduced through: libx11/libx11@1.8.4-r4, cairo/cairo@1.17.8-r1, libgdiplus/libgdiplus@6.1-r2
From: libx11/libx11@1.8.4-r4
From: cairo/cairo@1.17.8-r1 > libx11/libx11@1.8.4-r4
From: libgdiplus/libgdiplus@6.1-r2 > libx11/libx11@1.8.4-r4
and 4 more…
Image layer: Introduced by your base image (alpine:3.18.4)
Fixed in: 1.8.7-r0
​
If a fix is not available at the moment, please share the latest stable version, that fixed the DXF bug (unable to convert DXF files).
Thanks, Dani

@danibk,

Can you please share the API version you are currently utilizing? Additionally, it would be greatly appreciated if you could share a sample application that demonstrates the issue or provide step-by-step instructions to reproduce the reported issue. Your assistance is highly valued.

Im using the latest Alpine version.
Using the Swagger generated GO client, version “2.0”.

@danibk

Please share your GroupDocs.Conversion Cloud Docker version. And in reference to the DXF conversion issue, we resolved the DXF to PDF conversion issue in the recent past. However, if you are still facing the issue, then please share your input document and expected output format with us for investigation.

Im currently using the latest Alpine version (23.10 to my understanding). I managed to test 23.9 for DXF, but then you upgraded latest so it’s not available anymore.

I need a version with a fix for:

• DXF conversion bug-> Issue ID(s): CONVERSIONCLOUD-500 (DXF to PDF Conversion in GroupDocs.Conversion Cloud Docker throws internalError)
• password protected XLS and PPT bug → CONVERSIONCLOUD-507 (Can't convert password protected xls and ppt)

Both of those issues are supposed to be fixed in 23.9, but Im not sure about the Snyk issue.
can you provide an image with the two bugs fixed, and no vulnerability issues?

@danibk

We have logged a ticket CONVERSIONCLOUD-537 to investigate Snyk Failures. We will investigate and update you accordingly.

Can you please provide the image of 23.9, or another one that fixes the bugs I mentioned in the previous comment, and don’t have the Snyk problem?

We had a similar issue in the past, and you provided the 23.2 image in addition to the latest.

@danibk

I am afraid that, currently, we cannot provide an alpine based image, including the above mentioned bug fixes. Our base libraries have some issues in Alpine, but they work fine in Debian or Ubuntu. The ‘latest’ image is based on standard .net image from Microsoft and is based on Debian. We will provide an alpine based image as soon as the related tickets about alpine support are fixed.

Can you provide me 2.7-2.9 version? to my understating it’s got the fixes. we don’t need the separate Alpine one.

@danibk

We are looking into your requirements and will update you shortly.

@danibk

We have published the GroupDocs.Conversion Cloud Docker 23.9 image.

https://hub.docker.com/r/groupdocs/conversion-cloud/tags

Hi Tilal.
That did solve the Snyk problem.
but the bug mentioned here Can't convert password-protected .doc (CONVERSIONCLOUD-540) is also present.

So should I wait for the fix of both problems it newer versions?

@danibk

Yes, you need to wait for the newer versions for the fixes. as we only maintain a single code base.