Update curl/libcurl in DAST validation runner to 8.4.0
Problem
curl will be releasing high severity patch on October 11, 2023 06:00 UTC
- Curl announcement about the issue https://github.com/curl/curl/discussions/12026
- Related to slack thread https://gitlab.slack.com/archives/C8S0HHM44/p1696841338761719
- Related issue: https://gitlab.com/gitlab-com/gl-security/security-department-meta/-/issues/1693
Curl is used by the DAST runner validation to verify that a customer has ownership of the target application prior to running an on-demand scan.
Proposal / Implementation plan
-
Upgrade DAST validation runnner curl -
Upgrade DAST validation runner base image version to a more recent version of Alpine -
Release DAST validation runner
Edited by Cameron Swords