indigo-iam/iam: INDIGO Identity and Access Management v1.13.4-2
Authors/Creators
-
Agostini, Federica1
-
Balci, Berk2
-
Caberletti, Marco
-
Ceccanti, Andrea
- Chung, Donald3
-
Dack, Thomas3
- Furnell, Will3
- Garai, Manoj3
-
Gasparetto, Jacopo1
-
Giacomini, Francesco1
- Glendenning, Sam3
-
Machalet, Patrick2
-
Marcato, Davide4
-
Miccoli, Roberta1
-
Mutadich, Mia2
-
Short, Hannah2
- Vennapusa, Saiteja Reddy3
-
Vianello, Enrico1
- Vilaca, Marcelo1
- Zotti, Stefano Enrico1
- 1. INFN-CNAF
- 2. CERN
- 3. STFC
- 4. INFN Laboratori Nazionali di Legnaro
Description
What's Changed
A new Docker image has been rebuilt to address operating system–level security vulnerabilities, including CVE-2025-15467 affecting OpenSSL.
There are no application code changes in this release. The update consists solely of a refreshed base image and OS security patches.
Please note that severity assessments for CVE-2025-15467 vary across sources (e.g., CVSS scores and vendor advisories), depending on the scoring methodology and exploitability assumptions used. Regardless of these differences, the image has been rebuilt to ensure the latest available security fixes are applied.
Note: users deploying the software via RPM packages are not affected by this Docker image update; however, upgrading to a patched OpenSSL version is still strongly recommended.
New image tag: v1.13.4-2
The Docker image cnafsd/nginx-httpg-voms with the patch to NGINX that enables basic support for HTTPG has been updated too. This image patches the NGINX version 1.28.2 and its tag is v1.28.2-1.2.2`
Files
indigo-iam/iam-v1.13.4-2.zip
Files
(5.4 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:f91b209db21b80e7eee0693d4ccb6495
|
5.4 MB | Preview Download |
Additional details
Related works
- Is supplement to
- Software: https://github.com/indigo-iam/iam/tree/v1.13.4-2 (URL)
Software
- Repository URL
- https://github.com/indigo-iam/iam