This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Security

    Base Image Updates & Supply Chain Security

    Upstream image links for templates are updated periodically. These images might not include the very latest security patches right away. If you need updates sooner, apply updates by yourself, e.g.,

    sudo apt-get update
sudo apt-get dist-upgrade

    sudo softwareupdate --install --all

# For a specific update
softwareupdate --list
sudo softwareupdate --install "Name of the Update"

    Alternatively , you can set the upgradePackages in your template to true for most Linux distributions (except alpine-iso, for example).

    ⚠️ Rapidly updating can reduce exposure to known CVEs, but it can also increase exposure to upstream supply chain compromises (for example, the XZ backdoor).

    Security model

    See https://github.com/cncf/tag-security/blob/main/community/assessments/projects/lima/self-assessment.md.

    Reporting vulnerabilities

    See https://github.com/lima-vm/.github/blob/main/SECURITY.md.

    Past vulnerabilities

    See https://github.com/lima-vm/lima/security.