Hi everyone,We are using the latest RStudio Server RPM (studio-server-rhel-2025.09.2-418-x86_64.rpm )` in our Docker build process.
(https://posit.co/download/rstudio-server/)
When we run a vulnerability scan using Qualys, it is flagging approximately 30 vulnerabilities.
The majority of these vulnerabilities appear to be related to the bundled Go programming language standard library.
The Qulys scan Identified that these vulnerablities are coming from this path Go usr/lib/rstudio-server/bin/quarto/bin/tools/x86__64/esbuild
The suggested remediation is to upgrade the Go stdlib version from v1.20.12 to 1.24.9 (or a more recent patched version).
We would appreciate assistance in addressing these issues.Below are few CVE IDs reported by our scans:
CVE-2025-61723, CVE-2025-58189, CVE-2025-58187,CVE-2025-47906