Problem Statement

Quorum currently uses:

• Older go-ethereum versions with known security vulnerabilities
• Go 1.21 (older version)
• Alpine Linux base image without recent security patches

Proposed Solution

We propose upgrading to:

• go-ethereum v1.13.15 - Resolves 10 tracked security vulnerabilities
• Go 1.24 - Latest stable Go version with security improvements
• Alpine Linux 3.20 with security patches for:
  • busybox (CVE fixes)
  • OpenSSL 3.3.2-r0+
  • curl 8.9.0-r0+
  • musl 1.2.5-r1+

Benefits

1. Security: Addresses multiple CVEs and security advisories
2. Stability: Latest stable versions of dependencies
3. Long-term maintainability: Keeps Quorum current with security best practices
4. Backward compatible: No breaking changes to Quorum functionality

Implementation

The Microsoft Blockchain Team has a PR ready with these changes including:

• go-ethereum v1.13.15 upgrade with security fixes
• Snap protocol handler fixes
• Trie vulnerability fixes
• Dockerfile updates with Alpine security patches
• Go 1.24 build environment

Would the team be interested in this contribution?