You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Release of version v0.16.2 run under Ubuntu 22.04.4 LT contains several vulnerabilities
Some vulnerabilities can be fixed by upgrading the version of affected packages as below.
as requirement of our security remediating process in our org, we would like to report vulnerabilities for this version (though we will follow your release process)
Those CVEs come from Red Hat's UBI 9 base image and they are present even in the latest tag (9.5) which device plugin uses indirectly. Red Hat also states in the VEX for the image they won't be fixing most of those OpenSSL CVEs (which are all low anyhow).
That makes sense. I'm curious though, why not just assemble these go binaries on a scratch image? Is it essential to derive the Docker build from UBI9?
Release of version v0.16.2 run under Ubuntu 22.04.4 LT contains several vulnerabilities
Some vulnerabilities can be fixed by upgrading the version of affected packages as below.
as requirement of our security remediating process in our org, we would like to report vulnerabilities for this version (though we will follow your release process)
<style> </style>The text was updated successfully, but these errors were encountered: