-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2.2.0-eks-1-18-5 has 1 High + 15 others vulnerabilities #116
Comments
Here is the base image we use: https://github.com/kubernetes-csi/livenessprobe/blob/master/Dockerfile#L15 Can you try pulling the 2.3.0 tag from |
Thanks @msau42 for the prompt response. I can confirm I assumed this was somehow using v.2.2.0 as the base image and vulnerability may be coming from there, but I guess I was wrong. Sorry for the confusion. Please feel free to close this. |
Thanks for confirming! /close |
@msau42: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1d60e77 Merge pull request kubernetes-csi#131 from pohly/kubernetes-1.20-tag 9f10459 prow.sh: support building Kubernetes for a specific version fe1f284 Merge pull request kubernetes-csi#121 from kvaps/namespace-check 8fdf0f7 Merge pull request kubernetes-csi#128 from fengzixu/master 1c94220 fix: fix a bug of csi-sanity a4c41e6 Merge pull request kubernetes-csi#127 from pohly/fix-boilerplate ece0f50 check namespace for snapshot-controller dbd8967 verify-boilerplate.sh: fix path to script 9289fd1 Merge pull request kubernetes-csi#125 from sachinkumarsingh092/optional-spelling-boilerplate-checks ad29307 Make the spelling and boilerplate checks optional 5f06d02 Merge pull request kubernetes-csi#124 from sachinkumarsingh092/fix-spellcheck-boilerplate-tests 48186eb Fix spelling and boilerplate errors 71690af Merge pull request kubernetes-csi#122 from sachinkumarsingh092/include-spellcheck-boilerplate-tests 981be3f Adding spelling and boilerplate checks. 2bb7525 Merge pull request kubernetes-csi#117 from fengzixu/master 3b6d17b Merge pull request kubernetes-csi#118 from pohly/cloud-build-timeout 9318c6c cloud build: double the timeout, now 1 hour 4ab8b15 use the tag to replace commit of csi-test 5d74e45 change the csi-test import path to v4 7dcd0a9 upgrade csi-test to v4.0.2 86ff580 Merge pull request kubernetes-csi#116 from andyzhangx/export-image-name c3a9662 allow export image name and registry name git-subtree-dir: release-tools git-subtree-split: 1d60e7792624a9938c0bd1b045211fbb89e513d6
Good afternoon,
I pulled and pushed v2.2.0-eks-1-18-5 into an ECR repository in my personal account, and I noticed it has 1 High + 15 others vulnerabilities. I see this also happens for v2.2.0-eks-1-20-1.
Some of these vulnerabilities are:
Would it be possible to release a new image anytime soon that addresses these vulnerabilities? Would you like me to take a look at this myself and submit a PR?
Thanks!
The text was updated successfully, but these errors were encountered: