Bump Go Version for CVE Fixes?
sharunjoshi opened this issue · 5 comments
Hi,
We are seeing the following CVE's while scanning the livenessprobe container for security issues.
CVE-2022-30631
CVE-2022-30633
CVE-2022-30632
CVE-2022-30630
CVE-2022-28131
CVE-2022-32189
CVE-2022-30580
CVE-2022-30635
CVE-2022-24675
CVE-2022-28327
CVE-2022-1962
CVE-2022-32148
CVE-2022-1705
CVE-2022-30629
Is there a plan to resolve these security issues? If you could provide mitigation steps or timelines when this would be resolved. Thanks!
Any updates for bumping the go version to fix the CVE's?
Any updates?
Any updates?
The v2.8.0 image should be available once kubernetes/k8s.io#4395 is merged, it has CVE fixes.
Tested that the image is available with docker pull k8s.gcr.io/sig-storage/livenessprobe:v2.8.0