-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security: Track Possible Image Vulnerabilities #568
Comments
helm/helm#10717 tracks the containerd |
Artifacthub.io shows issues with the base image (busybox) and a few of our deps (etcd, contained, docker) |
@Kiran-38 Thank you for the report , The storage PR will deprecate the old etcd dependency :) chartmuseum/storage#649 |
@scbizu Thank you for the response. Can we have any date of fix for the etcd, or this fix will be in this version 0.15.0 or later. please let us know. |
Hi, I see there is a branch dependabot created already to fix this can you merge with the main branch so that I can use it. |
@scbizu Thank you for the quick fix. It means a lot. Keep up the great work. |
Hi @scbizu, there are few vulnerability found in building chartmuseum. please find below list. github.com/containerd/containerd-v1.6.3 |
@Kiran-38 ok , I will check it |
Thanks for the quick fix, I just wanted to know is there any latest release planned with this fix. As the fix is still in main branch, or if there is any tentative date to be released. |
@cbuto @jdolitsky Can you please update all the current Vulnerability fix in any latest release. As there has been a while, if there is any latest release been planned can you please give any date. That will help alot to users like us. |
@cbuto @jdolitsky apologies for the tag, do we know when a new release is planned? |
@macox hi , we already open the automated dependabot PRs , and if you want the new release with these PRs , you can try our |
Thanks for your reply @scbizu, sorry I didn’t mean a release for every vulnerability. I was just wondering if a release was planned and if current open dependabot PRs could be merged and included in it. |
Here will be a long issue track possible image vulnerabilities or CVEs reported by the community or our dependabot .
The text was updated successfully, but these errors were encountered: