New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Critical CVE-2022-37434 in zookeeper-operator image #508
Comments
AKamyshnikova
added a commit
to AKamyshnikova/zookeeper-operator
that referenced
this issue
Feb 24, 2023
To avoid security issues switch to usage of distroless image. Also bumped go version to 1.19 Fixes: pravega#508
AKamyshnikova
added a commit
to AKamyshnikova/zookeeper-operator
that referenced
this issue
Feb 24, 2023
To avoid security issues switch to usage of distroless image. Also bumped go version to 1.19 Fixes: pravega#508 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com>
AKamyshnikova
added a commit
to AKamyshnikova/zookeeper-operator
that referenced
this issue
Feb 24, 2023
To avoid security issues switch to usage of distroless image. Also bumped go version to 1.19 Fixes: pravega#508 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com>
AKamyshnikova
added a commit
to AKamyshnikova/zookeeper-operator
that referenced
this issue
Feb 24, 2023
To avoid security issues switch to usage of distroless image. Also bumped go version to 1.19 Fixes: pravega#508 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com>
anishakj
pushed a commit
that referenced
this issue
Mar 14, 2023
* Use distroless image for operator image To avoid security issues switch to usage of distroless image. Also bumped go version to 1.19 Fixes: #508 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Add user setting in Dockerfile Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Revert setting USER in Dockerfile Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Use cr.io/distroless/static-debian11 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Introduce DISTROLESS_DOCKER_REGISTRY arg Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Drop DISTROLESS_DOCKER_REGISTRY from Makefile Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> --------- Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
CVE checker in docker images reported Found CVE in zookeeper-operator image version 0.2.14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
Importance
must-have
Suggestions for an improvement
Build new image using latest updates.
The text was updated successfully, but these errors were encountered: