application-gateway-kubernetes-ingress icon indicating copy to clipboard operation
application-gateway-kubernetes-ingress copied to clipboard

Published 20 hours ago verified publisher icon Azure

Manually updating package versions.

Open malecov opened this issue 2 years ago • 1 comments

Discussed in https://github.com/Azure/application-gateway-kubernetes-ingress/discussions/1522

Originally posted by malecov March 22, 2023 Good Day Everyone. Would like to ask if it is possible to update the package versions inside the project to accommodate security alerts? I am new to this stuff (installed the ingress-azure v1.6.0 via helm) and was encountering security alerts for the following:

  • https://nvd.nist.gov/vuln/detail/CVE-2022-21698
  • https://nvd.nist.gov/vuln/detail/CVE-2023-0286
  • https://nvd.nist.gov/vuln/detail/CVE-2022-41723
  • https://nvd.nist.gov/vuln/detail/CVE-2022-27664

malecov avatar Mar 23 '23 18:03 malecov

For https://nvd.nist.gov/vuln/detail/CVE-2022-21698, please update prometheus/client_golang to version 1.11.1 or greater.

tobiasb-ms avatar Jan 31 '24 02:01 tobiasb-ms