CVE-2024-45338

[kamkaur30]

We would need to have the CVE mitigated. Would it be possible to get new release with updated go versions?

[kamkaur30]

@jsafrane Could you please help on this?

[andyzhangx]

@jsafrane would you cut a new release soon? thanks.

[andyzhangx]

wait, let me merge this PR: https://github.com/kubernetes-csi/csi-release-tools/pull/274, and then update the csi-release-tools in this repo first.

[andyzhangx]

this PR should be merged first: https://github.com/kubernetes-csi/livenessprobe/pull/350

[SUNNUWORKS]

Hey @jsafrane, following up on @kamkaur30, please share an update on this?

[andyzhangx]

@jsafrane can we cut a new release this month? it's clear now

# trivy image gcr.io/k8s-staging-sig-storage/livenessprobe:canary
2025-05-27T08:49:00.561Z        INFO    Vulnerability scanning is enabled
2025-05-27T08:49:00.561Z        INFO    Secret scanning is enabled
2025-05-27T08:49:00.561Z        INFO    If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2025-05-27T08:49:00.561Z        INFO    Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection
2025-05-27T08:49:01.309Z        INFO    Detected OS: debian
2025-05-27T08:49:01.309Z        INFO    Detecting Debian vulnerabilities...
2025-05-27T08:49:01.309Z        INFO    Number of language-specific files: 1
2025-05-27T08:49:01.309Z        INFO    Detecting gobinary vulnerabilities...

gcr.io/k8s-staging-sig-storage/livenessprobe:canary (debian 12.11)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

[jsafrane]

registry.k8s.io/sig-storage/livenessprobe:v2.16.0 is out

/close

[k8s-ci-robot]

@jsafrane: Closing this issue.

In response to this:

registry.k8s.io/sig-storage/livenessprobe:v2.16.0 is out

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.