operator-sdk icon indicating copy to clipboard operation
operator-sdk copied to clipboard

Published 20 hours ago verified publisher icon operator-framework

Need upgraded version of below packages to resolve security vulnerabilities

Open sivani01 opened this issue 9 months ago • 3 comments
trafficstars

Hi, we are currently using operator-sdk v1.39.0 as the base image to build our helm based operator. During our Security scan, we got below mentioned security vulnerabilities.

cve package current version fixedIn
CVE-2024-12797 openssl-libs 3.2.2-6.el9_5 3.2.2-6.el9_5.1
CVE-2019-12900 bzip2-libs 1.0.8-8.el9 1.0.8-8.el9_4.1
CVE-2020-11023 libgcc 11.5.0-2.el9 11.5.0-5.el9_5
CVE-2020-11023 libstdc++ 11.5.0-2.el9 11.5.0-5.el9_5

Could not find these versions even in the latest release- v1.39.1

Can we know by when the new version of operator-sdk will be released with the upgraded version of this package?

sivani01 avatar Feb 07 '25 10:02 sivani01

@acornett21 , any update on when a new version of operator-sdk might be released with the upgraded versions of the mentioned packages?

sivani01 avatar Feb 24 '25 11:02 sivani01

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar May 26 '25 01:05 openshift-bot

👀

lodotek avatar Jun 12 '25 16:06 lodotek

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Jul 13 '25 00:07 openshift-bot

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-bot avatar Aug 12 '25 08:08 openshift-bot

@openshift-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci[bot] avatar Aug 12 '25 08:08 openshift-ci[bot]