[Security] v2.10.2 contains up to 9 year old vulnerabilities/CVEs -> get rid of the oldest

[hpvd]

Search before asking

• [X] I searched in the issues and found nothing similar.

Version

latest v2.10.2

Minimal reproduce step

1. look into trivy powered inspection for vulnerabilities at artifacthub.io https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report

2. open details of in the latest helm chart v3.0.0 included pulsar v2.10.2 image

3. see details:

What did you expect to see?

no fixable vulnerabilities (with severity greater than low) older than some month in latest pulsar image. At the very least, non older than 1 year

What did you see instead?

fixable and reported vulnerabilities

• of severity CRITICAL with an age of 5 years
• severity MEDIUM with an age of 9 years

reports see: https://github.com/apache/pulsar/issues/8967

Anything else?

these old security issues are not only a security problem but may also give bad impression for the importance of security in our project (since we are today already doing great things in this field, this may lead to a false impression)

of course it makes sense to solve all fixable vulnerabilities, but these 3 may be the most hurting ones, and for fixing all, there is another topic..https://github.com/apache/pulsar/issues/18348

Are you willing to submit a PR?

• [ ] I'm willing to submit a PR!