pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard
verified publisher icon apache

[Security] v2.10.2 contains 35 fixable vulnerabilities

Open hpvd opened this issue 3 years ago • 0 comments

Search before asking

  • [X] I searched in the issues and found nothing similar.

Version

v2.10.2

Minimal reproduce step

look into trivy powered inspection for vulnerabilities at artifacthub.io https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report

open details of in the latest helm chart v3.0.0 included pulsar v2.10.2 image

What did you expect to see?

very few fixable vulnerabilities, since v2.10.2 was released just 8 days ago https://github.com/apache/pulsar/releases

What did you see instead?

  • 72 vulnerabilities have been detected in the image
  • 35 of these should be fixable (most with a version bump of dependencies)

2022-11-04_17h06_11

2022-11-04_17h03_17

Anything else?

  • this is related to https://github.com/apache/pulsar/issues/18338
  • this is a follow up of https://github.com/apache/pulsar/issues/18041
  • this is part of https://github.com/apache/pulsar-helm-chart/issues/334

Are you willing to submit a PR?

  • [ ] I'm willing to submit a PR!

hpvd avatar Nov 04 '22 16:11 hpvd