I.C.E.C

@rikatz @tomasAlabes The new 4.2.0 | v1.3.0 definitly looks better, but there is a new [CVE-2022-30065](https://nvd.nist.gov/vuln/detail/CVE-2022-30065) in there. In short : busybox (used in ssl_client, busybox) version 1.35.0-r14 has 1...

@tao12345666333 I found this https://github.com/alpinelinux/docker-alpine/issues/264#issuecomment-1189498803 which says the CVE-2022-30065 is still present in the 3.16.1 image also as per this https://github.com/alpinelinux/docker-alpine/issues/264#issuecomment-1189499568 alpine 3.16.1 is supposed to fix https://github.com/advisories/GHSA-gq73-rh3m-3php according to...

> We have updated to alpine v3.16.1 with patches for busybox & ssl_client. It will be released later. Sorry to ask like cause u guys are probably busy with other...

> @DataMinded true, security based fixes should be sooner than later. > > In this case, busybox itself is not directly in play while using ingress objects and also ssl_client...

Just as a note, the 4.2.1 release does not contain a fix for this

Just as a note, Release 4.2.2 & 4.2.3 still do NOT contain a fix for this CVE

The controller-v1.3.1 does not contain any CVE's according to Prisma Cloud , Yay Now we wait for a chart release

Guess we can close this issue now, controller-v1.3.1 / helm-chart-4.2.5 resolves the CVE's addressed in OP Thanks for all the help & comments

the 4.4.3 release is still beeing flaged by Prisma Cloud as a vulnerability sadly