operator-sdk
operator-sdk copied to clipboard
Published
20 hours ago •
operator-framework
operator-framework
Need upgraded version of below packages to resolve security vulnerabilities
Hi, we are currently using operator-sdk v1.39.0 as the base image to build our helm based operator. During our Security scan, we got below mentioned security vulnerabilities.
| cve | package | current version | fixedIn |
|---|---|---|---|
| CVE-2024-12797 | openssl-libs | 3.2.2-6.el9_5 | 3.2.2-6.el9_5.1 |
| CVE-2019-12900 | bzip2-libs | 1.0.8-8.el9 | 1.0.8-8.el9_4.1 |
| CVE-2020-11023 | libgcc | 11.5.0-2.el9 | 11.5.0-5.el9_5 |
| CVE-2020-11023 | libstdc++ | 11.5.0-2.el9 | 11.5.0-5.el9_5 |
Could not find these versions even in the latest release- v1.39.1
Can we know by when the new version of operator-sdk will be released with the upgraded version of this package?
