operator-sdk icon indicating copy to clipboard operation
operator-sdk copied to clipboard
verified publisher icon operator-framework

Need upgraded version of go

Open sivani01 opened this issue 8 months ago • 5 comments

Hi,

we are currently using operator-sdk v1.39.0 as the base image to build our operator. During our Security scan as per the CVE (CVE-2025-22871) a vulnerability was reported asking to upgrade to go v1.24.2.

Can we know when a new version of operator-sdk will be released with the required version of go?

sivani01 avatar May 12 '25 17:05 sivani01

+1 on the request. helm-operator is impacted due to CVE-2025-22871

shriacquia avatar May 14 '25 12:05 shriacquia

Hi @acornett21 , any update on this?

sivani01 avatar May 26 '25 04:05 sivani01

Hi @sivani01 sorry for the delay, I only work on this during my free time. I ran a check govulncheck on this repo and this does not show up, only the helm CVEs.

The Helm CVEs will be addressed in

  • #6951

When a downstream builder image becomes available for go 1.24.3, I'll try to make an update/release.

acornett21 avatar May 27 '25 22:05 acornett21

  • Related: operator-framework/ansible-operator-plugins#143

acornett21 avatar May 27 '25 22:05 acornett21

Hi, any update on this? Is the downstream builder image available for go 1.24 now?

sivani01 avatar Jun 18 '25 04:06 sivani01