velero
velero copied to clipboard
vmware-tanzu
Security Vul due to go version 1.17.8 in velero-v1.8.1 version
Description: We are using one of Debian image and on top of that we are installing velero version 1.8.1. We are facing issue with GO version and found some vul w.r.t go version. To fix this issue, go version should be updated to 1.18.4. We tried to update go version individually but didn't work. Go version bound with Velero tar file itself as we are installing through curl (through docker file) in docker image. Is there any plan to update go version in next release of velero?
According to https://security-tracker.debian.org/tracker/CVE-2022-29804, it only affects Go on Windows, Velero isn't compiled with Windows Go, so it doesn't affect Velero
Thank you for your reply. Okay, we can skip it then. But we have multiple below vul found due to existing go version in velero. Can you please suggest on this?
CVE-2022-1962 CVE-2022-28131 CVE-2022-30633 CVE-2022-30635
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}