New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Outstanding CVEs in 3.9.0 #11105
Milestone
Comments
This is still an issue because the circleci image we use for building is outdated. circleci is no longer updating it and the version of Go is outdates. They have newer images (in new locations) to use instead. See https://circleci.com/developer/images/image/cimg/go |
mattfarina
added a commit
to mattfarina/helm
that referenced
this issue
Jul 18, 2022
The previous circleci images were deprecated and no longer getting updates. The version of Go included had known CVEs. This moves to the newer images which container newer patch versions of Go. Closes helm#11105 Signed-off-by: Matt Farina <matt@mattfarina.com>
3 tasks
This should now be fixed with the merge of #11161 and is out with the release of Helm 3.9.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Helm includes a version of go that has several high severity CVEs:
CVE-2022-23772
CVE-2022-23806
CVE-2022-23773
CVE-2022-24921
CVE-2022-24675
CVE-2022-28327
Is there an ETA for getting this lib updated? If they are being deferred for non-exploitability, would you mind sharing the analysis?
The text was updated successfully, but these errors were encountered: