Closed sdx-jkataja closed 1 week ago
Fix versions are now available:
sig-storage/livenessprobe:v2.14.0
sig-storage/csi-node-driver-registrar:v2.12.0
This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.
Fixed in the current chart images
mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.13.1
mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.11.1
What steps did you take and what happened: Image vulnerability scan
What did you expect to happen: Please update Kubernetes CSI images to patch CVE-2024-24790 vulnerability in Go, once available The following images are affected:
mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0
mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.10.0
The images are also based on Debian 11 which is at end of regular life. Newer Kubernetes CSI images are based on Debian 12.
Anything else you would like to add: The next released versions should contain the patches