kelkarn
commented
1 year ago It looks like these vulns exist for v1.17.1 as well, e.g. the seldon-core operator: https://github.com/SeldonIO/seldon-core/blob/v1.17.1/operator/go.mod#L3
Open kelkarn opened 1 year ago
kelkarn
commented
1 year ago It looks like these vulns exist for v1.17.1 as well, e.g. the seldon-core operator: https://github.com/SeldonIO/seldon-core/blob/v1.17.1/operator/go.mod#L3
Describe the bug
Seldon Core v1.17.0 has a few 'Critial'/'High' security vulnerabilities related to the use of
go 1.17(https://github.com/SeldonIO/seldon-core/blob/v1.17.0/operator/go.mod#L3) (9+ CVSS score):Our vuln scanner marks these vulns as 'Critical'/'High' and says that go version
1.20.5+ fixes the above vulns. Can the Seldon team please look into updating the Go version for seldon-core1.17.0?To reproduce
Expected behaviour
Seldon v1.17.0 should not be flagged for these vulns.
Environment
K8s v1.26.3