crenshaw-dev
commented
1 year ago That vulnerability applies to <= 1.22.0. We're currently on 1.24.2.
Closed fengshunli closed 10 months ago
crenshaw-dev
commented
1 year ago That vulnerability applies to <= 1.22.0. We're currently on 1.24.2.
fengshunli
commented
1 year ago Whether to consider not introducing kubernetes's own dependencies, and complete the requirements by referencing other components
jessesuen
commented
1 year ago Whether to consider not introducing kubernetes's own dependencies, and complete the requirements by referencing other components
Sorry, could you rephrase your question?
fengshunli
commented
1 year ago Whether to consider not introducing kubernetes's own dependencies, and complete the requirements by referencing other components
Sorry, could you rephrase your question?
updated @jessesuen
fengshunli
commented
1 year ago Remove the kubernetes scheme module. Do you have any good ideas to discuss? I have researched for several days, but I can't find a better solution @crenshaw-dev @jessesuen
pgr-mattgartman
commented
1 year ago Security scanners also report ArgoCD containing CVE-2022-3294 which is a a k8s package vul in v1.24.2, fixed in 1.24.8 or 1.25.4. Bumping to 1.24.8 would at least check the security scanner's box.
blakepettersson
commented
10 months ago If I understand correctly this is something which is a duplicate of #5173 and #4055, feel free to reopen if that's not the case.
The currently used kubernetes version has a vulnerability of CVE-2020-8554, whether to consider refactoring the gitops-engine module, upgrade the kubernetes version to 1.26.x or above, and use new features to complete some required functions