Open cedricAI23 opened 1 year ago
Hello @cedricAI23 We expect to resolve this issue in the upcoming quarterly patch release.
Thank you!. What is the date for the quarterly patch release
@cedricAI23 Quarterly patch release happen around the end of the every quarter, so upcoming one is expected at the end of March.
The following images are showing them vulnerable to CVE-2022-47629 for 6.2.8. Please provide a resolution
cp-kafka-connect cp-kafka cp-zookeeper cp-schema-registry
trivy image 323640293338.dkr.ecr.us-east-2.amazonaws.com/cp-kafka-connect:6.2.8-arthur-1 | grep CVE-2022-47629
2023-03-02T09:52:46.390-0500 INFO Need to update DB 2023-03-02T09:52:46.390-0500 INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2023-03-02T09:52:46.390-0500 INFO Downloading DB... 35.83 MiB / 35.83 MiB [-----------------------------] 100.00% 18.12 MiB p/s 2.2s 2023-03-02T09:52:49.855-0500 INFO Vulnerability scanning is enabled 2023-03-02T09:52:49.855-0500 INFO Secret scanning is enabled 2023-03-02T09:52:49.855-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning 2023-03-02T09:52:49.855-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection 2023-03-02T09:52:54.798-0500 INFO Detected OS: redhat 2023-03-02T09:52:54.798-0500 INFO Detecting RHEL/CentOS vulnerabilities... 2023-03-02T09:52:54.829-0500 INFO Number of language-specific files: 2 2023-03-02T09:52:54.829-0500 INFO Detecting jar vulnerabilities... 2023-03-02T09:52:54.848-0500 INFO Detecting python-pkg vulnerabilities... 2023-03-02T09:52:54.881-0500 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file. │ libksba │ CVE-2022-47629 │ HIGH │ 1.3.5-8.el8_6 │ 1.3.5-9.el8_7 │ libksba: integer overflow to code execution`