Closed jbreed closed 7 months ago
Hi @jbreed, v1.4.0 is now out and should address your concerns. And as a reminder, please use security@hashicorp.com for bringing up security issues with the injector.
As for rebuilding in between releases, it's something we've discussed internally but nothing concrete yet.
The current Dockerhub official image hasn't been updated in 4 months. There are two go-related "High" vulnerabilities pertaining to this image that rebuilding will fix.
Ideally, when merges happen into main we could get a pipeline to re-publish 1.3.1 tagged image on Dockerhub. If nothing else, rebuilding on a monthly release cycle for the docker images would likely cover most patching.