Open sonrai-doyle opened 1 year ago
We currently use the jaeger-clickhouse image and our security team has flagged it as being impacted by two HIGH CVEs
To resolve these CVEs the following packages need to be updated to a minimum version of:
We prefer to have the packages fixed upstream to ensure that everyone can benefit from the updates.
Using a vulnerability scanners (e.g. aqua/trivy) scan the jaeger-clickhouse image
trivy image jaeger-clickhouse:0.13.0
No vulnerabilities listed.
No response
What happened?
We currently use the jaeger-clickhouse image and our security team has flagged it as being impacted by two HIGH CVEs
To resolve these CVEs the following packages need to be updated to a minimum version of:
We prefer to have the packages fixed upstream to ensure that everyone can benefit from the updates.
Steps to reproduce
Using a vulnerability scanners (e.g. aqua/trivy) scan the jaeger-clickhouse image
trivy image jaeger-clickhouse:0.13.0Expected behavior
No vulnerabilities listed.
Relevant log output
No response
Screenshot
No response
Additional context
No response
Jaeger backend version
No response
SDK
No response
Pipeline
No response
Stogage backend
No response
Operating system
No response
Deployment model
No response
Deployment configs
No response