caleblloyd
commented
6 months ago Please update to the latest version. Every time we run docker releases, we target the latest alpine. As of this writing, 2.9.24 is out and this issue references 2.9.21
Closed pavanpoladi closed 6 months ago
caleblloyd
commented
6 months ago Please update to the latest version. Every time we run docker releases, we target the latest alpine. As of this writing, 2.9.24 is out and this issue references 2.9.21
What version were you using?
nats-1.0.1
nfs-server-provisioner-1.8.0
What environment was the server running in?
Docker Image: docker.io/nats:2.9.21-alpine
Is this defect reproducible?
Yes, we have a security team that scans our k8s pods frequently and they have discovered the vulnerabilities from our NATS pod, which have not been resolved.
Given the capability you are leveraging, describe your expectation?
Expectation: I believe a new NATS helm chart version should be released that contain fixes to the following CVEs so that our busybox and openssl versions become free from vulnerabilities.
Our team would like an ETA on when the new helm chart version will be released please. Unresolved CVEs:
Resolved CVEs:
Given the expectation, what is the defect you are observing?
Our team's vulnerability scans have detected critical security vulnerabilities on our NATS k8s pod due to unresolved CVEs relating to alpine linux's busybox and and openssl versions.