OPM image has critical security vulnerability #1561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

kvijai82 opened this issue Jan 24, 2025 · 0 comments · Fixed by #1577

kvijai82 commented Jan 24, 2025

Latest release has a critical CVE:
https://quay.io/repository/operator-framework/opm/manifest/sha256:a179ff91405a137f55121c0eb3d0b2892047b228a8c106a16f556f2005ca166b?tab=vulnerabilities

Looks like it's coming fromgrpc-health-probe that is picked up in https://github.com/operator-framework/operator-registry/blob/master/release/goreleaser.opm.Dockerfile#L7.

Could that please be updated to a new version and could a new release of OPM be published? Thanks!

grokspawn mentioned this issue

🌱 synch dockerfiles with grpc-health-probe version in go.mod #1577

Merged

5 tasks

grokspawn closed this as completed in #1577

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment