-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Resolve High CVEs #123
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened?
We currently use the jaeger-clickhouse image and our security team has flagged it as being impacted by two HIGH CVEs
To resolve these CVEs the following packages need to be updated to a minimum version of:
We prefer to have the packages fixed upstream to ensure that everyone can benefit from the updates.
Steps to reproduce
Using a vulnerability scanners (e.g. aqua/trivy) scan the jaeger-clickhouse image
trivy image jaeger-clickhouse:0.13.0
Expected behavior
No vulnerabilities listed.
Relevant log output
No response
Screenshot
No response
Additional context
No response
Jaeger backend version
No response
SDK
No response
Pipeline
No response
Stogage backend
No response
Operating system
No response
Deployment model
No response
Deployment configs
No response
The text was updated successfully, but these errors were encountered: