Search before asking
Version
latest v2.10.2
Minimal reproduce step
-
look into trivy powered inspection for vulnerabilities
at artifacthub.io
https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report
-
open details of in the latest helm chart v3.0.0 included pulsar v2.10.2 image
-
see details:


What did you expect to see?
no fixable vulnerabilities (with severity greater than low) older than some month in latest pulsar image.
At the very least, non older than 1 year
What did you see instead?
fixable and reported vulnerabilities
- of severity CRITICAL with an age of 5 years
- severity MEDIUM with an age of 9 years
reports see:
#8967
Anything else?
these old security issues are not only a security problem but may also give bad impression for the importance of security in our project
(since we are today already doing great things in this field, this may lead to a false impression)
of course it makes sense to solve all fixable vulnerabilities, but these 3 may be the most hurting ones,
and for fixing all, there is another topic..#18348
Are you willing to submit a PR?
Search before asking
Version
latest v2.10.2
Minimal reproduce step
look into trivy powered inspection for vulnerabilities
at artifacthub.io
https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report
open details of in the latest helm chart v3.0.0 included pulsar v2.10.2 image
see details:
What did you expect to see?
no fixable vulnerabilities (with severity greater than low) older than some month in latest pulsar image.
At the very least, non older than 1 year
What did you see instead?
fixable and reported vulnerabilities
reports see:
#8967
Anything else?
these old security issues are not only a security problem but may also give bad impression for the importance of security in our project
(since we are today already doing great things in this field, this may lead to a false impression)
of course it makes sense to solve all fixable vulnerabilities, but these 3 may be the most hurting ones,
and for fixing all, there is another topic..#18348
Are you willing to submit a PR?