bug: Security: CVEs in suggested (EOL) image for fluentd #1166

max-allan · 2024-05-14T15:20:08Z

From the helm values file:

    repository: "kubesphere/fluentd"
    tag: "v1.15.3"

That image has (according to Grype) a lot of vulnerabilities:

 3 critical, 5 high, 22 medium, 1 low, 0 negligible

Also, fluentd 1.15.3 is EOL.

Can we update the image to 1.16 or 1.17? Will the operator work with newer versions?

Anywhere that image is referenced will need updating, not just that location in the chart.

In addition, fluent-bit 2.2.2 is EOL in a few weeks time.

See the values file

Current/supported versions of fluentd and fluent-bit are used by default.

- Fluent Operator version: 2.8.0
- Container Runtime: any
- Operating system: any
- Kernel version: any

Helm

No response

The text was updated successfully, but these errors were encountered:

benjaminhuo · 2024-05-15T01:26:29Z

@max-allan Good point, we do need hands to upgrade and test new version of fluentd and fluentbit

SvenThies · 2024-07-01T10:44:43Z

@max-allan can you confirm that this issue is closed with #1199. Can this issue be closed?

benjaminhuo · 2024-07-02T06:06:58Z

@max-allan can you confirm that this issue is closed with #1199. Can this issue be closed?

benjaminhuo added the good first issue Good for newcomers label May 15, 2024

patrick-stephens closed this as completed Jul 8, 2024

Provide feedback