CVE-2024-4323 - Provide v3.0.4 fluenbit in kubesphere/fluent-bit image #1175
Comments
|
没有这个镜像呀,是我操作不对嘛 |
|
@benjaminhuo thanks for the review/merge, when can we expect the tagged image to be published to dockerhub? I'm guessing a release is needed on this repo for this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Upstream fluent-bit have release v3.0.4 (https://github.com/fluent/fluent-bit/releases/tag/v3.0.4) to address https://nvd.nist.gov/vuln/detail/CVE-2024-4323, latest fluent-bit version in kubesphere/fluent-bit registry is 2.8.0.
To run a non-vulnerable version of fluent-bit with the fluent-operator, support for v3.0.4 is needed.
Describe the solution you'd like
Publish kubesphere/fluent-bit image with fluent-bit 3.0.4
Set the default kubesphere/fluent-bit image reference in installation manifests/helm charts to ensure those using defaults are not inadevertently spinning up vulnerable version of fluent-bit.
Additional context
No response
The text was updated successfully, but these errors were encountered: