hpvd opened a new issue, #334: URL: https://github.com/apache/pulsar-helm-chart/issues/334
we did a huge step forward in the field of security with the release of helm chart v3.0.0 (for details see summary in https://github.com/apache/pulsar-helm-chart/issues/294#issuecomment-1303176871) When looking into the latest version, there are still **136 vulnerabilities (79 fixable) have been detected in this package's images.** https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report -> **For about half of the number of vulnerabilities, we are fully in control and in the responsibility of pulsar community**: - 72 vulnerabilities have been detected in the image `apachepulsar/pulsar-all:2.10.2` - 35 of these should be fixable with a version bump of dependencies. (in attachment colored RED) -> The other half of vulnerabilities comes from tools we include in the helm chart and could not be fully controlled. The only obvious thing that may help a little to reduce these half of the number of vulnerabilities, would be to make sure to always include the very latest version of these tools (in attachment colored YELLOW) The impact shouldn't be very large since the included versions are not very old, but maybe notable. => What else can/should we do? Overview:  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
