Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Vulnerabilities have been reported in the images we shipped.

Description

Customer case CS0047131

Account eBay Inc.

I am attaching the listt of reported vulns

Customer mentioned:

We are using operator version perconalab/percona-postgresql-operator:2.3.1-custom-166 

We have a custom build to allow us to set the user and group in the security context as without this we are unable to deploy or run an image in our environment, can you either help us either confirm that percona-postgres-operator:2.4.0 has the ability to use a userid and groupid set in the security context for all pods or if not, get a new build of our custom image run so that we can upgrade to percona-postgresql-operator:2.4.0 

 

We need to review whether the vulns are present as reported and get an answer for the customer on their concerns.

Environment

None

Attachments

1

Activity

Slava Sarzhan June 14, 2024 at 7:57 AM

Hi ,
This task will be included in the next PGO v2.4.0 release. The release date is June 24.

We do not have release tags for images at the moment, but we will use the following images as the source for the release:

I have checked these images using snyk and did not find any critical or high CVEs.

Details

Assignee

Reporter

Needs QA

Yes

Components

Affects versions

Priority

Smart Checklist

Created June 13, 2024 at 11:30 PM
Updated June 14, 2024 at 7:57 AM