hpvd opened a new issue, #294: URL: https://github.com/apache/pulsar-helm-chart/issues/294
**Describe the bug** helm chart is outdated and includes images with 992 vulnerabilities In detail: - there are dependencies with well known security issues (with official CVE numbers) - there is a pretty huge number of known and documented vulnerabilities: 992 - including important ones (critical, high rating) - not only in the accompanying software in helm (prometheus, grafana) but in core directly (pulsar) - some were known for 9 years (CVE numbers from 2013) - there are possible fixes for most of them (for 623) see source https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report Of course, this is only a first rough impression given by this analysis. And the chart does not contain the very latest version of pulsar (even so, it's the latest official helm chart) When looking into every detail of the reported numbers, you can of course argue why not every counted vulnerabilities is a disaster... => But how can you easily argue to anyone having seen this fast result > In general, this software (pulsar) is secure, you can use it without any concerns. ? This issue is a shortened copy from https://github.com/apache/pulsar/issues/18041 for more details and comments, please see there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
