CVE vulnerabilities found for golang-runtime:1.20.4 (usr/local/bin/kube-rbac-proxy)

[lin1161]

Hi,
Protecode scan reported the vulnerabilities for kube-rbac-proxy image, I used v14.0.2, and I checked, seems you do not upgrade golang version in the later versions. Do you have a plan to upgrade the golang version?

[ibihim]

Yes, I am currently working on a bigger update, which would contain the newest K8s version.

It would be super helpful, if you would write out those CVEs, such that I can copy paste them easily. A link would be even better 😄

The CVEs have no direct impact on the kube-rbac-proxy users, except for CVE-2023-39326, which is medium. I will proceed with preparing the bigger update to the newest K8s version.

For the BDSA one, I didn't find an entry on google:

No results found for "BDSA-2023-3257

[ibihim]

I am waiting for someone to review my PR, if it doesn't get a review by Tuesday, I will merge it anyway.

[ibihim]

#276, should solve it.