vulnerability issue #1694

dirkckau · 2021-12-23T00:34:48Z

dirkckau
Dec 23, 2021

Hi,

In the Security scanning, we found that the Jaeger-operator 1.29.1 image version is having some vulnerability issues.
Especially on a high severity item "RHSA-2020:3247 ", which requires to upgrade package python3-six to version '0:1.12.0-1.el8ost'.

Is there any plan to include this package?

Thanks!

p-rog · 2022-01-10T17:26:17Z

p-rog
Jan 10, 2022

How that report was generated?

The RHSA-2020:3247 is for the RHV Manager (ovirt-engine) product.
The Jaeger-operator does not use any packages from the RHV Manager.
Additionally, indeed the RHSA-2020:3247 is an important security advisory for the RHV Manager, but there is no any security fixes (not related CVEs) to the mentioned python3-six package and the security rating is related to the apache-commons security fixes when that package is not included in the Jaeger-operator image at all. See details at:
https://access.redhat.com/errata/RHSA-2020:3247

There is no any relation between RHSA-2020:3247 (released for RHV) and Jaeger Operator.
It seems that tool where that report was generated incorrectly matched the products CPE.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vulnerability issue #1694

{{title}}

Replies: 1 comment

{{title}}

Select a reply

vulnerability issue #1694

dirkckau Dec 23, 2021

Replies: 1 comment

p-rog Jan 10, 2022

dirkckau
Dec 23, 2021

p-rog
Jan 10, 2022