Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to etcd v3.4.26 to fix vulnerabilities from go runtime #33

Closed
lizzzcai opened this issue May 24, 2023 · 3 comments
Closed

Upgrade to etcd v3.4.26 to fix vulnerabilities from go runtime #33

lizzzcai opened this issue May 24, 2023 · 3 comments
Labels
kind/enhancement Enhancement, improvement, extension status/closed Issue is closed (either delivered or triaged)

Comments

@lizzzcai
Copy link

What would you like to be added:

Hi colleagues, the current etcd image (eu.gcr.io/gardener-project/gardener/etcd:v3.4.13-bootstrap-10) maintained by gardener has around 140+ vulnerabilities (mainly from go runtime).

I check the official etcd v3.4.26 is using the latest go runtime to fix all these vulnerabilities, is it possible to upgrade to this version?

BTW I also saw this issue which slowly upgrade to v3.6.x to avoid vulnerabilities from base image, is there any timeline?

Why is this needed:

fix vulnerabilities from go runtime for security compliance.

@lizzzcai lizzzcai added the kind/enhancement Enhancement, improvement, extension label May 24, 2023
@unmarshall
Copy link

unmarshall commented May 25, 2023

This repository will soon be replaced by https://github.com/gardener/etcd-wrapper (PR is under review). At the moment we have preserved the same etcd version (3.14.3) but we already have a backlog item to move to the latest version of etcd (gardener/etcd-druid#445). Since there are a lot of breaking changes between 3.14.3 and the latest version of etcd we will need some time to test and identify + make changes due to API changes.

@unmarshall
Copy link

etcd-wrapper has now been released. This currently uses v3.4.26 version of etcd. It will soon be integrated with etcd-druid as a de-facto etcd container.

@shreyas-s-rao
Copy link
Contributor

This issue can now be closed since druid release v0.19.0 will use etcd-wrapper, running etcd v3.4.26. @lizzzcai please watch etcd-druid for the v0.19.0 release.
/close

@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Jul 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement Enhancement, improvement, extension status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Development

No branches or pull requests

4 participants