Vulnerabilities found in Gloo version 1.17.0 #10095
Labels
Comments
|
Envoy bump to 1.30.6 is planned for Gloo Gateway 1.17.3, which will be released shortly: https://github.com/solo-io/solo-projects/issues/6934 |
|
Please update with status, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Gloo Edge Product
Enterprise
Gloo Edge Version
gloo-ee-1.17.x
Kubernetes Version
v1.28.6
Describe the bug
Our security scans have found a new vulnerability.
https://security-tracker.debian.org/tracker/CVE-2024-7207
There is a fix in versions 1.31.2, 1.30.6, 1.29.9, 1.28.7
See:
GHSA-ffhv-fvxq-r6mf
Expected Behavior
This vulnerability should be resolved asap as it is very high and could cause potential security issues.
A new version of gloo-ee-1.17.x should be released - please update us as soon as this issues is fixed and we will consume it.
Steps to reproduce the bug
These vulnerabilities came up on a BlackDuck scan while scanning the gloo images.
Additional Environment Detail
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: