CVE-2022-40674 in 0.31.1-kafka-3.2.0 Docker image

[mihkels]

Hi, after updating the Strimzi Operator version to 0.31.1 I got a security issue notification from the docker image repository for CVE-2022-40674 https://access.redhat.com/errata/RHSA-2022:6878.

Are there any plans to address this issue? Or what approach we should take to take care of this problem without upgrading to the latest Strimzi Kafka image and remaining on 0.31.1?

[scholzj]

Do you think xmlparse is actually used for anything? I can run a CVE respin of 0.31.1, it seems to be fixed in the latest base image.

[scholzj]

@mihkels I have respawned the images. You can just pull the fresh 0.31.1 images or you can also use the suffixed tag (0.31.1-1) to avoid any issues with already present images.