Strimzi
Vulnerability observed in strimzi related with okhttp3 operator during scan #7970
Replies: 1 comment 2 replies
-
|
You should provide an exact information where it was found (which image, which path etc.). As far as I know, there is no fix provided for this CVE in OkHttp3. |
Beta Was this translation helpful? Give feedback.
-
|
Hi scholzj , below is the further information |
Beta Was this translation helpful? Give feedback.
-
|
Ok, I guess that has been addressed by #7959 which moves from OkHttp to Java HTTP client. You can doublecheck that in the latest images if you want (as this is not released yet). |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi team,
We have observed vulnerability during our latest scan in okhttp3 jar. Below are the details
PRISMA-2022-0239 | square/okhttp#6738 | Y | fixed in 4.9.2 | com.squareup.okhttp3_okhttp 3.12.12 /opt/strimzi/lib/com.squareup.okhttp3.okhttp-3.12.12.jar
To Reproduce
Steps to reproduce the behavior:
Take the recent strimzi kafka operator source code
Run vulnerability scan report using twistlock scan.
Expected behavior
A clear and concise description of what you expected to happen.
Environment (please complete the following information):
Strimzi version: [e.g. main, 0.22.1]
Installation method: [e.g. YAML files, Helm chart, OperatorHub.io]
Kubernetes cluster: [e.g. Kubernetes 1.20, OpenShift 4.7]
Infrastructure: [e.g. Amazon EKS, Minikube]
YAML files and logs
Attach or copy paste the custom resources you used to deploy the Kafka cluster and the relevant YAMLs created by the Cluster Operator.
Attach or copy and paste also the relevant logs.
To easily collect all YAMLs and logs, you can use our report script which will automatically collect all files and prepare a ZIP archive which can be easily attached to this issue.
The usage of this script is:
./report.sh --namespace --cluster [--bridge ] [--connect ] [--mm2 ]
Beta Was this translation helpful? Give feedback.
All reactions