-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating of ansible-runner to 2.1.x #6167
Comments
/unassign jmrodri |
Is there any plan on when the operator image will have an updated version of ansible? There are a number of vulnerabilities that are fixed in later versions (e.g. CVE-2021-3701, CVE-2021-3583, CVE-2022-3697). |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
/remove-lifecycle stale |
|
@everettraven I think you already resolved this. |
@acornett21 You're correct - thanks for following up on this! Closing it now. |
The current ansible-runner used in the operator image is 2.0.2 which has a known vulnerbility CVE-2021-4041 which is fixed in version 2.1.0 onwards. I can see the dependabot created this PR sometime ago to raise the version to 2.1.1: #6011
My question is, when will this PR be merged so that we can pickup the new operator-sdk image that resolves the vulnerbility?
The text was updated successfully, but these errors were encountered: