Comments (6)
I am closing this issue as KEDA 2.14.0 has passed the scan. I highly appreciate the remediation. Thanks a lot for the awesome project.
from keda.
Hello @amardeep2006 ,
Thanks for reporting! We don't have plans for any hotfix release for versions v2.13 as the v2.14 will be released this month. Some of the issues are already solved in main (such us this) but it'd be nice if you can test main
tag to double check if there are still present on that version.
from keda.
Thanks @JorTurFer . I did a rescan of main tag and CVE-2024-28180 in github.com/go-jose/go-jose/v3 - v3.0.1 is fixed.
Here are the Vulnerabilities that still needs to be looked into :
GHSA-mrww-27vc-gghv in github.com/jackc/pgx/v5 - v5.5.2
GHSA-8r3f-844c-mc37 in google.golang.org/protobuf - v1.32.0
GHSA-5pf6-2qwx-pxm2 in github.com/cloudevents/sdk-go/v2 - v2.14.0
from keda.
keda-metrics-apiserver also needs some dependency bump .
GHSA-mrww-27vc-gghv in github.com/jackc/pgx/v5 - v5.5.2
GHSA-8r3f-844c-mc37 in google.golang.org/protobuf - v1.32.0
from keda.
Thanks for reporting, let's mitigate these in 2.14
from keda.
I am closing this issue as KEDA 2.14.0 has passed the scan. I highly appreciate the remediation. Thanks a lot for the awesome project.
Thank you for checking it and reporting the feedback too! ❤️
from keda.
Related Issues (20)
- Report the use of components with vulnerabilities in keda HOT 1
- Getting " no matches for kind "TriggerAuthentication" in version "keda.k8s.io/v1alpha1" ensure CRDs are installed first" while spplying scaledobject for Keda HOT 1
- leaderelection.go:320] error retrieving resource lock keda/operator.keda.sh: invalid character ', after object key HOT 3
- minReplicaCount not applied on a trigger type: cron
- GCP Stackdriver scaler doesn't work with centralized metrics scope project HOT 2
- Refactor Scalers with new declarative scaler config HOT 3
- After completing a task, the Pod consistently enters the CrashLoopBackOff state repeatedly with the same Pod. HOT 1
- Upgrade KEDA to use Debian 12 Distroless
- Add support for Cassandra TLS auth
- desiredReplicas ignored in scaledObject with trigger cron HOT 4
- Scaler not being properly closed HOT 1
- Add Scaler that Read Metrics From Current Custom Metrics Adapter HOT 3
- Keda operator pod restarts because of objectScaler HOT 5
- cron-scaler scales higher than expected HOT 2
- Continuous HPA updates with CPU Utilization trigger HOT 1
- Add support for access token authentication to an Azure Postgres Flexible Server - Postgres scaler
- Service bus scaler whith workload-identity (override) HOT 3
- Unable to scale with AmbiguousSelector message when there are multiple HPA HOT 1
- Unable to Use Behavior Field with KEDA ScaledObject HOT 1
- Support for Kubernetes v1.30 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keda.