Summary
The latest cluster-agent image (7.77.2) contains Go SDK vulnerabilities that require a Go toolchain rebuild to fix.
Affected image
registry.datadoghq.com/cluster-agent:7.77.2- Digest:
sha256:bf8d4d80e164ebe9b35d514b7d4c1bad7770128fdf74edf78ad345b80734855d
CVEs
Details
All three vulnerabilities are in the Go standard library / SDK. The fix requires rebuilding the cluster agent with a patched Go toolchain version. The Go project has already issued fixes for these.
Steps to reproduce
Scan registry.datadoghq.com/cluster-agent:7.77.2 with any container vulnerability scanner (e.g. Wiz, Trivy).
Request
Please rebuild cluster-agent with a patched Go version and cut a new release. We are currently on the latest available version (7.77.2) with no patched version to upgrade to.
Summary
The latest
cluster-agentimage (7.77.2) contains Go SDK vulnerabilities that require a Go toolchain rebuild to fix.Affected image
registry.datadoghq.com/cluster-agent:7.77.2sha256:bf8d4d80e164ebe9b35d514b7d4c1bad7770128fdf74edf78ad345b80734855dCVEs
Details
All three vulnerabilities are in the Go standard library / SDK. The fix requires rebuilding the cluster agent with a patched Go toolchain version. The Go project has already issued fixes for these.
Steps to reproduce
Scan
registry.datadoghq.com/cluster-agent:7.77.2with any container vulnerability scanner (e.g. Wiz, Trivy).Request
Please rebuild
cluster-agentwith a patched Go version and cut a new release. We are currently on the latest available version (7.77.2) with no patched version to upgrade to.