dpaxon
dpaxon
Hello! There have been a bunch of different changes made since v1.3.1 (Almost 8 months worth). Can we please get a new release with an updated image? This will help...
…tefulset **What this PR does**: Provide the ability to configure Pod Topology Spread Constraints to Ingester/Alertmanager statefulset. This is a fix for 2 statefulsets that were missed in this: https://github.com/cortexproject/cortex-helm-chart/pull/343...
### Proposal Hello! Our twistlock scan is reporting these CVE's, can this be remediated by switching busybox version? | Repository | Tag | Distro | CVE ID | Type |...
As discussed in this issue: https://github.com/kubernetes/kube-state-metrics/issues/1999#issuecomment-1652439596 Description of CVE: github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses...
Hello, we ran a twistlock scan and got this finding: CVE: PRISMA-2023-0056 Image: hashicorp/consul:1.17.2 Description: The github.com/sirupsen/logrus module of all versions is vulnerable to denial of service. Logging more than...
We totally understand this is opensource product and that some of the CVE's below might not be exploitable. For compliance reasons, we just have to document that we opened an...
**Describe the bug** After upgrading from Cortex 1.15.3 to 1.16.0 we started seeing errors like these on our ingesters: ``` caller=grpc_logging.go:43 level=warn duration=315.604µs method=/cortex.Ingester/LabelValues err="LabelValues() from merge generic querier for...
When scanning the most recent version of Cortex 1.15.3 it returns "Image should be created with a non-root user". Can newer images get created with non-root users?
Hello! We ran a twistlock scan and it showed the following CVE's: libtiff5- - [CVE-2022-1210](https://security-tracker.debian.org/tracker/CVE-2022-1210) - [CVE-2022-1622](https://security-tracker.debian.org/tracker/CVE-2022-1622) - [CVE-2022-1623](https://security-tracker.debian.org/tracker/CVE-2022-1623) - [CVE-2022-2056](https://security-tracker.debian.org/tracker/CVE-2022-2056) - [CVE-2022-2057](https://security-tracker.debian.org/tracker/CVE-2022-2057) - [CVE-2022-2058](https://security-tracker.debian.org/tracker/CVE-2022-2058) - [CVE-2022-34526](https://security-tracker.debian.org/tracker/CVE-2022-34526) - [CVE-2022-1355](https://security-tracker.debian.org/tracker/CVE-2022-1355) -...
**What happened?**: Please release a new image for prometheus-adapter to fix CVE issues with golang. The specific CVE's are: CVE-2024-24790 **What did you expect to happen?**: Update go to 1.22.x+