How can I update the package in the ingress-controller image?

Hello,
I am using the latest released version of ingress-controller:1.2.0.
However, the following vulnerability occurs when images are scanned in the harbor, our image system.

Vulnerability Severity CVSS3 Package Current version Fixed in version CVE vulnerabilities
CVE-2021-23839 High 7.5 libcrypto1.1 1.1.1g-r0 1.1.1j-r0 CVE-2021-23839 openssl: incorrect SSLv2 rollback protection
CVE-2021-23840 High 7.5 libcrypto1.1 1.1.1g-r0 1.1.1j-r0 CVE-2021-23840 openssl: integer overflow in CipherUpdate
CVE-2021-23841 High 7.5 libcrypto1.1 1.1.1g-r0 1.1.1j-r0 CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
CVE-2021-3450 High 7.4 libcrypto1.1 1.1.1g-r0 1.1.1k-r0 CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
CVE-2021-23839 High 7.5 libssl1.1 1.1.1g-r0 1.1.1j-r0 CVE-2021-23839 openssl: incorrect SSLv2 rollback protection
CVE-2021-23840 High 7.5 libssl1.1 1.1.1g-r0 1.1.1j-r0 CVE-2021-23840 openssl: integer overflow in CipherUpdate
CVE-2021-23841 High 7.5 libssl1.1 1.1.1g-r0 1.1.1j-r0 CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
CVE-2021-3450 High 7.4 libssl1.1 1.1.1g-r0 1.1.1k-r0 CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

So I am trying to create a new image by updating some packages. Which part of the source code do I need to modify?

https://github.com/Kong/kubernetes-ingress-controller

I look forward to your reply.

Thanks.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ