K8ssandra Forum

Security vulnerabilities in lastpickle/cassandra-reaper:2.3.1

Hi k8ssandra experts,

In k8ssandra:1.3.1, the image lastpickle/cassandra-reaper:2.3.1 is the latest version. But there are some critical severity vulnerabilities in container vulnerability scanning (Anchore inline scanner). Not sure if you have been aware of this, any plan to fix it?

Here is the vulnerability list,

Thanks much!

3 Likes

Hi,

we have plans to upgrade Reaper to jdk11 soon and upgrade many of our dependencies to the latest versions. We’ll make sure to upgrade the versions that have vulnerabilities in the process.

Thanks for pointing this out.

2 Likes

Thank you! @alexander Do we have a rough plan when will the new version be released?

If everything goes according to plans, within a couple months. There’s a bit to do to get there :slight_smile:

I am trying to build reaper myself to fix CVEs and confused about the build instructions. Can someone help with the steps. It seems these are nested builds