Overview
This issue tracks known vulnerabilities in the container images bundled with this chart. All findings are in upstream dependencies — the chart itself and busybox:1.37.0 are clean. Fixes exist in upstream main branches but no new releases have been cut yet.
clair:4.9.0 — CRITICAL Go dependency CVEs
Trivy reports several CRITICAL/HIGH CVEs in Clair's Go module dependencies. Upstream fixes have already been merged to quay/clair main via Dependabot but a new image release has not been cut yet.
Action: Bump image.tag and appVersion in Chart.yaml once Quay publishes a new quay.io/projectquay/clair release.
postgres:17-alpine — gosu vulnerability
Trivy reports a vulnerability in the gosu binary bundled in the official PostgreSQL image.
Action: Bump postgresql.image.tag in values.yaml once the official postgres image ships a fixed gosu.
What is NOT affected
- The chart templates themselves
busybox:1.37.0 (init container)- Any chart logic or Kubernetes resources
Monitoring
This issue will be closed when both images are bumped to versions with clean Trivy scans.
Overview
This issue tracks known vulnerabilities in the container images bundled with this chart. All findings are in upstream dependencies — the chart itself and
busybox:1.37.0are clean. Fixes exist in upstream main branches but no new releases have been cut yet.clair:4.9.0— CRITICAL Go dependency CVEsTrivy reports several CRITICAL/HIGH CVEs in Clair's Go module dependencies. Upstream fixes have already been merged to
quay/clairmain via Dependabot but a new image release has not been cut yet.Action: Bump
image.tagandappVersioninChart.yamlonce Quay publishes a newquay.io/projectquay/clairrelease.postgres:17-alpine— gosu vulnerabilityTrivy reports a vulnerability in the
gosubinary bundled in the official PostgreSQL image.Action: Bump
postgresql.image.taginvalues.yamlonce the officialpostgresimage ships a fixedgosu.What is NOT affected
busybox:1.37.0(init container)Monitoring
This issue will be closed when both images are bumped to versions with clean Trivy scans.