[Bug]: CVEs of milvus-etcd #34520

weiZhenkun · 2024-07-09T07:44:28Z

Is there an existing issue for this?

I have searched the existing issues

Environment

- Milvus version: 2.4.5

Current Behavior

Can we update to the latest version of milvus-etcd?

Image	Total	CRITICAL&HIGH	CVE detail
docker.io/milvusdb/etcd:3.5.5-r4	203	54	(UNKNOWN: 0, LOW: 78, MEDIUM: 74, HIGH: 49, CRITICAL: 2)
docker.io/bitnami/etcd:3.5.14	91	4	(UNKNOWN: 0, LOW: 66, MEDIUM: 20, HIGH: 4, CRITICAL: 1)

Expected Behavior

No response

Steps To Reproduce

No response

Milvus Log

No response

Anything else?

No response

yanliang567 · 2024-07-10T01:57:05Z

/assign @LoveEachDay
I think we has some plans for this, please help to share more info
/unassign

weiZhenkun · 2024-07-11T14:26:47Z

@LoveEachDay please share the info, thanks.

LoveEachDay · 2024-07-29T03:30:22Z

@weiZhenkun We are testing etcd 3.5.14 inhouse, and will release alongside the next milvus upgrade if everything is ok.

weiZhenkun · 2024-07-30T10:03:49Z

@LoveEachDay Can we also upgrade the base image from Debian 11 to Debian 12?

Debian's fixes for Debian 11 are not very timely, and there are still many CVEs. Debian 12 (bookworm) has fewer CVEs now and the CVEs of it will be fixed relatively timely.
Debian 11 will not fullly support on August 14th, 2024.

xiaofan-luan · 2024-08-04T15:11:51Z

we are targeting to upgrade etcd to 3.5.14 in 2.4.7 right? @LoveEachDay

weiZhenkun added kind/bug Issues or changes related a bug needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 9, 2024

weiZhenkun assigned yanliang567 Jul 9, 2024

weiZhenkun changed the title ~~[Bug]: CVE of milvus-etcd~~ [Bug]: CVEs of milvus-etcd Jul 9, 2024

sre-ci-robot assigned LoveEachDay and unassigned yanliang567 Jul 10, 2024

yanliang567 added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 10, 2024

yanliang567 added this to the 2.4.6 milestone Jul 10, 2024

yanliang567 modified the milestones: 2.4.6, 2.4.7 Jul 19, 2024

weiZhenkun mentioned this issue Aug 2, 2024

change base image from debian 11 to debian 12 milvus-io/bitnami-docker-etcd#6

Merged

yanliang567 modified the milestones: 2.4.7, 2.4.8 Aug 12, 2024

yanliang567 modified the milestones: 2.4.8, 2.4.10 Aug 19, 2024

yanliang567 modified the milestones: 2.4.10, 2.4.11 Sep 5, 2024

yanliang567 modified the milestones: 2.4.11, 2.4.12 Sep 18, 2024

yanliang567 modified the milestones: 2.4.12, 2.4.13 Sep 27, 2024

yanliang567 modified the milestones: 2.4.13, 2.4.14 Oct 15, 2024

yanliang567 removed this from the 2.4.14 milestone Nov 14, 2024

yanliang567 added this to the 2.4.16 milestone Nov 14, 2024

yanliang567 modified the milestones: 2.4.16, 2.4.17, 2.4.18 Nov 21, 2024

yanliang567 modified the milestones: 2.4.18, 2.4.19, 2.4.20 Dec 24, 2024

yanliang567 modified the milestones: 2.4.20, 2.4.21 Jan 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: CVEs of milvus-etcd #34520

[Bug]: CVEs of milvus-etcd #34520

weiZhenkun commented Jul 9, 2024

yanliang567 commented Jul 10, 2024

weiZhenkun commented Jul 11, 2024

LoveEachDay commented Jul 29, 2024

weiZhenkun commented Jul 30, 2024 •

edited

Loading

xiaofan-luan commented Aug 4, 2024

[Bug]: CVEs of milvus-etcd #34520

[Bug]: CVEs of milvus-etcd #34520

Comments

weiZhenkun commented Jul 9, 2024

Is there an existing issue for this?

Environment

Current Behavior

Expected Behavior

Steps To Reproduce

Milvus Log

Anything else?

yanliang567 commented Jul 10, 2024

weiZhenkun commented Jul 11, 2024

LoveEachDay commented Jul 29, 2024

weiZhenkun commented Jul 30, 2024 • edited Loading

xiaofan-luan commented Aug 4, 2024

weiZhenkun commented Jul 30, 2024 •

edited

Loading