High Severity vulnerability found in all latest versions - github.com/getkin/kin-openapi/openapi3filter

[SabaOrk]

Hi, there is a high severity vulnerability found in recent haproxytech/kubernetes-ingress images. more details about the vulnerability:

Please update openapi3filter package to latest version where they fix this vulnereability.

[oktalz]

@SabaOrk what tool you used that detected this ?
we do not have such package at all

[SabaOrk]

@oktalz this is detected in multiple tools like ORCA tool or Google Cloud Console container scanning tool, both showing same vulnerability, could this package be inside DATAPLANE_API here: https://github.com/haproxytech/haproxy-docker-alpine/blob/main/3.2/Dockerfile#L3 ?

[oktalz]

@SabaOrk thx for the info.
we are removing dataplaneapi in image for this controller as you can see here

kubernetes-ingress/build/Dockerfile

Line 45 in 14d2e66

rm -f /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi /etc/haproxy/dataplaneapi.yml && \

though I checked it now, it seems there is one additional binary /usr/local/bin/dataplaneapi-v2 that needs to be removed, that might be an issue.

If you want you can create a PR for this removal too :)

If not, we can do that and release new images without it (in few days)

[SabaOrk]

@oktalz thanks for checking that, I have created a PR:

please review it and proceed accordingly or tell me if you need anything else from me.