As i am seeing we are using “golang:1.13” in pxc-xtradb-cluster (1.8/1.9.1.10) versions but there is a security Vunerability found ralated to that Golang version.
CVE-2021-38297
CVE-2021-44716
CVE-2021-33196
Did we try by updating Golang version to fix these security issues OR whether Percona code is compatible to upgraded Golang version?
If i manually try to update then is there any process to run E2E test cases to test it outt?
Thank you for this report, please note that this is not the appropriate channel for such enquiries; however, I will note that GoLang is not in use for percona-xtradb-cluster.
Therefore we are presuming for the moment you refer to percona-xtradb-cluster-operator for which golang 1.17 (see: Update golange to 1.17 (#1003) · percona/percona-xtradb-cluster-operator@23b57c8 · GitHub) is in use within the Containerfile (read: Dockerfile) at the time of writing (and during PXC Operator 1.10.0 release), and is not affected by the CVE’s listed in this post.
In future, please refer to Percona Security for instructions on where to enquire about or report issues with our open source products.
Thanks @David_Busby
But could you please help me out to find the code base for Docker image “percona-xtradb-cluster:8.0.22-13.1” from which code based its build and which docker file used to build this image.