This build 22.01.890 is a maintenance release with several security fixes.
It contains updates to resolve older vulnerabilities in packaged dependencies and supressions for issues that do not impact Compute.
Console & Defender:
Upgraded Golang version.
Containerd updates for Kubernetes (github.com/containerd/containerd)
Open Policy Agent updates (github.com/open-policy-agent/opa)
Runc updates (github.com/opencontainers/runc)
Kubernetes (k8s.io/kubernetes)
Mongod
Mongodb Go driver (go.mongodb.org/mongo-driver)
AWS SDK for Go (github.com/aws/aws-sdk-go)
Dependency update
Package xz (github.com/ulikunitz/xz)
YAML for Go package (gopkg.in/yaml.v3)
Defender
github.com/docker/distribution
github.com/tidwall/gjson
Console
Dependency updates com.google.code.gson_gson
Suppressions
The following issues are not displayed for Compute resources since the vulnerable components are not used.
Console & Defender
CVE-2022-27191 for golang.org/x/crypto/ssh
Compute is not vulnerable to this issue because it does not use the ssh package; the vulnerability is in the implementation of the ssh server in the package.
Console
CVE-2020-29652 for golang.org/x/crypto/ssh
Compute is not vulnerable to this issue because it does not use the ssh package; the vulnerability is in the implementation of the ssh server in the package.
