When is the next release of vault-k8s expected?

Hi,

Latest vault-k8s image at this moment (1.2.1) is based on alpine 3.17.3. This has multiple CVEs which are being flagged in our security scans.

We would need a new release of vault-k8s that would address all the CVEs at OS level.

Trivy scan results:

kabhijeet@vm-kabhijeet:/localdata/vault/760037/cna-vault$ trivy image hashicorp/vault-k8s:1.2.1
2023-08-16T10:09:35.740Z	INFO	Vulnerability scanning is enabled
2023-08-16T10:09:35.740Z	INFO	Secret scanning is enabled
2023-08-16T10:09:35.740Z	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-08-16T10:09:35.740Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection
2023-08-16T10:09:36.371Z	INFO	Detected OS: alpine
2023-08-16T10:09:36.371Z	INFO	Detecting Alpine vulnerabilities...
2023-08-16T10:09:36.401Z	INFO	Number of language-specific files: 1
2023-08-16T10:09:36.401Z	INFO	Detecting gobinary vulnerabilities...

hashicorp/vault-k8s:1.2.1 (alpine 3.17.3)

Total: 16 (UNKNOWN: 0, LOW: 3, MEDIUM: 8, HIGH: 5, CRITICAL: 0)

┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│   Library    │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                            Title                            │
├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libcap       │ CVE-2023-2603 │ HIGH     │ 2.66-r0           │ 2.66-r1       │ Integer Overflow in _libcap_strdup()                        │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2603                   │
│              ├───────────────┼──────────┤                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2602 │ LOW      │                   │               │ Memory Leak on pthread_create() Error                       │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2602                   │
├──────────────┼───────────────┼──────────┤                   │               ├─────────────────────────────────────────────────────────────┤
│ libcap-utils │ CVE-2023-2603 │ HIGH     │                   │               │ Integer Overflow in _libcap_strdup()                        │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2603                   │
│              ├───────────────┼──────────┤                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2602 │ LOW      │                   │               │ Memory Leak on pthread_create() Error                       │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2602                   │
├──────────────┼───────────────┼──────────┤                   │               ├─────────────────────────────────────────────────────────────┤
│ libcap2      │ CVE-2023-2603 │ HIGH     │                   │               │ Integer Overflow in _libcap_strdup()                        │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2603                   │
│              ├───────────────┼──────────┤                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2602 │ LOW      │                   │               │ Memory Leak on pthread_create() Error                       │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2602                   │
├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libcrypto3   │ CVE-2023-2650 │ HIGH     │ 3.0.8-r3          │ 3.0.9-r0      │ Possible DoS translating ASN.1 object identifiers           │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2650                   │
│              ├───────────────┼──────────┤                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-1255 │ MEDIUM   │                   │ 3.0.8-r4      │ Input buffer over-read in AES-XTS implementation on 64 bit  │
│              │               │          │                   │               │ ARM                                                         │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-1255                   │
│              ├───────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2975 │          │                   │ 3.0.9-r2      │ AES-SIV cipher implementation contains a bug that causes it │
│              │               │          │                   │               │ to ignore empty...                                          │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2975                   │
│              ├───────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3446 │          │                   │ 3.0.9-r3      │ Excessive time spent checking DH keys and parameters        │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3446                   │
│              ├───────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3817 │          │                   │ 3.0.10-r0     │ Excessive time spent checking DH q parameter value          │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3817                   │
├──────────────┼───────────────┼──────────┤                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│ libssl3      │ CVE-2023-2650 │ HIGH     │                   │ 3.0.9-r0      │ Possible DoS translating ASN.1 object identifiers           │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2650                   │
│              ├───────────────┼──────────┤                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-1255 │ MEDIUM   │                   │ 3.0.8-r4      │ Input buffer over-read in AES-XTS implementation on 64 bit  │
│              │               │          │                   │               │ ARM                                                         │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-1255                   │
│              ├───────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2975 │          │                   │ 3.0.9-r2      │ AES-SIV cipher implementation contains a bug that causes it │
│              │               │          │                   │               │ to ignore empty...                                          │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2975                   │
│              ├───────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3446 │          │                   │ 3.0.9-r3      │ Excessive time spent checking DH keys and parameters        │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3446                   │
│              ├───────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3817 │          │                   │ 3.0.10-r0     │ Excessive time spent checking DH q parameter value          │
│              │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3817                   │
└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘