Hi folks, I'm reviewing this issue and the associated security vulns in my environment. It isn't clear to me how I'm meant to upgrade the

helm-klipper

image. I don't have any

helmchart

objects, so I think it is just the controller that I need to upgrade. How do I use the new image version?

That issue is 5 years old. What specifically are you trying to address?

I started using trivy for continuous image scanning in one of my environments, which reports

rancher/klipper-helm:v0.7.3-build20220613

as vulnerable to a few posted CVE. So I'm wondering how to update that image. Note I don't see it looking in the

kube-system

namespace, but perhaps its running another way.

what version of K3s are you on that is still using a 3 year old version of Helm?

K3s v1.32.4 does not use

klipper-helm:v0.7.3-build20220613

. It uses

klipper-helm:v0.9.5-build20250306

- so whatever your scanner is turning up, it’s not from the version of k3s you’re using.

Well that's strange.

I mean you can see from the datestamp in that image tag that it’s a 3 year old image. So you’d need to be on a 3 year old version of K3s to be using that.

Sorry, I lied its all

v1.33.1+k3s1

That uses the same tag of that image.

All my nodes are the same version.

well I don’t know what your scanner is turning up, but it’s not something used by the version of k3s that you believe you’re running.

Strange. I'll have to figure out how the scanning works. I'm reasonably confident in the version of k3s that all of my nodes are reporting. Could the API server be returning something from a previous version which doesn't show as running?