Security Bulletins

Kiali releases every three weeks and so generally resolves CVEs in new releases only. Golang vulnerabilities are typically resolved in a timely way, as the Go version for release builds increments fairly often. Occasionally, critical CVEs may be resolved in patch releases for supported versions. Additionally, not every CVE reported against a Kiali dependency is actually a vulnerability. For reported CVEs that are proven not to affect Kiali, see the table below:

CVE Description Notes
CVE-2022-1996 Despite the package dependency Kiali is not susceptible to this vulnerability
CVE-2019-1010022 GNU Libc current is affected by: Mitigation bypass. This is a disputed CVE. According to upstream, it is not a security issue. For details, please see and

For Kiali-specific vulnerabilities there will be releases made as needed. At release time a security bulletin will be release as well. For prior bulletins see below:

Last modified July 3, 2023 : security scan notice (#673) (371f2e5)