Zipkin 2.25.1 sets a milestone where a trivy scan of our openzipkin/zipkin:2.25.1 docker image came clear of all vulnerabilities:
$ trivy image openzipkin/zipkin:2.25.1
2023-12-14T21:38:42.716+0700 INFO Vulnerability scanning is enabled
2023-12-14T21:38:42.717+0700 INFO Secret scanning is enabled
2023-12-14T21:38:42.717+0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-14T21:38:42.717+0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2023-12-14T21:38:47.299+0700 INFO Detected OS: alpine
2023-12-14T21:38:47.299+0700 WARN This OS version is not on the EOL list: alpine 3.19
2023-12-14T21:38:47.299+0700 INFO Detecting Alpine vulnerabilities...
2023-12-14T21:38:47.301+0700 INFO Number of language-specific files: 1
2023-12-14T21:38:47.301+0700 INFO Detecting jar vulnerabilities...
openzipkin/zipkin:2.25.1 (alpine 3.19.0)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)There was a lot of PR review support and again we have @anuraaga to thank for being so available to keep things moving. We'd also like to thank @tacigar for progress on renovating the Lens UI, resulting in a significant drop in NPM vulnerabilities as well.
Full Changelog: 2.25.0...2.25.1