Skip to content

[3.0] Update csi-node-driver-registrar to v2.17.0 (security: CRITICAL GHSA-p77j-4mvh-x3m3) #17765

Description

@uzoogbanufe-work

Azure Linux version
3.0

Deployment / platform

  • AKS
  • Azure Linux container image

Is your feature request related to a problem? Please describe.
Latest csi-node-driver-registrar in the 3.0 cloud-native repo is 2.16.0-4, built from upstream v2.16.0. That binary embeds google.golang.org/grpc v1.78.0, which is vulnerable to GHSA-p77j-4mvh-x3m3 (CRITICAL, CVSS 9.1). The -3 → -4 rev didn't change this. Blocking S360 remediation for VirtualNode2.

Describe the solution you'd like
Bump the spec to upstream v2.17.0 (released 2026-05-25). v2.17.0 ships grpc v1.81.1, which clears the GHSA.

Describe alternatives you've considered
Pulling from registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0 directly — works, but takes us off the Microsoft supply chain.

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.0Issues and PRs for Azure Linux 3.0AKSenhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions