Azure Linux version
3.0
Deployment / platform
Is your feature request related to a problem? Please describe.
Latest csi-node-driver-registrar in the 3.0 cloud-native repo is 2.16.0-4, built from upstream v2.16.0. That binary embeds google.golang.org/grpc v1.78.0, which is vulnerable to GHSA-p77j-4mvh-x3m3 (CRITICAL, CVSS 9.1). The -3 → -4 rev didn't change this. Blocking S360 remediation for VirtualNode2.
Describe the solution you'd like
Bump the spec to upstream v2.17.0 (released 2026-05-25). v2.17.0 ships grpc v1.81.1, which clears the GHSA.
Describe alternatives you've considered
Pulling from registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0 directly — works, but takes us off the Microsoft supply chain.
Additional context
Azure Linux version
3.0
Deployment / platform
Is your feature request related to a problem? Please describe.
Latest
csi-node-driver-registrarin the 3.0 cloud-native repo is2.16.0-4, built from upstream v2.16.0. That binary embedsgoogle.golang.org/grpc v1.78.0, which is vulnerable to GHSA-p77j-4mvh-x3m3 (CRITICAL, CVSS 9.1). The-3 → -4rev didn't change this. Blocking S360 remediation for VirtualNode2.Describe the solution you'd like
Bump the spec to upstream v2.17.0 (released 2026-05-25). v2.17.0 ships
grpc v1.81.1, which clears the GHSA.Describe alternatives you've considered
Pulling from
registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0directly — works, but takes us off the Microsoft supply chain.Additional context
csi-node-driver-registrar-2.16.0-4.azl3.x86_64.rpm