Comment 0 for bug 2051391

Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023
- docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022
- docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use

Severity
--------
Major - CVE / vulnerability issues

Steps to Reproduce
------------------
CVE scan using 3rd party tool

Expected Behavior
------------------
Write down what was expected after taking the steps written above

Actual Behavior
----------------
Many CVEs are reported

Reproducibility
---------------
Reproducible

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
The above images are used in all recent stx main branch builds

Last Pass
---------
N/A

Timestamp/Logs
--------------
Not Required

Test Activity
-------------
CVE scan

Workaround
----------
None