What would you like to be added:

Hi colleagues, the current etcd image (eu.gcr.io/gardener-project/gardener/etcd:v3.4.13-bootstrap-10) maintained by gardener has around 140+ vulnerabilities (mainly from go runtime).

I check the official etcd v3.4.26 is using the latest go runtime to fix all these vulnerabilities, is it possible to upgrade to this version?

BTW I also saw this issue which slowly upgrade to v3.6.x to avoid vulnerabilities from base image, is there any timeline?

Why is this needed:

fix vulnerabilities from go runtime for security compliance.

This repository will soon be replaced by https://github.com/gardener/etcd-wrapper (PR is under review). At the moment we have preserved the same etcd version (3.14.3) but we already have a backlog item to move to the latest version of etcd (gardener/etcd-druid#445). Since there are a lot of breaking changes between 3.14.3 and the latest version of etcd we will need some time to test and identify + make changes due to API changes.

etcd-wrapper has now been released. This currently uses v3.4.26 version of etcd. It will soon be integrated with etcd-druid as a de-facto etcd container.

This issue can now be closed since druid release v0.19.0 will use etcd-wrapper, running etcd v3.4.26. @lizzzcai please watch etcd-druid for the v0.19.0 release.
/close