alt Hacker NewsI see this is a packaging service with greater traceability and velocity than the rando images on docker hub.
I believe that they will always supply the bleeding edge stable release, but it will always be your responsibility to monitor and manage issues like CVEs, rather than expecting them to do it for you.
This particular image is a bit different though.
By CVEs I mean the architectural stuff that was discovered after the original ingress-nginx repo was archived, so there is no "official" mitigation and it's not just a matter of bumping dependencies, the fixes are actual code.
Chainguard forked the repo and is maintaining their own distribution now, but it's not free.