New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Upgrade shipped version of Redis to 7.0.5 to fix CVE-2022-35951 #10702
Conversation
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
Codecov ReportBase: 45.68% // Head: 45.70% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #10702 +/- ##
==========================================
+ Coverage 45.68% 45.70% +0.01%
==========================================
Files 236 236
Lines 28668 28668
==========================================
+ Hits 13097 13102 +5
+ Misses 13779 13772 -7
- Partials 1792 1794 +2
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also need to update redis in .github/workflows/CI-build.yaml
L#411
If you don't mind while your in there I just noticed dex also needs to be updated on L#409. If you feel that we should open a separate PR for this, im more than happy to take care of it.
Signed-off-by: jannfis <jann@mistrust.net>
Good catch, @34fathombelow, thanks. I've updated the images in the CI workflow. |
Signed-off-by: jannfis <jann@mistrust.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
argoproj#10702) * chore: Upgrade redis to 7.0.5 Signed-off-by: jannfis <jann@mistrust.net> * Also update Redis version in containerized toolchain Signed-off-by: jannfis <jann@mistrust.net> * Update Redis and Dex in CI Signed-off-by: jannfis <jann@mistrust.net> * Fix Dex image path Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
#10702) * chore: Upgrade redis to 7.0.5 Signed-off-by: jannfis <jann@mistrust.net> * Also update Redis version in containerized toolchain Signed-off-by: jannfis <jann@mistrust.net> * Update Redis and Dex in CI Signed-off-by: jannfis <jann@mistrust.net> * Fix Dex image path Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Looks like I forgot to cherry-pick this? Anyway, it's now on release-2.4 for 2.4.19. |
Update shipped version of Redis to 7.0.5 to fix CVE-2022-35951
CVE only affects Redis version >7.0.0, so this only needs to be cherry-picked into release-2.4, as other Argo CD versions do not yet ship 7.x versions of Redis.
Refer to GHSA-5gc4-76rx-22c9 for more details.
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: