Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 #11925

Merged
merged 1 commit into from Jan 10, 2023
Merged

chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 #11925

merged 1 commit into from Jan 10, 2023

Conversation

crenshaw-dev
Copy link
Collaborator

@crenshaw-dev crenshaw-dev commented Jan 9, 2023
edited

No description provided.

@crenshaw-dev
chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996
9b27d44 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
@crenshaw-dev crenshaw-dev added cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch cherry-pick/2.5 cherry-pick/2.6 labels Jan 9, 2023
@codecov
Copy link

codecov bot commented Jan 9, 2023

Codecov Report

Base: 47.30% // Head: 47.30% // No change to project coverage 👍

Coverage data is based on head (9b27d44) compared to base (f6abf72).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #11925   +/-   ##
=======================================
  Coverage   47.30%   47.30%           
=======================================
  Files         245      245           
  Lines       41661    41661           
=======================================
  Hits        19706    19706           
  Misses      19970    19970           
  Partials     1985     1985
Impacted Files Coverage Δ
util/settings/settings.go 48.42% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@34fathombelow
Copy link
Member

@crenshaw-dev I believe we need to use redis:6.2.8-alpine for 2.3 as that would be a major version bump.

@crenshaw-dev
Copy link
Collaborator Author

@34fathombelow good catch!

@crenshaw-dev crenshaw-dev removed the cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch label Jan 9, 2023
agrawroh
agrawroh approved these changes Jan 10, 2023
View reviewed changes
Copy link
Member

@agrawroh agrawroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@crenshaw-dev crenshaw-dev merged commit 9923159 into argoproj:master Jan 10, 2023
@crenshaw-dev crenshaw-dev deleted the upgrade-redis branch January 10, 2023 15:36
crenshaw-dev added a commit that referenced this pull request Jan 10, 2023
@crenshaw-dev
chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 (#11925)
93fa2a4 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
crenshaw-dev added a commit that referenced this pull request Jan 10, 2023
@crenshaw-dev
chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 (#11925)
170f62c 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
crenshaw-dev added a commit that referenced this pull request Jan 10, 2023
@crenshaw-dev
chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 (#11925)
56cba50 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
@crenshaw-dev
Copy link
Collaborator Author

Cherry-picked onto release-2.6 for 2.6.0-rc3, release-2.5 for 2.5.6, and release-2.4 for 2.4.19. PR for 2.3: #11926

emirot pushed a commit to emirot/argo-cd that referenced this pull request Jan 27, 2023
@crenshaw-dev @emirot
chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 (argoproj#11925)
b8a7a79 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: emirot <emirot.nolan@gmail.com>
schakrad pushed a commit to schakrad/argo-cd that referenced this pull request Mar 14, 2023
@crenshaw-dev @schakrad
chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 (argoproj#11925)
5aeea75 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: schakrad <chakradari.sindhu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wanghong230 wanghong230 wanghong230 approved these changes

@agrawroh agrawroh agrawroh approved these changes

Assignees
No one assigned
Labels
cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch cherry-pick/2.5 cherry-pick/2.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@crenshaw-dev @34fathombelow @wanghong230 @agrawroh