Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update versions to address CVE-2022-23806 #370

Merged
merged 1 commit into from
Mar 14, 2022
Merged

fix: update versions to address CVE-2022-23806 #370

merged 1 commit into from
Mar 14, 2022

Conversation

diafour
Copy link
Contributor

@diafour diafour commented Mar 14, 2022

Overview

  • kubectl 1.21.8 built with vulnerable Go 1.16.12
  • Use kubectl 1.21.10 built with Go 1.16.14.
  • Update alpine to 3.15.
Binaries from v1.0.8:
$  kubectl version
Client Version: version.Info{... GitVersion:"v1.21.8", ... GoVersion:"go1.16.12" ...}
$  go version shell-operator
shell-operator: go1.16.15

What this PR does / why we need it

Fix #367

Special notes for your reviewer

Does this PR introduce a user-facing change?

@diafour
fix: update versions to address CVE-2022-23806
c7d9b3b 
- kubectl 1.21.8 built with vulnerable Go 1.16.12
- Use kubectl 1.21.10 built with Go 1.16.14.
- Update alpine to 3.15.
@diafour diafour requested a review from nabokihms March 14, 2022 06:44
@diafour diafour self-assigned this Mar 14, 2022
@diafour diafour merged commit 1fee51d into main Mar 14, 2022
@diafour diafour added this to the 1.0.9 milestone Mar 14, 2022
@diafour diafour deleted the fix_CVE-2022-23806 branch April 8, 2022 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nabokihms nabokihms nabokihms approved these changes

Assignees

@diafour diafour

Labels
None yet
Projects
None yet
Milestone
1.0.9
Development

Successfully merging this pull request may close these issues.

Critical vulnerability CVE-2022-23806
2 participants
@diafour @nabokihms