-
Notifications
You must be signed in to change notification settings - Fork 478
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible shortcoming in KIALI-SECURITY-001 detection script #3135
Comments
Side question, in which scenarios are Kiali v0.20 being used ? |
Thanks @cpick. I guess we just didn't think anyone would be running V0.x as it is long out of support for Kiali and not associated with any supported version of Istio, But we can update the script. |
@lucasponce I don't know of a good reason why it would still be used, but ancient versions of all software find ways to live on :( I do think it's useful to have more ways to point out that running an old/unsupported version is a bad idea. Having checks like these properly flag them as vulnerable helps make that case. (I don't get the sense that anyone disagrees with this idea, just putting down my thinking.) |
Detection script was not outputting the expected warning text on all affected versions. This change should fix the detection test. Fixes kiali/kiali#3135
Detection script was not outputting the expected warning text on all affected versions. This change should fix the detection test. Fixes kiali/kiali#3135
Describe the bug
The detection section of the KIALI-SECURITY-001 bulletin includes the following script:
This will print "Your Kiali version is vulnerable" if the version is
>= 1.0.0 && <= 1.15.0
, but not if the major version is0.X.Y
.Versions used
Kiali: < v1
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I believe it should print "Your Kiali version is vulnerable" but it does not.
I could be mistaken if the vulnerability was only introduced in v1 and isn't present in v0.
The text was updated successfully, but these errors were encountered: