Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security fix - CVE 2024 24786 #3585

Merged
merged 2 commits into from
Apr 16, 2024
Merged

Security fix - CVE 2024 24786 #3585

merged 2 commits into from
Apr 16, 2024

Conversation

andyi2it
Copy link
Contributor

@andyi2it andyi2it commented Apr 9, 2024
edited

What this PR does / why we need it:
Fixes a security vulnerability CVE 2024 24786

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #3602

Type of changes
Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

Feature/Issue validation/testing:

Release note:

NONE

@andyi2it
google.golang.org/protobuf version upgrade
6960073 
Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>
@andyi2it
version upgrade
85cc4fb 
Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>
terrytangyuan
terrytangyuan approved these changes Apr 9, 2024
View reviewed changes
Copy link
Member

@terrytangyuan terrytangyuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@oss-prow-bot oss-prow-bot bot added the lgtm label Apr 9, 2024
@andyi2it andyi2it marked this pull request as ready for review April 15, 2024 10:34
@oss-prow-bot oss-prow-bot bot requested a review from ckadner April 15, 2024 10:34
terrytangyuan
terrytangyuan approved these changes Apr 15, 2024
View reviewed changes
Copy link
Member

@terrytangyuan terrytangyuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@spolti
Copy link
Contributor

spolti commented Apr 15, 2024

It seems that CI failure is not related.

@yuzisun
Copy link
Member

yuzisun commented Apr 16, 2024

/approve

@oss-prow-bot OSS-prow-bot
Copy link

oss-prow-bot bot commented Apr 16, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyi2it, terrytangyuan, yuzisun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@yuzisun yuzisun merged commit 385b8c2 into kserve:master Apr 16, 2024
55 of 56 checks passed
israel-hdez pushed a commit to israel-hdez/kserve that referenced this pull request May 6, 2024
@andyi2it @israel-hdez
Security fix - CVE 2024 24786 (kserve#3585)
159cd22 
* google.golang.org/protobuf version upgrade

Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>

* version upgrade

Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>

---------

Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>
@israel-hdez israel-hdez mentioned this pull request May 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@terrytangyuan terrytangyuan terrytangyuan approved these changes

@cmaddalozzo cmaddalozzo Awaiting requested review from cmaddalozzo

@rachitchauhan43 rachitchauhan43 Awaiting requested review from rachitchauhan43

@ckadner ckadner Awaiting requested review from ckadner

Assignees

@terrytangyuan terrytangyuan

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix new Golang security vulnerability - CVE-2024-24786
4 participants
@andyi2it @spolti @yuzisun @terrytangyuan