Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-45288: overall tracker #615

Open
9 of 15 tasks
jkh52 opened this issue Apr 23, 2024 · 7 comments
Open
9 of 15 tasks

CVE-2023-45288: overall tracker #615

jkh52 opened this issue Apr 23, 2024 · 7 comments

Comments

@jkh52
Copy link
Contributor

jkh52 commented Apr 23, 2024
edited

CVE-2023-45288 needs mitigation and releases.

Tasks
Beta Give feedback
@jkh52 jkh52 changed the title CVE-2023-45288: mitigate and release supported versions CVE-2023-45288: overall tracker Apr 23, 2024
@jkh52
Copy link
Contributor Author

jkh52 commented Apr 23, 2024

/cc @avrittrohwer
/cc @azimjohn

This was referenced Apr 27, 2024
Merged
Merged
Merged
@liangyuanpeng
Copy link
Contributor

liangyuanpeng commented Apr 30, 2024
edited

I will open a PR to enable cherry-pick plugin of prow for ANP later, and then we just comment /cherry-pick release-0.29 at PR, the bot will cherry pick this PR to release-0.29 after this PR is merged.

let's automate as much as possible :)

@liangyuanpeng
Copy link
Contributor

liangyuanpeng commented Apr 30, 2024
edited

let's automate as much as possible :)

Updates to dependencies may not work because it may need to rerun go mod tidy. :(

@liangyuanpeng
Copy link
Contributor

I will open a PR to enable cherry-pick plugin of prow for ANP later, and then we just comment /cherry-pick release-0.29 at PR, the bot will cherry pick this PR to release-0.29 after this PR is merged.

open the PR kubernetes/test-infra#32547 for it

@jkh52
Copy link
Contributor Author

jkh52 commented Apr 30, 2024

Mitigations for all supported versions are now merged. I will create tags soon.

@jkh52
Copy link
Contributor Author

jkh52 commented May 3, 2024

Mitigations for all supported versions are now merged. I will create tags soon.

Tags are created.

@mengdie-song
Copy link

mengdie-song commented May 15, 2024
edited

Hi, could you help upload the 0.29.3 image with the CVE fix as well? I am trying to pull 0.29.3 image but got errors below.

docker pull registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.3
Error response from daemon: manifest for registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.3 not found: manifest unknown: Failed to fetch "v0.29.3"

Can I know when this 0.29.3 image will be ready? Thanks!

@jkh52 jkh52 mentioned this issue May 15, 2024
Merged
This was referenced May 23, 2024
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkh52 @mengdie-song @liangyuanpeng