-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CVE 2021-25741 info to 1.22 Release Notes #105532
Conversation
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
@ialidzhikov: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @ialidzhikov. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cc @puerco |
/cc @puerco @justaugustus |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ialidzhikov -- Quick nits on the heading sizes
@@ -246,6 +248,32 @@ filename | sha512 hash | |||
|
|||
## Changelog since v1.22.1 | |||
|
|||
## Important Security Information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Important Security Information | |
### Important Security Information |
|
||
This release contains changes that address the following vulnerabilities: | ||
|
||
### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access | |
#### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access |
I simply copied the section from another CHANGELOG. So if we decide to apply the suggested changes, then I think the proper way would be to apply them to all similar sections in the corresponding CHANGELOG files. Do you insist on your suggestions to be applied for all CHANGELOG files or do you rather vote to keep it as it is? |
Let's keep it as-is. I didn't realize that this was a problem for all of the sections. /ok-to-test |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ialidzhikov, justaugustus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/area release-eng
/area security
/kind documentation
Similar to #105058. It seems that the CVE information was not added automatically for the 1.22 release notes.
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: