New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2044941: Jenkins Fixes for CVE-2022-20617 and CVE-2022-20612 #1369
Bug 2044941: Jenkins Fixes for CVE-2022-20617 and CVE-2022-20612 #1369
Conversation
Upgrade docker-commons plugin to 1.18 to mitigate a vulnerability with unsanitized image names/tags.
Upgrade core Jenkins to the current LTS (2.319.2). This includes a fix for a CSRF vulnerability in 2.319.1 and lower.
@adambkaplan: This pull request references Bugzilla bug 2044941, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @coreydaley For backport risk assessment |
/label backport-risk-assessed |
/bugzilla refresh |
@adambkaplan: This pull request references Bugzilla bug 2044941, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
/assign @jitendar-singh @prietyc123 For cherrypick approval |
/cherry-pick-approved |
have tested the PR using cluster-bot, it has all the fixes needed |
@adambkaplan: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
as @jitendar-singh has already tested the fix pre-merge I will add qe-approved label as well. /label qe-approved |
/label qe-approved cancel We can't verify Jenkins updates pre-merge because of how we package Jenkins (core and plugins). This needs to be done after ART builds the new image. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adambkaplan, gabemontero The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@adambkaplan: All pull requests linked via external trackers have merged: Bugzilla bug 2044941 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
ART requests:
|
@adambkaplan: Bugzilla bug 2044941 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Upgrade core Jenkins and plugins to address some of the vulnerabilities in the 2022-01 Jenkins security advisory:
Related Bugzilla bugs: