Skip to content

Commit

Permalink
changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14
Browse files Browse the repository at this point in the history
  • Loading branch information
@pacoxu
pacoxu committed Nov 24, 2022
1 parent 4527965 commit efb3f79
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 10 deletions.
6 changes: 3 additions & 3 deletions CHANGELOG/CHANGELOG-1.22.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@
- [CPU and Memory manager are not working correctly for Guaranteed Pods with multiple containers](#cpu-and-memory-manager-are-not-working-correctly-for-guaranteed-pods-with-multiple-containers)
- [`CSIMigrationvSphere` feature gate has not migrated to new CRD APIs](#csimigrationvsphere-feature-gate-has-not-migrated-to-new-crd-apis)
- [Workloads that saturate nodes with pods may see pods that fail due to node admission](#workloads-that-saturate-nodes-with-pods-may-see-pods-that-fail-due-to-node-admission)
- [Etcd v3.5.[0-2] data corruption](#etcd-v350-2-data-corruption)
- [Etcd v3.5.\[0-2\] data corruption](#etcd-v350-2-data-corruption)
- [Urgent Upgrade Notes](#urgent-upgrade-notes)
- [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
- [Changes by Kind](#changes-by-kind-15)
Expand Down Expand Up @@ -498,7 +498,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
Expand All @@ -524,7 +524,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Yuval Avrahami of Palo Alto Networks
Expand Down
6 changes: 3 additions & 3 deletions CHANGELOG/CHANGELOG-1.23.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@
- [Urgent Upgrade Notes](#urgent-upgrade-notes)
- [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
- [Known Issues](#known-issues)
- [Etcd v3.5.[0-2] data corruption](#etcd-v350-2-data-corruption)
- [Etcd v3.5.\[0-2\] data corruption](#etcd-v350-2-data-corruption)
- [Changes by Kind](#changes-by-kind-14)
- [Deprecation](#deprecation)
- [API Change](#api-change-5)
Expand Down Expand Up @@ -462,7 +462,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
Expand All @@ -488,7 +488,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Yuval Avrahami of Palo Alto Networks
Expand Down
4 changes: 2 additions & 2 deletions CHANGELOG/CHANGELOG-1.24.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
Expand All @@ -405,7 +405,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Yuval Avrahami of Palo Alto Networks
Expand Down
4 changes: 2 additions & 2 deletions CHANGELOG/CHANGELOG-1.25.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
Expand All @@ -329,7 +329,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16

This vulnerability was reported by Yuval Avrahami of Palo Alto Networks
Expand Down

0 comments on commit efb3f79

Please sign in to comment.