New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document GitOps Release Notes for 1.6.7 #59023
Document GitOps Release Notes for 1.6.7 #59023
Conversation
== Fixed issues | ||
The following issue has been resolved in the current release: | ||
|
||
* Before this update, all versions of the Argo CD Operator, starting with v0.5.0 were vulnerable to an information disclosure flaw. As a result, unauthorized users could enumerate application names by inspecting API error messages and use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges. This update fixes the CVE-2022-41354 error. link:https://issues.redhat.com/browse/GITOPS-2635[GITOPS-2635], link:https://access.redhat.com/security/cve/CVE-2022-41354[CVE-2022-41354] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://issues.redhat.com/browse/GITOPS-2635 shows me that I either don't have permission to view it or it's been deleted :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@reginapizza That is because it is an embargoed issue and you must have permission from the security team to view it. FYI, @iam-veeramalla helped me secure the permission.
Also, this issue is already reviewed and published as part of 1.6.6 RN.
SME review: @reginapizza, @iam-veeramalla PTAL at the following PRs:
The content for 1.6.7 is the same in the PRs. I have raised multiple PRs to avoid merge conflicts as the content supported is different for all OCP versions. This will be useful during the PR merge. Thanks for your understanding and cooperation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Peer review: LGTM
LGTM, thanks |
Aligned team: Dev Tools
Purpose: To resolve the following issues:
https://issues.redhat.com/browse/RHDEVDOCS-5218
OCP version this PR applies to: enterprise-
4.9
Link to docs preview:
SME review: @reginapizza, @iam-veeramalla
QE review: @varshab1210
Peer-review: