Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move helm version from v3.2.0 to v3.2.4 #3313

Merged
merged 2 commits into from
Jun 30, 2020
Merged

move helm version from v3.2.0 to v3.2.4 #3313

merged 2 commits into from
Jun 30, 2020

Conversation

mikeshng
Copy link
Contributor

Signed-off-by: Mike Ng ming@redhat.com

Description of the change:

Move helm version from v3.2.0 to v3.2.4

Motivation for the change:

To fix CVE-2020-4053

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

https://nvd.nist.gov/vuln/detail/CVE-2020-4053

@mikeshng
move helm version from v3.2.0 to v3.2.4
f678b88 
Signed-off-by: Mike Ng <ming@redhat.com>
@mikeshng
Copy link
Contributor Author

/assign mikeshng

camilamacedo86
camilamacedo86 reviewed Jun 30, 2020
View reviewed changes
go.mod Show resolved Hide resolved
@mikeshng
add helm upgrade changelog fragment file
4b43cfc 
Signed-off-by: Mike Ng <ming@redhat.com>
camilamacedo86
camilamacedo86 approved these changes Jun 30, 2020
View reviewed changes
Copy link
Contributor

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

Great work 👍 Thank you for the collab.

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2020
@camilamacedo86 camilamacedo86 merged commit 8d7c4f8 into operator-framework:master Jun 30, 2020
@mikeshng mikeshng deleted the helm-upgrade branch July 1, 2020 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmccormick2001 jmccormick2001 jmccormick2001 approved these changes

@camilamacedo86 camilamacedo86 camilamacedo86 approved these changes

@jmrodri jmrodri Awaiting requested review from jmrodri

@joelanford joelanford Awaiting requested review from joelanford

Assignees

@camilamacedo86 camilamacedo86

@mikeshng mikeshng

Labels
lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mikeshng @jmccormick2001 @camilamacedo86 @openshift-ci-robot