Skip to content

Kolla vulnerability fix 2023.1 critical & high #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 1, 2024
Merged

Kolla vulnerability fix 2023.1 critical & high #20

merged 6 commits into from
May 1, 2024

Conversation

seunghun1ee
Copy link
Member

Bump Django to fix CVE-2023-31047, CVE-2023-23969, CVE-2023-24580, CVE-2023-36053, CVE-2023-46695 (Affecting Horizon)
Bump Flask to fix CVE-2023-30861 (Affecting Octavia, Keystone, Bifrost, Cloudkitty, Designate, Blazar)
Bump Werkzeug to fix CVE-2023-25577 (Affecting Octavia, Keystone, Designate, Magnum,Bifrost, Ironic, Cloudkitty, Blazar)
Bump zstd to fix CVE-2022-4899 (Affecting Cinder)
Bump gunicorn to fix CVE-2024-1135 (Affecting Octavia)
Bump sqlparse to fix GHSA-2m57-hf25-phgg (Affecting Bifrost)
Bump cryptography and its dependency pyOpenSSL to fix CVE-2023-0286, CVE-2023-50782, CVE-2024-26130 (Affecting almost all openstack services)

@seunghun1ee seunghun1ee requested a review from a team as a code owner April 24, 2024 10:44
@seunghun1ee seunghun1ee mentioned this pull request Apr 24, 2024
Closed
@seunghun1ee seunghun1ee requested a review from markgoddard April 24, 2024 10:46
@seunghun1ee seunghun1ee self-assigned this Apr 24, 2024
markgoddard
markgoddard reviewed Apr 25, 2024
View reviewed changes
Copy link

@markgoddard markgoddard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's hard to know how to review this. Are you planning to rebuild the images before we merge this PR?

@markgoddard markgoddard merged commit 1ea05a5 into stackhpc/2023.1 May 1, 2024
@markgoddard markgoddard deleted the kolla-vulnerability-fix-2023.1-high branch May 1, 2024 08:52
@markgoddard
Copy link

Do you have a PR for the images?

@seunghun1ee
Copy link
Member Author

Do you have a PR for the images?

There will be soon

@seunghun1ee seunghun1ee mentioned this pull request May 9, 2024
Merged
priteau added a commit to stackhpc/stackhpc-kayobe-config that referenced this pull request Oct 15, 2024
@priteau
Build Octavia from StackHPC fork
a01bf6c 
This is necessary to fix issues with TLS-terminated Octavia load
balancers following our bump of pyOpenSSL [1] because of the removal of
load_pkcs12 [2].

[1] stackhpc/requirements#20
[2] https://bugs.launchpad.net/octavia/+bug/2042787
@priteau priteau mentioned this pull request Oct 15, 2024
Merged
priteau added a commit to stackhpc/stackhpc-kayobe-config that referenced this pull request Oct 15, 2024
@priteau
Build Octavia from StackHPC fork
22d7d8a 
This fixes issues with creation and failover of TLS-terminated Octavia
load balancers following our bump of pyOpenSSL [1] because of the
removal of load_pkcs12 [2].

[1] stackhpc/requirements#20
[2] https://bugs.launchpad.net/octavia/+bug/2042787
priteau added a commit to stackhpc/stackhpc-kayobe-config that referenced this pull request Oct 15, 2024
@priteau
Build Octavia from StackHPC fork
bad366e 
This fixes issues with creation and failover of TLS-terminated Octavia
load balancers following our bump of pyOpenSSL [1] because of the
removal of load_pkcs12 [2].

[1] stackhpc/requirements#20
[2] https://bugs.launchpad.net/octavia/+bug/2042787
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@markgoddard markgoddard markgoddard approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@seunghun1ee seunghun1ee

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seunghun1ee @markgoddard