Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates to fix HTTP CVE on 0.15 branch #1419

Closed
wants to merge 2 commits into from
Closed

Updates to fix HTTP CVE on 0.15 branch #1419

wants to merge 2 commits into from

Conversation

dfarrell07
Copy link
Member

See commit messages for details.

@dfarrell07
Update grpc to fix GHSA-m425-mq94-257g CVE
2eb592f 
Update generated by `go get -u google.golang.org/grpc`.

This is flagged by the Vulnerability Scanning GHA on the release-0.15
branch for grpc v1.56.2 and was fixed in v1.56.3.

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07
Update net to fix GHSA-2wrh-6pvc-2jm9 CVE
cbecb9a 
Update generated by `go get -u golang.org/x/net`.

This is flagged by the Vulnerability Scanning GHA on the release-0.15
branch for net v0.8.0 and was fixed in v0.13.0.

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07 dfarrell07 self-assigned this Oct 31, 2023
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr1419/dfarrell07/http_cves
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

This was referenced Oct 31, 2023
Closed
Merged
@dfarrell07
Copy link
Member Author

The 0.15.3 bump was merged, hence the new conflicts.

@dfarrell07
Copy link
Member Author

It seems the net bump was handled by the 0.15.3 PR, so going back to a PR with only the grpc bump (#1420).

@dfarrell07 dfarrell07 closed this Oct 31, 2023
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr1419/dfarrell07/http_cves]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aswinsuryan aswinsuryan Awaiting requested review from aswinsuryan aswinsuryan is a code owner

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@skitt skitt Awaiting requested review from skitt skitt is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

@tpantelis tpantelis Awaiting requested review from tpantelis tpantelis is a code owner

@vthapar vthapar Awaiting requested review from vthapar vthapar is a code owner

Assignees

@dfarrell07 dfarrell07

Labels
security
Projects
No open projects
Submariner 0.17
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dfarrell07 @submariner-bot