Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump helm to 3.13.0 #4055

Merged
merged 1 commit into from
Oct 2, 2023
Merged

bump helm to 3.13.0 #4055

merged 1 commit into from
Oct 2, 2023

Conversation

cbodonnell
Copy link
Contributor

@cbodonnell cbodonnell commented Sep 29, 2023
edited
Loading

What this PR does / why we need it:

Resolves a few CVEs present in the previous Helm version:

3.12.2:

usr/local/bin/helm3.12.2 (gobinary)

Total: 4 (MEDIUM: 3, HIGH: 1, CRITICAL: 0)

┌───────────────────────────────────────┬─────────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐
│                Library                │    Vulnerability    │ Severity │  Installed Version   │  Fixed Version   │                            Title                             │
├───────────────────────────────────────┼─────────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/cyphar/filepath-securejoin │ GHSA-6xv5-86q9-7xr8 │ MEDIUM   │ v0.2.3               │ 0.2.4            │ SecureJoin: on windows, paths outside of the rootfs could be │
│                                       │                     │          │                      │                  │ inadvertently produced...                                    │
│                                       │                     │          │                      │                  │ https://github.com/advisories/GHSA-6xv5-86q9-7xr8            │
├───────────────────────────────────────┼─────────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/docker/docker              │ CVE-2023-28840      │ HIGH     │ v23.0.1+incompatible │ 20.10.24, 23.0.3 │ Encrypted overlay network may be unauthenticated             │
│                                       │                     │          │                      │                  │ https://avd.aquasec.com/nvd/cve-2023-28840                   │
│                                       ├─────────────────────┼──────────┤                      │                  ├──────────────────────────────────────────────────────────────┤
│                                       │ CVE-2023-28841      │ MEDIUM   │                      │                  │ Encrypted overlay network traffic may be unencrypted         │
│                                       │                     │          │                      │                  │ https://avd.aquasec.com/nvd/cve-2023-28841                   │
├───────────────────────────────────────┼─────────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/docker/docker              │ CVE-2023-28842      │ MEDIUM   │ v23.0.1+incompatible │ 20.10.24, 23.0.3 │ Encrypted overlay network with a single endpoint is          │
│                                       │                     │          │                      │                  │ unauthenticated                                              │
│                                       │                     │          │                      │                  │ https://avd.aquasec.com/nvd/cve-2023-28842                   │
└───────────────────────────────────────┴─────────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘

3.13.0:

usr/local/bin/helm3.13.0 (gobinary)

Total: 0 (MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Steps to reproduce

Does this PR introduce a user-facing change?

Upgrades the Helm binary in the kotsadm image to 3.13.0 to resolve CVE-2023-28840 with high severity and CVE-2023-28841, CVE-2023-28842, and GHSA-6xv5-86q9-7xr8 with medium severity.

Does this PR require documentation?

@cbodonnell cbodonnell marked this pull request as ready for review September 29, 2023 19:10
@cbodonnell cbodonnell merged commit e56633a into main Oct 2, 2023
78 checks passed
@cbodonnell cbodonnell deleted the cbo/helm-3.13.0 branch October 2, 2023 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgalsaleh sgalsaleh sgalsaleh approved these changes

Assignees
No one assigned
Labels
type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cbodonnell @sgalsaleh