Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Story #12338: Upgrade consul from 1.12.9 to 1.17.3 #1629

Merged
merged 1 commit into from
Feb 14, 2024
Merged

Story #12338: Upgrade consul from 1.12.9 to 1.17.3 #1629

merged 1 commit into from
Feb 14, 2024

Conversation

GiooDev
Copy link
Contributor

@GiooDev GiooDev commented Jan 27, 2024

Description

Mise à jour COTS.

Type de changement

  • Ansiblerie

Contributeur

  • VAS (Vitam Accessible en Service)

@GiooDev GiooDev added the OPS REVIEW Mandatory if deployment/ directory is modified. label Jan 27, 2024
@GiooDev GiooDev self-assigned this Jan 27, 2024
@vitam-devops
Copy link
Collaborator

vitam-devops commented Jan 27, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details67b75812-4491-48d1-b2f8-39072447f9c9

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2019-15599 Npm-tree-kill-1.2.1 Vulnerable Package
HIGH CVE-2020-28502 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2020-36048 Npm-engine.io-3.2.1 Vulnerable Package
HIGH CVE-2020-36049 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2020-7660 Npm-serialize-javascript-1.9.1 Vulnerable Package
HIGH CVE-2020-7788 Npm-ini-1.3.5 Vulnerable Package
HIGH CVE-2021-31597 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2022-2421 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2022-42252 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
HIGH CVE-2022-45143 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.2.0 Vulnerable Package
MEDIUM CVE-2019-16769 Npm-serialize-javascript-1.9.1 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-6.10.0 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-5.5.2 Vulnerable Package
MEDIUM CVE-2020-28481 Npm-socket.io-2.1.1 Vulnerable Package
MEDIUM CVE-2020-7693 Npm-sockjs-0.3.19 Vulnerable Package
MEDIUM CVE-2021-23364 Npm-browserslist-4.5.5 Vulnerable Package
MEDIUM CVE-2021-23495 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2022-0437 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2022-21704 Npm-log4js-4.5.1 Vulnerable Package
MEDIUM CVE-2022-41940 Npm-engine.io-3.2.1 Vulnerable Package
MEDIUM CVE-2023-26159 Npm-follow-redirects-1.15.3 Vulnerable Package
MEDIUM CVE-2023-28708 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /ui/ui-frontend-common/src/app/modules/error-dialog/error-dialog.component.ts: 57 Attack Vector
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /ui/ui-frontend-common/src/app/modules/components/navbar/navbar.component.ts: 88 Attack Vector
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /ui/ui-frontend-common/src/app/modules/components/navbar/navbar.component.ts: 83 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend/projects/pastis/src/app/shared/pastis-popup-option/pastis-popup-option.component.ts: 107 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend/projects/pastis/src/app/shared/pastis-breadcrumb-components/pastis-title-breadcrumb/pastis-title-breadcrumb.component.ts: 57 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend-common/src/app/modules/components/vitamui-content-breadcrumb/vitamui-title-breadcrumb/vitamui-title-breadcrumb.component.ts: 59 Attack Vector
LOW Unsafe_Use_Of_Target_blank /ui/ui-frontend/projects/pastis/src/app/app.component.html: 16 Attack Vector
LOW Use_Of_Hardcoded_Password /ui/ui-frontend/projects/identity/src/app/customer/customer-preview/sso-tab/sso-tab.component.spec.ts: 142 Attack Vector
LOW Use_Of_Hardcoded_Password /ui/ui-frontend/projects/identity/src/app/customer/customer-preview/sso-tab/sso-tab.component.spec.ts: 141 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.1-jre
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.0.1-jre
HIGH CVE-2023-2976 Maven-com.google.guava:guava-30.1.1-jre
HIGH CVE-2023-2976 Maven-com.google.guava:guava-25.0-jre
HIGH Missing User Instruction /Dockerfile: 10
HIGH Missing User Instruction /Dockerfile: 11
HIGH Missing User Instruction /Dockerfile: 10
HIGH Missing User Instruction /Dockerfile: 10
HIGH No New Privileges Not Set /vitam-recette.yml: 54
HIGH No New Privileges Not Set /docker-compose.yml: 10
HIGH No New Privileges Not Set /vitam-recette.yml: 17
HIGH No New Privileges Not Set /vitam-dev.yml: 19
HIGH Passwords And Secrets - Generic Password /logstash.yml: 227
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 14
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 27
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 101
HIGH Passwords And Secrets - Generic Password /application.yml: 97
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 56
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 100
HIGH Passwords And Secrets - Generic Password /application-integration.yml: 47
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 23
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 58
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 132
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 21
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 34
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 103
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 22
HIGH Passwords And Secrets - Generic Password /application.yml: 29
HIGH Passwords And Secrets - Generic Password /logstash.yml: 244
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 93
HIGH Passwords And Secrets - Generic Password /mongo_cluster.yml: 34
HIGH Passwords And Secrets - Generic Password /application.yml: 54
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 36
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 21
HIGH Passwords And Secrets - Generic Password /application.yml: 65
HIGH Passwords And Secrets - Generic Password /application.yml: 27
HIGH Passwords And Secrets - Generic Password /application-integration.yml: 50
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 77
HIGH Passwords And Secrets - Generic Password /application.yml: 96
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 29
HIGH Passwords And Secrets - Generic Password /vitamui_vars.yml: 301
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 71
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 9
HIGH Passwords And Secrets - Generic Password /application-integration.yml: 66
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 133
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 20
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 22
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 57
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 19
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 22
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 91
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 26
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 131
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 12
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 29
HIGH Passwords And Secrets - Generic Password /application.yml: 44
HIGH Passwords And Secrets - Generic Password /application.yml: 57
HIGH Passwords And Secrets - Generic Password /application.yml: 31
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 113
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 15
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 59
HIGH Passwords And Secrets - Generic Password /application.yml: 97
HIGH Passwords And Secrets - Generic Password /application.yml: 27
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 108
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 50
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 46
HIGH Passwords And Secrets - Generic Password /application.yml: 75
HIGH Passwords And Secrets - Generic Password /application.yml: 37
HIGH Passwords And Secrets - Generic Password /application.yml: 28
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 74
HIGH Passwords And Secrets - Generic Password /application.yml: 42
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 46
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 47
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 91
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 75
HIGH Passwords And Secrets - Generic Password /application.yml: 51
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 40
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 89
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application.yml: 39
HIGH Passwords And Secrets - Generic Password /logstash.yml: 221
HIGH Passwords And Secrets - Generic Password /application.yml: 77
HIGH Passwords And Secrets - Generic Password /application.yml: 31
HIGH Passwords And Secrets - Generic Password /mongo_dev.yml: 37
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 50
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 76
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 141
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 58
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 41
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 149
HIGH Passwords And Secrets - Generic Password /application-integration.yml: 12
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 30
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 78
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 37
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 66
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 52
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 38
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 72
HIGH Passwords And Secrets - Generic Password /application.yml: 31
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 128
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 80
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 47
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 51
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 73
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 87
HIGH Passwords And Secrets - Generic Password /application.yml: 97
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 90
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 14
HIGH Passwords And Secrets - Generic Password /application.yml: 64
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 31
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 124
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 54
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 36
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application.yml: 77
HIGH Passwords And Secrets - Generic Password /application.yml: 27
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 114
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 221
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 52
HIGH Passwords And Secrets - Generic Password /application.yml: 44
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 22
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 33
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 5
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 82
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 23
HIGH Passwords And Secrets - Generic Password /mongo_cluster.yml: 11
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 33
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 24
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 64
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 19
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 99
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 91
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 58
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 49
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 32
HIGH Passwords And Secrets - Generic Password /application.yml: 53
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 75
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 48
HIGH Passwords And Secrets - Generic Password /application.yml: 53
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 48
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 31
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application.yml: 42
HIGH Passwords And Secrets - Generic Password /application.yml: 81
HIGH Passwords And Secrets - Generic Password /application.yml: 39
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 180
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 68
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 6
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 104
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 71
HIGH Passwords And Secrets - Generic Password /application.yml: 30
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 60
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 13
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 33
HIGH Passwords And Secrets - Generic Password /application.yml: 27
HIGH Passwords And Secrets - Generic Password /logstash.yml: 225
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 25
HIGH Passwords And Secrets - Generic Password /application.yml: 41
HIGH Passwords And Secrets - Generic Password /application.yml: 30
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 52
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 118
HIGH Passwords And Secrets - Generic Password /logstash.yml: 238
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 91
HIGH Passwords And Secrets - Generic Password /application.yml: 77
HIGH Passwords And Secrets - Generic Password

More results are available on AST platform

@GiooDev GiooDev added this to the IT 131 milestone Jan 30, 2024
@GiooDev
Copy link
Contributor Author

GiooDev commented Feb 13, 2024

  • KNOWN ISSUES:
    • connect: Consul versions 1.17.2 and 1.16.5 perform excessively strict TLS SAN verification on terminating gateways, which prevents connections outside of the mesh to upstream services. Terminating gateway users are advised to avoid deploying these Consul versions. A fix will be present in a future release of Consul 1.17.3 and 1.16.6. [GH-20360]

En attente de la 1.17.3

@GiooDev GiooDev marked this pull request as draft February 13, 2024 09:57
@GiooDev GiooDev force-pushed the story_12338_upgrade_consul_version branch from 15ccfdd to 097771f Compare February 14, 2024 14:49
@GiooDev GiooDev changed the title Story #12338: Upgrade consul from 1.12.9 to 1.17.2 Story #12338: Upgrade consul from 1.12.9 to 1.17.3 Feb 14, 2024
@GiooDev GiooDev marked this pull request as ready for review February 14, 2024 17:45
@GiooDev GiooDev merged commit 970eba9 into develop Feb 14, 2024
1 check passed
@GiooDev GiooDev deleted the story_12338_upgrade_consul_version branch February 14, 2024 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laedanrex laedanrex laedanrex approved these changes

Assignees

@GiooDev GiooDev

Labels
OPS REVIEW Mandatory if deployment/ directory is modified.
Projects
None yet
Milestone
IT 131
Development

Successfully merging this pull request may close these issues.
3 participants
@GiooDev @vitam-devops @laedanrex