Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-36159 and CVE-2021-3711 #2326

Closed
3 tasks done
nunojusto opened this issue Nov 15, 2021 · 6 comments
Closed
3 tasks done

CVE-2021-36159 and CVE-2021-3711 #2326

nunojusto opened this issue Nov 15, 2021 · 6 comments

Comments

@nunojusto
Copy link

nunojusto commented Nov 15, 2021
edited
Loading

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.

Version

2.30.0

Storage Type

Kubernetes

Installation Type

Custom Helm chart

Expected Behavior

There are vulnerabilities CVE-2021-36159 and CVE-2021-3711 already corrected in base alpine3.14.2 version but not released in dex image (v2.30.0).
What we need is a new dex image release. I see the code is already bumped to have the latest alpine.
When are we releasing the next version? Is it soon?

Thank you

Actual Behavior

CVE-2021-36159 and CVE-2021-3711

Steps To Reproduce

No response

Additional Information

No response

Configuration

No response

Logs

No response
@sagikazarmark sagikazarmark mentioned this issue Nov 15, 2021
Merged
@sagikazarmark
Copy link
Member

@nunojusto Thanks for opening this issue. 2.30.1 will be released soon.

@sagikazarmark
Copy link
Member

https://github.com/dexidp/dex/releases/tag/v2.30.1

@nunojusto
Copy link
Author

nunojusto commented Nov 15, 2021
edited
Loading

Hi Márk, you forgot to tag the container image to v2.30.1 ... i'll assume it's the latest but it's not tagged to the minor version

@nunojusto
Copy link
Author

Forget what i've said. The CI is still progress. Sorry

@sagikazarmark
Copy link
Member

Hm, CI is failing for some reason. Sorry about that.

@sagikazarmark
Copy link
Member

Should be fixed

@alexmt alexmt mentioned this issue Jan 20, 2022
Merged
alexmt added a commit to alexmt/argo-cd that referenced this issue Jan 20, 2022
@alexmt
chore: upgrade dex to v2.30.2 (dexidp/dex#2326)
5a0d884 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
alexmt pushed a commit to argoproj/argo-cd that referenced this issue Jan 20, 2022
chore: upgrade dex to v2.30.2 (dexidp/dex#2326) (#8237)
ef8ae57 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@mkilchhofer mkilchhofer mentioned this issue Mar 30, 2022
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sagikazarmark @nunojusto