Need fix for CVE-2023-45288 #261

andriisoldatenko · 2024-05-08T09:04:55Z

If we bump go version from go1.21.5 to go1.21.10 we can solve the issue.

Please let me know if you need help, I can try to contribute if you accept the PR.

andriisoldatenko · 2024-05-10T11:32:12Z

@ggriffiths could you please help to understand how to bump go version? I see https://github.com/kubernetes/kubernetes/blob/master/.go-version#L1

and I see

livenessprobe/release-tools/prow.sh

Line 89 in f8c3f43

    
           configvar CSI_PROW_GO_VERSION_BUILD "1.21.5" "Go version for building the component" # depends on component's source code

but it's unclear how to bump it correctly.

jsafrane · 2024-05-10T13:18:00Z

I think this repo will get a new go version when it gets updated to Kubernetes 1.30 libraries. I'm waiting for a new github.com/kubernetes-csi/csi-lib-utils tag and then we will update all CSI sidecars.

andriisoldatenko · 2024-05-15T06:39:59Z

@jsafrane thanks!

jwstein3400 · 2024-05-16T15:54:39Z

@jsafrane Hi it appears that a new tag was released last week: https://github.com/kubernetes-csi/csi-lib-utils/releases/tag/v0.18.0
Does that mean we can expect to see all the CSI sidecars uplifted and tagged for release?

andriisoldatenko · 2024-05-28T09:51:49Z

Problem that new release doesn't exist in registry:

Trying to pull registry.k8s.io/sig-storage/livenessprobe:v2.13.0...
Error: initializing source docker://registry.k8s.io/sig-storage/livenessprobe:v2.13.0: reading manifest v2.13.0 in registry.k8s.io/sig-storage/livenessprobe: manifest unknown: Failed to fetch "v2.13.0"

cc @jsafrane

jsafrane · 2024-05-31T08:25:27Z

Windows image build fails because of microsoft/Windows-Containers#493 :-(
We need fixed Windows base images to get a final 2.13 build of all images.

andriisoldatenko · 2024-07-10T06:40:18Z

@jsafrane it seems related ticket has been resolved microsoft/Windows-Containers#493,

Could you please check why I still can't pull an image?

Trying to pull registry.k8s.io/sig-storage/livenessprobe:v2.13.0...
Error: initializing source docker://registry.k8s.io/sig-storage/livenessprobe:v2.13.0: reading manifest v2.13.0 in registry.k8s.io/sig-storage/livenessprobe: manifest unknown: Failed to fetch "v2.13.0"

jsafrane · 2024-07-19T13:09:07Z

I published livenessprobe:v2.13.1 this week, I am not able to re-build and re-publish v2.13.0 :-(

andriisoldatenko · 2024-07-23T08:08:03Z

I think issue was resolved so I close it because image is avaialble.

thanks a lot for you help @jsafrane

98f2307 Merge pull request kubernetes-csi#260 from TerryHowe/update-csi-driver-version e9d8712 Merge pull request kubernetes-csi#259 from stmcginnis/deprecated-kind-kube-root faf79ff Remove --kube-root deprecated kind argument 734c2b9 Merge pull request kubernetes-csi#265 from Rakshith-R/consider-main-branch f95c855 Merge pull request kubernetes-csi#262 from huww98/golang-toolchain 3c8d966 Treat main branch as equivalent to master branch e31de52 Merge pull request kubernetes-csi#261 from huww98/golang fd153a9 Bump golang to 1.23.1 a8b3d05 pull-test.sh: fix "git subtree pull" errors 6b05f0f use new GOTOOLCHAIN env to manage go version 18b6ac6 chore: update CSI driver version to 1.15 git-subtree-dir: release-tools git-subtree-split: 98f23071d946dd3de3188a7e1f84679067003162

406a79ac Merge pull request kubernetes-csi#267 from huww98/gomodcache 9cec273d Set GOMODCACHE to avoid re-download toolchain 98f23071 Merge pull request kubernetes-csi#260 from TerryHowe/update-csi-driver-version e9d8712d Merge pull request kubernetes-csi#259 from stmcginnis/deprecated-kind-kube-root faf79ff6 Remove --kube-root deprecated kind argument 734c2b95 Merge pull request kubernetes-csi#265 from Rakshith-R/consider-main-branch f95c855b Merge pull request kubernetes-csi#262 from huww98/golang-toolchain 3c8d966f Treat main branch as equivalent to master branch e31de525 Merge pull request kubernetes-csi#261 from huww98/golang fd153a9e Bump golang to 1.23.1 a8b3d050 pull-test.sh: fix "git subtree pull" errors 6b05f0fc use new GOTOOLCHAIN env to manage go version 18b6ac6d chore: update CSI driver version to 1.15 git-subtree-dir: release-tools git-subtree-split: 406a79acf021b5564108afebeea7d0ed44648d3f

andriisoldatenko closed this as completed Jul 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need fix for CVE-2023-45288 #261

Need fix for CVE-2023-45288 #261

andriisoldatenko commented May 8, 2024

andriisoldatenko commented May 10, 2024

jsafrane commented May 10, 2024

andriisoldatenko commented May 15, 2024

jwstein3400 commented May 16, 2024

andriisoldatenko commented May 28, 2024 •

edited

Loading

jsafrane commented May 31, 2024 •

edited

Loading

andriisoldatenko commented Jul 10, 2024

jsafrane commented Jul 19, 2024

andriisoldatenko commented Jul 23, 2024

Need fix for CVE-2023-45288 #261

Need fix for CVE-2023-45288 #261

Comments

andriisoldatenko commented May 8, 2024

andriisoldatenko commented May 10, 2024

jsafrane commented May 10, 2024

andriisoldatenko commented May 15, 2024

jwstein3400 commented May 16, 2024

andriisoldatenko commented May 28, 2024 • edited Loading

jsafrane commented May 31, 2024 • edited Loading

andriisoldatenko commented Jul 10, 2024

jsafrane commented Jul 19, 2024

andriisoldatenko commented Jul 23, 2024

andriisoldatenko commented May 28, 2024 •

edited

Loading

jsafrane commented May 31, 2024 •

edited

Loading