Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated aws sdk version to fix netty CVE #1376

Merged
merged 2 commits into from
Nov 20, 2024
Merged

Updated aws sdk version to fix netty CVE #1376

merged 2 commits into from
Nov 20, 2024

Conversation

chandrams
Copy link
Contributor

Description

Updated aws sdk version to fix the new CVE with netty as seen here

Fixes # (issue)

Type of change

  • Bug fix
  • New feature
  • Docs update
  • Breaking change (What changes might users need to make in their application due to this PR?)
  • Requires DB changes

How has this been tested?

Tested by creating a build and ensuring the quay scanner report doesn't report this issue

  • New Test X
  • Functional testsuite

Test Configuration

  • Kubernetes clusters tested on: NA

Checklist 🎯

  • Followed coding guidelines
  • Comments added
  • Dependent changes merged
  • Documentation updated
  • Tests added or updated

Additional information

Include any additional information such as links, test results, screenshots here

@chandrams
Updated aws sdk version to fix netty CVE
cdb1993 
Signed-off-by: Chandrakala Subramanyam <csubrama@redhat.com>
@chandrams chandrams added this to the Kruize 0.2 Release milestone Nov 19, 2024
@chandrams chandrams self-assigned this Nov 19, 2024
@chandrams
Copy link
Contributor Author

@kusumachalasani - I 'm updating the aws sdk version for cloudwatch, can you please ensure the cloudwatch logging works fine with this. Thank you.

dinogun
dinogun reviewed Nov 19, 2024
View reviewed changes
pom.xml Outdated
@@ -25,7 +25,7 @@
<hibernatecp30-version>6.1.7.Final</hibernatecp30-version>
<hibernate-Validator>8.0.1.Final</hibernate-Validator>
<micrometer-version>1.9.9</micrometer-version>
<awssdk-version>2.25.35</awssdk-version>
<awssdk-version>2.29.15</awssdk-version>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2.29.16 seems to be the latest one. Any reason we are not using that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this mentioned? I picked the latest from here - https://mvnrepository.com/artifact/software.amazon.awssdk/cloudwatchlogs

@chandrams
Updated aws sdk to the latest version
bc0701f 
Signed-off-by: Chandrakala Subramanyam <csubrama@redhat.com>
dinogun
dinogun approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@dinogun dinogun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dinogun dinogun merged commit 031d770 into kruize:mvp_demo Nov 20, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dinogun dinogun dinogun approved these changes

@kusumachalasani kusumachalasani Awaiting requested review from kusumachalasani

Assignees

@chandrams chandrams

Labels
None yet
Projects
Monitoring
Status: Done
Milestone
Kruize 0.2 Release
Development

Successfully merging this pull request may close these issues.
2 participants
@chandrams @dinogun