Merge pull request #96 from phenixblue/bump-cryptography

Prepare for v2.3.1 Release
tmobile · Feb 12, 2021 · 9ce3d11 · 9ce3d11
2 parents 09235ff + 08ab50d
commit 9ce3d11
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -109,3 +109,17 @@ Adopting version 2 of this action allows us to start consuming Docker `buildx`.
 **RBAC rule changes**
 
 Due to the change in how user-defined Slack Incoming Webhooks are applied, there's a need for the `magtape-sa` service account to read Secrets across all namespaces. This includes get, list, and watch actions.
+
+## v2.3.1
+
+This release includes a fix for `CVE-2020-36242` in the Python Cryptography package.
+
+### Fixes
+
+Bump cryptography from 3.2 to 3.3.2 in /app/imageswap-init (Dependabot)
+
+    Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
+    - [Release notes](https://github.com/pyca/cryptography/releases)
+    - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
+    - [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
+
diff --git a/Makefile b/Makefile
@@ -16,7 +16,7 @@
 # its contributors may be used to endorse or promote products derived from this
 # software without specific prior written permission.
 
-MAGTAPE_VERSION := v2.3.0
+MAGTAPE_VERSION := v2.3.1
 OPA_VERSION := 0.25.2
 KUBE_MGMT_VERSION := 0.11
 

diff --git a/README.md b/README.md
@@ -67,7 +67,7 @@ You can use the following command to install MagTape and the example policies fr
 **NOTE:** The `master` branch of this repository is considered a working branch and may not always be in a functioning state. It's best to select a specific tag for a stable version of MagTape
 
 ```
-$ kubectl apply -f https://raw.githubusercontent.com/tmobile/magtape/v2.3.0/deploy/install.yaml
+$ kubectl apply -f https://raw.githubusercontent.com/tmobile/magtape/v2.3.1/deploy/install.yaml
 ```
 
 #### This will do the following

diff --git a/app/magtape/magtape.py b/app/magtape/magtape.py
@@ -41,7 +41,7 @@
 metrics = PrometheusMetrics(app, defaults_prefix="magtape")
 
 # Static information as metric
-metrics.info("app_info", "Application info", version="v2.3.0")
+metrics.info("app_info", "Application info", version="v2.3.1")
 
 # Set logging config
 log = logging.getLogger("werkzeug")

diff --git a/deploy/install.yaml b/deploy/install.yaml
@@ -337,7 +337,7 @@ spec:
         runAsGroup: 1900
       initContainers:
         - name: magtape-init
-          image: tmobile/magtape-init:v2.3.0
+          image: tmobile/magtape-init:v2.3.1
           command: [/app/magtape-init.py]
           imagePullPolicy: Always
           securityContext:
@@ -361,7 +361,7 @@ spec:
             mountPath: /vwc
       containers:
       - name: magtape
-        image: tmobile/magtape:v2.3.0
+        image: tmobile/magtape:v2.3.1
         ports:
         - containerPort: 5000
         command: ["gunicorn", "magtape:app", "--config=config.py"]

diff --git a/deploy/manifests/magtape-deploy.yaml b/deploy/manifests/magtape-deploy.yaml
@@ -21,7 +21,7 @@ spec:
         runAsGroup: 1900
       initContainers:
         - name: magtape-init
-          image: tmobile/magtape-init:v2.3.0
+          image: tmobile/magtape-init:v2.3.1
           command: [/app/magtape-init.py]
           imagePullPolicy: Always
           securityContext:
@@ -45,7 +45,7 @@ spec:
             mountPath: /vwc
       containers:
       - name: magtape
-        image: tmobile/magtape:v2.3.0
+        image: tmobile/magtape:v2.3.1
         ports:
         - containerPort: 5000
         command: ["gunicorn", "magtape:app", "--config=config.py"]