Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Critical
Fix Version/s: ACM 2.11.0
Affects Version/s: ACM 2.11.0
Component/s: Application Lifecycle, Cluster Lifecycle, QE
Labels:

Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:

Target Version:

ACM 2.11.0

Regression:
No

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description of problem:

Need to ensure that CVE-2023-45288 is patched for all App/Cluster LC images:

upgrade go pkg golang.org/x/net to v0.23.0 or above

app lifecycle repos:

https://github.com/stolostron/multicloud-operators-subscription
https://github.com/stolostron/multicloud-operators-channel
https://github.com/stolostron/multicloud-operators-application
https://github.com/stolostron/multicloud-integrations
https://github.com/stolostron/cluster-permission

cluster lifecycle repos:

https://github.com/stolostron/cluster-curator-controller
https://github.com/stolostron/provider-credential-controller
https://github.com/stolostron/cluster-image-set-controller
https://github.com/stolostron/clusterclaims-controller

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

...

Actual results:

Expected results:

Additional info:

clones

ACM-12027 Business Continuity: fix CVE-2023-45288 if necessary

Closed

is cloned by

ACM-12091 [release-2.10] App/Cluster LC: fix CVE-2023-45288 if necessary

Review

Assignee:: Xiangjing Li

Reporter:: Tesshu Flower

QA Contact:: Yupeng Chang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/06/10 3:19 PM

Updated:: 2024/06/19 7:57 PM