Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: ImageUpdater
Labels:
- internal-report
- team-gitops-tangerine

Story Points:
5
Epic Link:
community issues in image-updater pre-v0.16
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Git Pull Request:
https://github.com/argoproj-labs/argocd-image-updater/pull/1075
Intelligence Requested:
Market:

Sprint:
GitOps Tangerine Sprint 14

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

See image-updater github security page: https://github.com/argoproj-labs/argocd-image-updater/security/dependabot

Kubernetes GitRepo Volume Inadvertent Local Repository Access https://github.com/argoproj-labs/argocd-image-updater/security/dependabot/104
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API https://github.com/argoproj-labs/argocd-image-updater/security/dependabot/103
Node Denial of Service via kubelet Checkpoint API https://github.com/argoproj-labs/argocd-image-updater/security/dependabot/98

argo-cd project already has the patched version: k8s.io/kubernetes v1.32.2

When upgrading, make sure the related replace entries are also updated and perserved in go.mod.

clones

GITOPS-6399 Use the right api url for github enterprise

Closed

Assignee:: Atif Ali

Reporter:: Cheng Fang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/03/20 6:30 PM

Updated:: 2025/04/17 1:35 AM

Resolved:: 2025/04/17 1:35 AM