Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v0.13: vendor: update cilium to v1.15.3 #1433

Merged
merged 1 commit into from
Mar 27, 2024
Merged

v0.13: vendor: update cilium to v1.15.3 #1433

merged 1 commit into from
Mar 27, 2024

Conversation

rolinh
Copy link
Member

@rolinh rolinh commented Mar 27, 2024

Ref: #1432

Update Cilium import to v1.15.3 to avoid the binary for being tagged for CVE GHSA-68mj-9pjq-mc85.

The bug/fix only affects the Cilium Envoy binary, but the import of the old version is tagged by security scanners, so it is better to update to avoid the false positive security scan issue.

@rolinh @jrajahalme
vendor: update cilium to v1.15.3
4cf9cf0 
Update Cilium import to v1.15.3 to avoid the binary for being tagged for
CVE GHSA-68mj-9pjq-mc85.

The bug/fix only affects the Cilium Envoy binary, but the import of the
old version is tagged by security scanners, so it is better to update to
avoid the false positive security scan issue.

Signed-off-by: Robin Hahling <[email protected]>
Co-authored-by: Jarno Rajahalme <[email protected]>
Signed-off-by: Jarno Rajahalme <[email protected]>
@rolinh rolinh added priority/release-blocker This issue will prevent the release of the next version of Cilium. release-note/misc This PR makes changes that have no direct user impact. labels Mar 27, 2024
@rolinh rolinh requested a review from a team as a code owner March 27, 2024 12:27
@rolinh rolinh requested review from sayboras and removed request for a team March 27, 2024 12:27
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 27, 2024
@sayboras
Copy link
Member

Alternatively, you can just click the boxes in #1023

@rolinh rolinh added the 🧰 kind/backport This PR backports changes to a release branch label Mar 27, 2024
@rolinh
Copy link
Member Author

rolinh commented Mar 27, 2024

Alternatively, you can just click the boxes in #1023

It only updates it in CI, not the Go dep because the replace directives need to be kept in sync.

@rolinh rolinh merged commit 10407bc into v0.13 Mar 27, 2024
3 checks passed
@rolinh rolinh deleted the pr/rolinh/v0.13-cilium-1.15.3 branch March 27, 2024 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

Assignees
No one assigned
Labels
🧰 kind/backport This PR backports changes to a release branch priority/release-blocker This issue will prevent the release of the next version of Cilium. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rolinh @sayboras