Bug 2294110: CVE-2024-6104 cephcsi-container: go-retryablehttp: url might write sensitive information to log file #330
Conversation
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.1...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 2131a84)
|
@iPraveenParihar: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@iPraveenParihar: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Madhu-1
changed the title
|
@iPraveenParihar please check CI failures. |
Since CentOS Stream 8 is EOL, this commit updates the config to use vault.centos.org for CentOS Stream 8. This should be removed once the base image (ceph) is updated to a version with a newer CentOS. Signed-off-by: Praveen M <[email protected]> (cherry picked from commit 5809628)
|
/bugzilla refresh |
|
@Madhu-1: Bugzilla bug 2294110 is in a bug group that is not in the allowed groups for this repo.
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
The tests are failing due to missing ruby-devel package in the base image Signed-off-by: Madhu Rajanna <[email protected]> (cherry picked from commit 90c6be0)
Signed-off-by: Praveen M <[email protected]>
iPraveenParihar
force-pushed
the
CVE-2024-6104
branch
from
0213fb2
to
6e0fe5c
Compare
|
golangci-lint fails at internal/cephfs/store/volumeoptions.go:154:1: receiver name v should be consistent with previous receiver name vo for VolumeOptions (golint)@Madhu-1, Can we ignore this failure? |
we have this error only in 4.16? was there any changes done to fix this problem? or linter is updated to a new version? |
FYI, #303 (comment) |
|
okay, LGTM, once the bot is fixed we can merge this one. |
|
I don't think golangci-lint is a blocker, it failed on previous PRs in release-4.16 as well, see #303. |
|
/bugzilla refresh |
|
@nixpanic: Bugzilla bug 2294110 is in a bug group that is not in the allowed groups for this repo.
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
This bugzilla checks should pass once openshift/release#53900 is merged and deployed. |
|
/bugzilla refresh |
|
@nixpanic: This pull request references Bugzilla bug 2294110, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh |
|
@iPraveenParihar: This pull request references Bugzilla bug 2294110, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh |
|
@iPraveenParihar: This pull request references Bugzilla bug 2294110, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh |
|
@iPraveenParihar: This pull request references Bugzilla bug 2294110, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh |
|
@iPraveenParihar: This pull request references Bugzilla bug 2294110, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh |
|
@iPraveenParihar: This pull request references Bugzilla bug 2294110, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@openshift-ci[bot]: GitHub didn't allow me to request PR reviews from the following users: keesturam. Note that only red-hat-storage members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
iPraveenParihar
requested review from
Rakshith-R and
Madhu-1
and removed request for
Rakshith-R
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: iPraveenParihar, Rakshith-R The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit 0eefc0d
into
red-hat-storage:release-4.16
|
@iPraveenParihar: All pull requests linked via external trackers have merged: Bugzilla bug 2294110 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7.
updated-dependencies:
Signed-off-by: dependabot[bot] [email protected]
(cherry picked from commit 2131a84)
Describe what this PR does
Provide some context for the reviewer
Is there anything that requires special attention
Do you have any questions?
Is the change backward compatible?
Are there concerns around backward compatibility?
Provide any external context for the change, if any.
For example:
Related issues
Mention any github issues relevant to this PR. Adding below line
will help to auto close the issue once the PR is merged.
Fixes: #issue_number
Future concerns
List items that are not part of the PR and do not impact it's
functionality, but are work items that can be taken up subsequently.
Checklist:
notes
updated with breaking and/or notable changes for the next major release.
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>: retest the<job-name>after unrelatedfailure (please report the failure too!)