Align BIG-IP Version Matrix support with latest F5 CVEs vulnerabilities K50974556

tewfikm commented 3 years ago

Do you already have an issue opened with F5 support?

No

Description

BIG-IP Version Matrix for GCP deployement is referencing BIG-IP versions that are vulnerables as per https://support.f5.com/csp/article/K50974556

Request is to:

Assess/Validate that latests non vulnerable BIG-IP versions are tested and supported on GCP
Withdraw/hide vulnerable BIG-IP versions from marketplace
Publish GDM templates with non vulnerables BIG-IP images

Template

ALL templates

Severity Level

2

G-gonzalezjimenez commented 3 years ago

Thank you for your comments, we are tracking this issue internally. We are also working in a process to update faster our documents.

We are in the process of publishing the following non-vulnerable versions to the Cloud Marketplaces: 13.1.4.1 – publishing complete 14.1.4.4 – publishing complete 15.1.4 – publishing in progress 16.0.1.2 – publishing complete

We cannot remove images from the Cloud Marketplaces as this will break existing customers.

The Cloud Solution Templates will work with the New Images that include the CVEs when those images are published. We will test the templates and update the documentation between 2 and 5 business days after tests are completed and the images are published.

The Cloud Solution Templates will be updated on the minor update.

This is being tracked internally with ID ESECLDTPLT-2816

shyawnkarim commented 3 years ago

Closing.

This was updated with Release 3.1.4.0.

F5Networks / f5-google-gdm-templates