Release regarding CVE-2021-44228

[owwweiha]

Hi,

is there an bucc release planned regardings CVE-2021-44228?

At least for credhub and uaa there are already releases available containing fixes: https://github.com/pivotal/credhub-release/releases/tag/2.10.0 https://github.com/cloudfoundry/uaa-release/releases/tag/v75.11.0

Thanks Onke

[ramonskie]

we where already consuming these releases in our develop branch. i also now pulled these for our master branche and released it. see https://github.com/starkandwayne/bucc/releases/tag/v0.11.3

[owwweiha]

Hi @ramonskie - there are again two new releases for uaa and credhub which address the log4j CVE: https://github.com/pivotal/credhub-release/releases/tag/2.11.0 https://github.com/cloudfoundry/uaa-release/releases/tag/v75.12.0

Any plan to push another bucc release with those releases?

Thank you :)

[ramonskie]

running it now https://pipes.starkandwayne.com/teams/bucc/pipelines/bucc/jobs/shipit/builds/30 see https://github.com/starkandwayne/bucc/releases/tag/v0.11.4

[owwweiha]

Thank you!

[owwweiha]

Hi @ramonskie, I'm sorry to bother you again, but the shipit job failed.

[ramonskie]

its released now