Update Dex Image to >= 2.26.0 : Critical Security Vulnerability

airshipit / treasuremap

Reference Airship manifests, CICD, and reference architecture.

http://openstack.org

Apache License 2.0

52 stars 39 forks source link

Update Dex Image to >= 2.26.0 : Critical Security Vulnerability #126

Closed drewwalters96 closed 3 years ago

drewwalters96 commented 3 years ago

Describe the bug We currently use version v2.20.0 of the Dex image, which contains a critical security vulnerability. The recommended mitigation is to update to a version > 2.26.0.

It's not known if this will require chart updates or not. If so, an issue should be filed against airship/charts.

sshiba commented 3 years ago

Updated helm charts to use dex v2.26.0 image tag

sshiba commented 3 years ago

The PS https://review.opendev.org/c/airship/charts/+/785540 updates the dex image tag to v2.28.1, which is currently in review.

sshiba commented 3 years ago

The PS https://review.opendev.org/c/airship/charts/+/785540 has been merged, which updates the dex image tag to v2.28.1. This issue can be closed.

lb4368 commented 3 years ago

Closed per patchset merge with Dex image update