Need to upgrade K8S version (CVE-2020-8557 && CVE-2020-8559)

jhunt / k8s-boshrelease

A BOSH Release for deploying Kubernetes clusters

MIT License

13 stars 9 forks source link

Need to upgrade K8S version (CVE-2020-8557 && CVE-2020-8559) #65

Closed obeyler closed 4 years ago

obeyler commented 4 years ago

As CVE-2020-8557 and CVE-2020-8559

https://nvd.nist.gov/vuln/detail/CVE-2020-8557
https://nvd.nist.gov/vuln/detail/CVE-2020-8559 impact the current version of K8S bosh (K8S 1.18.5) it needs to bump at least to 1.18.6 (note that 1.18.8 has been also released)

jhunt commented 4 years ago

I've got a working (non-eventful) upgrade to 1.18.6 in my lab; working through upgrading other auxiliary components (containerd and friends) and then we can cut a 1.18.8-build.1 release to address these.

jhunt commented 4 years ago

Try v1.18.8-build.1, @obeyler

obeyler commented 4 years ago

I'll do that immediately :-) Thanks !