search

kubernetes-sigs / apiserver-network-proxy

Apache License 2.0
360 stars 172 forks source link

CVE-2023-45288: overall tracker #615

Open jkh52 opened 2 months ago

jkh52 commented 2 months ago

CVE-2023-45288 needs mitigation and releases.

### Tasks
- [x] Mitigate `master` (https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/613)
- [x] Mitigate `release-0.30` branch (https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/614)
- [x] Mitigate `release-0.29` branch (https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/618)
- [x] Mitigate `release-0.28` branch (https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/621)
- [x] Mitigate `release-0.1` branch (https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/622)
- [x] Tag `v0.30.3`
- [x] Tag `v0.29.3`
- [x] Tag `v0.28.6`
- [x] Tag `v0.1.10`
- [ ] Promote associated images (https://github.com/kubernetes/k8s.io/pull/6819)
- [ ] Update k/k `master`
- [ ] Update k/k `release-1.30`
- [ ] Update k/k `release-1.29`
- [ ] Update k/k `release-1.28`
- [ ] Update k/k `release-1.27`
jkh52 commented 2 months ago

/cc @avrittrohwer /cc @azimjohn

liangyuanpeng commented 2 months ago

I will open a PR to enable cherry-pick plugin of prow for ANP later, and then we just comment /cherry-pick release-0.29 at PR, the bot will cherry pick this PR to release-0.29 after this PR is merged.

let's automate as much as possible :)

liangyuanpeng commented 2 months ago

let's automate as much as possible :)

Updates to dependencies may not work because it may need to rerun go mod tidy. :(

liangyuanpeng commented 2 months ago

I will open a PR to enable cherry-pick plugin of prow for ANP later, and then we just comment /cherry-pick release-0.29 at PR, the bot will cherry pick this PR to release-0.29 after this PR is merged.

open the PR https://github.com/kubernetes/test-infra/pull/32547 for it

jkh52 commented 2 months ago

Mitigations for all supported versions are now merged. I will create tags soon.

jkh52 commented 2 months ago

Mitigations for all supported versions are now merged. I will create tags soon.

Tags are created.

mengdie-song commented 1 month ago

Hi, could you help upload the 0.29.3 image with the CVE fix as well? I am trying to pull 0.29.3 image but got errors below.

docker pull registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.3
Error response from daemon: manifest for registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.3 not found: manifest unknown: Failed to fetch "v0.29.3"

Can I know when this 0.29.3 image will be ready? Thanks!