Closed sftim closed 1 month ago
This issue is currently awaiting triage.
SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted
label.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
/transfer kubernetes
Seems the issues were created in their respective repos. But are missing from the official k8s CVE feed probably because there were no corresponding issues created in k/k with the official-cve-feed label. https://github.com/kubernetes/kubernetes/issues/126816 https://github.com/kubernetes/kubernetes/issues/126817
We have had to create issues in both the sub project and k/k in the past. e.g. https://github.com/kubernetes/kubernetes/issues/118419
@cjcullen
@ritazh would it be acceptable for @kubernetes/security-response-committee if SIG Security Tooling Maintainers add a duplicate issue in k/k with the right label for such instances? I am tracking this as part of beta -> GA graduation so want to acknowledge that this could happen again and we would like to establish a precedent for it.
@ritazh would it be acceptable for @kubernetes/security-response-committee if SIG Security Tooling Maintainers add a duplicate issue in k/k with the right label for such instances? I am tracking this as part of beta -> GA graduation so want to acknowledge that this could happen again and we would like to establish a precedent for it.
Yes please do. And feel free to tag me for review.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
FYI we are currently transferring the ingress-nginx cve github issues over to k/k and will open future ones here as well.
We've migrated the ingress-nginx CVE issues to kubernetes/kubernetes, and these CVEs now show up in the feed. https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ I think this can be closed.
We've migrated the ingress-nginx CVE issues to kubernetes/kubernetes, and these CVEs now show up in the feed. https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ I think this can be closed.
/close
@enj: Closing this issue.
Per https://github.com/kubernetes/website/issues/45576, the official CVE feed at https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ doesn't have entries for:
I am not sure if we want to narrow the scope of the feed, fix the missing issues, or change our processes to ensure all announced vulnerabilities show up in the feed.
However, this issue is about taking a step to add those entries into the upstream feed. Doing that should close issue https://github.com/kubernetes/website/issues/45576.
/sig security /committee security-response