The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
This PR contains the following updates:
v0.18.4->v0.18.8GitHub Vulnerability Alerts
CVE-2020-8559
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Release Notes
kubernetes/apimachinery (k8s.io/apimachinery)
### [`v0.18.8`](https://redirect.github.com/kubernetes/apimachinery/compare/v0.18.6...v0.18.8) [Compare Source](https://redirect.github.com/kubernetes/apimachinery/compare/v0.18.6...v0.18.8) ### [`v0.18.6`](https://redirect.github.com/kubernetes/apimachinery/compare/v0.18.6-rc.0...v0.18.6) [Compare Source](https://redirect.github.com/kubernetes/apimachinery/compare/v0.18.5...v0.18.6) ### [`v0.18.5`](https://redirect.github.com/kubernetes/apimachinery/compare/v0.18.5-rc.1...v0.18.5) [Compare Source](https://redirect.github.com/kubernetes/apimachinery/compare/v0.18.4...v0.18.5)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.