search

trosvald / home-ops

My OnPrem Kubernetes cluster. Deploy on top of Talos Linux, automated via Flux, renovate 🤖, and Github actions
0 stars 0 forks source link

fix(helm): update cert-manager ( v1.16.1 → v1.16.2 ) #367

Closed monosense-arc[bot] closed 1 week ago

monosense-arc[bot] commented 1 week ago

This PR contains the following updates:

Package Update Change
cert-manager (source) patch v1.16.1 -> v1.16.2

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cert-manager/cert-manager (cert-manager) ### [`v1.16.2`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.16.2) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This patch release of cert-manager 1.16 makes [several changes](https://redirect.github.com/cert-manager/cert-manager/pull/7401) to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed. This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project. The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods. Note also that since most PEM data parsed by cert-manager comes from `ConfigMap` or `Secret` resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data. Further information is available in https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images. #### Changes by Kind ##### Bug or Regression - Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#​7401](https://redirect.github.com/cert-manager/cert-manager/issues/7401), [@​SgtCoDFish](https://redirect.github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.23.3 and bump base images to latest available ([#​7431](https://redirect.github.com/cert-manager/cert-manager/issues/7431), [@​SgtCoDFish](https://redirect.github.com/SgtCoDFish))

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

monosense-arc[bot] commented 1 week ago 
no HelmRelease objects found in cluster