search

yuvipanda / jupyterhub-ssh

SSH Access to JupyterHubs
BSD 3-Clause "New" or "Revised" License
93 stars 29 forks source link

Rebuild images to resolve CVE-2023-38408 #78

Closed iameskild closed 1 year ago

iameskild commented 1 year ago

A vulnerability with OpenSSH was recently discovered (CVE-2023-38408) and the resolution looks like it simply requires that we install a later version of openssh. The images used by jupyterhub-ssh/sftp are being flagged as running an older version of openssh.

Cutting a new release of the jupyterhub-ssh chart which will rebuild the images and install the lastest version of openssh.

I'm happy to assist with this release; it looks like pushing a change to main will trigger this release process.

yuvipanda commented 1 year ago

@iameskild I can give you merge rights :) How does that sound?

iameskild commented 1 year ago

That works! Thanks @yuvipanda :)

Is there a recommended change that's needed for this release?

yuvipanda commented 1 year ago

@iameskild invited you!

I don't have any particular opinions, use your best judgement :)

And thank you for offering to help!