BUG 2312515: CVE-2024-6104 cephcsi-container: go-retryablehttp: url might write sensitive information to log file #381
Conversation
|
@iPraveenParihar: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.1...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 2131a84)
iPraveenParihar
force-pushed
the
bz/2312515
branch
2 times, most recently
from
b235408
to
d340889
Compare
|
/hold Before fixing 4.12, make sure all newer versions have the fixes too already. We have templates for backport PRs, see the redhat/README.md. |
@nixpanic, backport PRs were already created & merged to newer versions (4.17 to 4.13). |
Thanks, in the future, use the backport tempate for the PR, so that it is clear the whole process is followed. /unhold |
|
I have cherry-picked around 6 commits related to lint failures. And not sure still how many needed to make lint CI green ✅. WDYT? |
In most of the cases we will try to fix it but not like we pick more commits and it's not getting fixed like this, we can make an exception for pretty older releases and do what is only required and get it merged. |
iPraveenParihar
force-pushed
the
bz/2312515
branch
from
b7f1f21
to
d796f8a
Compare
iPraveenParihar
requested review from
Madhu-1 and
nixpanic
and removed request for
Madhu-1
|
Creating the test container-image seems to be problematic. Can you check if a fix for that can be backported as well? I can be as part of this PR, so that CI jobs provide some confidence of the build. |
|
@iPraveenParihar , you probably need ceph#3540 to get the CI to pass |
GitHub Workflows fail installing Helm if the `openssl` package is not available. Fedora 36 installs `openssl` by default, Fedora 37 does not. Signed-off-by: Niels de Vos <[email protected]> (cherry picked from commit 774beef)
Since CentOS Stream 8 is EOL, this commit updates the config to use vault.centos.org for CentOS Stream 8. This should be removed once the base image (ceph) is updated to a version with a newer CentOS. Signed-off-by: Praveen M <[email protected]> (cherry picked from commit 5809628)
|
Thanks! CI jobs that are really required pass now. /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: iPraveenParihar, nixpanic The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
7 similar comments
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
Bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7.
updated-dependencies:
Signed-off-by: dependabot[bot] [email protected]
(cherry picked from commit 2131a84)
Describe what this PR does
Provide some context for the reviewer
Is there anything that requires special attention
Do you have any questions?
Is the change backward compatible?
Are there concerns around backward compatibility?
Provide any external context for the change, if any.
For example:
Related issues
Mention any github issues relevant to this PR. Adding below line
will help to auto close the issue once the PR is merged.
Fixes: #issue_number
Future concerns
List items that are not part of the PR and do not impact it's
functionality, but are work items that can be taken up subsequently.
Checklist:
guidelines in the developer
guide.
Request
notes
updated with breaking and/or notable changes for the next major release.
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>: retest the<job-name>after unrelatedfailure (please report the failure too!)