microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 451 коммит 990 Ветки 457 Теги 862 MiB
Граф коммитов

28 Коммитов

Автор SHA1 Сообщение Дата
CBL-Mariner-Bot 79af982f0d
[AUTO-CHERRYPICK] golang: update 1.22.5 -> 1.22.7 to address 3 CVEs - branch main (#10420) 
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
 2024-09-13 12:44:56 -07:00
Muhammad Falak R Wani c16735c961
golang: update 1.21.6 -> 1.21.11 to address CVE-2024-24790 (#9097) 
Changelog: https://go.dev/doc/devel/release#go1.21.minor
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-06-10 12:37:44 +05:30
Chris Gunn c433706dbc
Fixes for CVE-2023-45288. (#8866) 2024-05-01 11:19:03 -07:00
Henry Beberman e7716af5b5
node-problem-detector: patch CVE-2024-24786 (#8482) 2024-03-20 14:35:07 -07:00
CBL-Mariner-Bot a673fe2ab7
[AUTO-CHERRYPICK] node-problem-detector: upgrade to version v0.8.17 - branch main (#8460) 
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
 2024-03-19 17:13:41 -07:00
Nan Liu 850cc6143d
Fix the change logs to keep correct published order (#7879) 2024-02-14 09:25:19 -08:00
CBL-Mariner-Bot dd9200e9d7
[AUTO-CHERRYPICK] Add patches to address CVE-2021-44716 - branch main (#7875) 
Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
Co-authored-by: Nan Liu <liunan@microsoft.com>
 2024-02-13 17:18:32 -08:00
Muhammad Falak R Wani bd9a5c7ce7
Upgraded `golang` version 1.20.10 -> 1.21.6 (#7640) 
Changelog: https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-02-09 15:02:54 -08:00
Tobias Brick 5b876f7cfd
[CHERRYPICK FROM FASTTRACK/2.0] fix cve-2022-21698 in node-problem-detector (#7689) (#7786) 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-02-08 15:09:41 -08:00
Nan Liu 85350c6651
Update change logs to sync up with the ones in PMC (#6750) 2023-11-14 17:01:14 -08:00
Nan Liu 15bf461433
Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 (#6470) 2023-10-31 14:50:57 -07:00
Pawel Winogrodzki 01547eeed5
Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381) (#6395) 
* Fixed CVE-2023-44487 in `nginx` and `golang` (#6381)

Co-authored-by: Dan Streetman <ddstreet@ieee.org>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

* Bumping 'kubernetes'.

---------

Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
 2023-10-12 14:22:26 -07:00
Muhammad Falak R Wani e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 (#5946) 
* golang: introduce patch to permit requests with invalid host headers

Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot 78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 (#5828) 2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot c5a190f783
[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 (#5689) 
* Upgrade golang to 1.19.10 Adress CVEs

* Fix changelog

---------

Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
 2023-06-20 13:39:41 -07:00
Muhammad Falak R Wani a364e616af
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 (#5228) 
Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot 42a2d6d72d
Upgrade golang to 1.19.7 to address CVE-2023-24532 (#5160) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-03-28 13:20:34 +05:30
CBL-Mariner-Bot 768aae23e3
Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 (#5096) 
Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>
 2023-03-17 21:20:58 +05:30
CBL-Mariner-Bot 5ed28413bb
[AUTOPATCHER-CORE] Upgrade golang to 1.19.5 upgrade to latest - (#4759) 
* Upgrade golang to 1.19.5 upgrade to latest

* remove release bump of spec that should stay on golang 1.18.8 or below
 2023-02-03 20:56:43 +01:00
CBL-Mariner-Bot 63c1d45e66
[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - (#4643) 
* Upgrade golang to 1.19.4 upgrade to latest

* fix issues due to golang 1.19.4 upgrade

* re-add CVE-2022-41717.patch which is required by golang 1.17 spec

* clean up gh dependencies
 2023-01-19 18:37:17 +01:00
Daniel McIlvaney 449fbf1b41
Patch golang to resolve CVE-2022-41717 (#4457) 
* Patch golang to resolve CVE-2022-41717
 2022-12-19 12:17:43 -08:00
Olivia Crain a828f488f8
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 (#4157) 2022-11-01 16:37:38 -07:00
SeanDougherty 6445bf8dca
added arm64 support for node-problem-detector which is needed to support ARM64 AKS (#3623) 2022-09-01 16:52:46 -07:00
Olivia Crain fdc6619ad3
Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2022-08-24 09:01:02 -07:00
Muhammad Falak R Wani d76052103a
golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 (#3163) 
* golang: rename specfile golang-1.17.spec -> golang.spec
* golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327
* golang: bump release of dependent packages to force rebuild
* keda: verify license
* helm: verify license
* moby-containerd: bump version to 1.6.2 to address CVE-2022-24769
* golang: add go-1.17.10 to enable cert-manager
* cert-manger: add a hard BR on golang <= 1.17.10
* golang-17: add entry to cgimanifest

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2022-06-16 23:07:41 +05:30
Olivia Crain 8c8298b103
node-problem-detector: Add explicit check/run-time dependencies on mariner-release (#3089) 2022-06-01 12:18:44 -07:00
Max Brodeur-Urbas c2670ffa16
[main] upgrading node-problem-detector to v0.8.10 (#2343) 
* upgrading ndp to v0.8.10

* upgrading node-problem-detector to v0.8.10

* adding changelog for node-problem-detector

* fixing release number for node-problem-detector

* splitting patch file in two for cleanliness
 2022-03-02 10:32:07 -08:00
jslobodzian 17b0e93e71
Merge 1.0 to dev branch 
This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.
 2021-08-19 13:46:51 -07:00