microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 324 коммитов 1 001 ветка 463 Теги 874 MiB
Граф коммитов

20 Коммитов

Автор SHA1 Сообщение Дата
Muhammad Falak R Wani e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 (#5946) 
* golang: introduce patch to permit requests with invalid host headers

Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-16 10:15:25 +05:30
CBL-Mariner-Bot 78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 (#5828) 2023-07-13 13:55:07 -07:00
CBL-Mariner-Bot c5a190f783
[AUTOPATCHER-CORE] Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405 (#5689) 
* Upgrade golang to 1.19.10 Adress CVEs

* Fix changelog

---------

Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
 2023-06-20 13:39:41 -07:00
Muhammad Falak R Wani a364e616af
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 (#5228) 
Reference: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ASecurity
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-04-05 21:38:04 +05:30
CBL-Mariner-Bot 42a2d6d72d
Upgrade golang to 1.19.7 to address CVE-2023-24532 (#5160) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-03-28 13:20:34 +05:30
CBL-Mariner-Bot 768aae23e3
Upgrade golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 (#5096) 
Co-authored-by: Rakshaa Viswanathan <46165429+rakshaa2000@users.noreply.github.com>
 2023-03-17 21:20:58 +05:30
suresh-thelkar 6204728aab
Patch helm for CVE-2023-25165 (#4874) 
* helm: Patch for CVE-2023-25165
* helm: Modifying spec file to apply patch for CVE-2023-25165
 2023-02-17 16:52:11 +05:30
CBL-Mariner-Bot 63c1d45e66
[AUTOPATCHER-CORE] Upgrade golang to 1.19.4 upgrade to latest - (#4643) 
* Upgrade golang to 1.19.4 upgrade to latest

* fix issues due to golang 1.19.4 upgrade

* re-add CVE-2022-41717.patch which is required by golang 1.17 spec

* clean up gh dependencies
 2023-01-19 18:37:17 +01:00
CBL-Mariner-Bot 8eb2670cd2
[AUTOPATCHER-CORE] Upgrade helm to 3.10.3 to fix CVE-2022-23524 - (#4535) 
* Upgrade helm to 3.10.3 to fix CVE-2022-23524

* Fixed the helm vendor signatures

Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
 2023-01-05 12:21:28 -08:00
Nan Liu 1e3b2bb37e
Enabled helm self checks (#4496) 2023-01-03 09:21:48 -08:00
Nan Liu 3fb521f747
helm: Patch CVE-2022-23525, CVE-2022-23526 (#4487) 
* helm: patch CVE-2022-23525, CVE-2022-23526

* fix patch format
 2022-12-21 13:55:47 -08:00
Daniel McIlvaney 449fbf1b41
Patch golang to resolve CVE-2022-41717 (#4457) 
* Patch golang to resolve CVE-2022-41717
 2022-12-19 12:17:43 -08:00
Olivia Crain a828f488f8
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190 (#4157) 2022-11-01 16:37:38 -07:00
CBL-Mariner-Bot 4b28eab1f2
[AUTOPATCHER-CORE] Upgrade helm to version 3.9.4 to fix CVE-2022-36055, CVE-2022-36049 (#4068) 
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
 2022-10-30 20:28:47 -07:00
Olivia Crain fdc6619ad3
Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2022-08-24 09:01:02 -07:00
chalamalasetty 9363f91c45
Update helm version 3.9.3 (#3586) 
* Update helm version 3.9.3

* Fix helm version info not displaying correctly
 2022-08-22 18:17:19 -07:00
Muhammad Falak R Wani d76052103a
golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327 (#3163) 
* golang: rename specfile golang-1.17.spec -> golang.spec
* golang: bump version to 1.18.3 to address CVE-2022-24675 & CVE-2022-28327
* golang: bump release of dependent packages to force rebuild
* keda: verify license
* helm: verify license
* moby-containerd: bump version to 1.6.2 to address CVE-2022-24769
* golang: add go-1.17.10 to enable cert-manager
* cert-manger: add a hard BR on golang <= 1.17.10
* golang-17: add entry to cgimanifest

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2022-06-16 23:07:41 +05:30
Henry Beberman 1b6d311434
[dev] Patch helm CVE-2021-32690 (#1424) 2021-09-20 17:16:49 -07:00
Henry Beberman 3a72afd634
[dev] Patch helm CVE-2021-21303 (#1422) 2021-09-20 16:06:19 -07:00
Henry Li 0931a2059f
[dev] Enable helm in Mariner (#1291) 
* enable helm

* fix comment

* change minor naming issue in changelog

Co-authored-by: Henry Li <lihl@microsoft.com>
 2021-08-18 10:26:39 -07:00