From 526b737f937d6eb8baa8cb4b06d80f7ff830a028 Mon Sep 17 00:00:00 2001 From: Alejandro Lazaro Date: Thu, 28 Oct 2021 16:53:55 +0200 Subject: [PATCH] Relese minor version addressing security patches Rasa X 0.42.4 solves CVE-2021-42556 Bumping Rasa OSS to 2.8.12 solves the issues in TensorFlow 2.3 https://github.com/rasahq/rasa/issues/7619 This breaks backward compatibility of previously trained models. It is not possible to load models trained with previous versions of Rasa Open Source. Please re-train your assistant before trying to use this version. --- README.md | 6 +++--- charts/rasa-x/Chart.yaml | 10 +++++----- charts/rasa-x/values.yaml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 1de7e2bb..3d1f8a03 100644 --- a/README.md +++ b/README.md @@ -56,11 +56,11 @@ recommend to set at least these values: | `rabbitmq.rabbitmq.password` | Password for RabbitMq. | `test` | | `global.postgresql.postgresqlPassword` | Password for the Postgresql database. | `password` | | `global.redis.password` | Password for redis. | `password` | -| `rasax.tag` | Version of Rasa X which you want to use. | `0.42.0` | -| `rasa.version` | Version of Rasa Open Source which you want to use. | `2.8.1` | +| `rasax.tag` | Version of Rasa X which you want to use. | `0.42.4` | +| `rasa.version` | Version of Rasa Open Source which you want to use. | `2.8.12` | | `rasa.tag` | Image tag which should be used for Rasa Open Source. Uses `rasa.version` if empty. | `` | | `app.name` | Name of your action server image. | `rasa/rasa-x-demo` | -| `app.tag` | Tag of your action server image. | `0.42.0` | +| `app.tag` | Tag of your action server image. | `0.42.4` | | `app.command` | Override the default command to run in the container. | `[]` | | `app.args` | Override the default arguments to run in the container. | `[]` | | `eventService.command` | Override the default command to run in the container. | `[]` | diff --git a/charts/rasa-x/Chart.yaml b/charts/rasa-x/Chart.yaml index e1e65255..d5a73184 100644 --- a/charts/rasa-x/Chart.yaml +++ b/charts/rasa-x/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v2 -version: "2.4.3" +version: "2.5.0" appVersion: "0.42.4" @@ -41,7 +41,7 @@ dependencies: annotations: # See: https://artifacthub.io/docs/topics/annotations/helm/#supported-annotations artifacthub.io/changes: | - - kind: fixed - description: Fix template formatting for network policies. - - kind: removed - description: Remove useless network policy - ingress-egress-nginx-to-kubernetes-services. + - kind: security + description: Bump the app version to 0.42.4. CVE-2021-42556. + - kind: security + description: Bump the Rasa OSS version to 2.8.12. Solve many security issues by bumping TensorFlow version from 2.3 to 2.6. diff --git a/charts/rasa-x/values.yaml b/charts/rasa-x/values.yaml index edaafa2b..cc29a032 100644 --- a/charts/rasa-x/values.yaml +++ b/charts/rasa-x/values.yaml @@ -118,7 +118,7 @@ rasax: rasa: # version is the Rasa Open Source version which should be used. # Used to ensure backward compatibility with older Rasa Open Source versions. - version: "2.8.1" # Please update the default value in the Readme when updating this + version: "2.8.12" # Please update the default value in the Readme when updating this # disableTelemetry permanently disables telemetry disableTelemetry: false # override the default command to run in the container