Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Update docker version to address CVE-2022-24921 #8312

Merged
merged 1 commit into from
Apr 4, 2022
Merged

fix: Update docker version to address CVE-2022-24921 #8312

merged 1 commit into from
Apr 4, 2022

Conversation

CashWilliams
Copy link
Contributor

Signed-off-by: Cash Williams [email protected]

Fixes CVE-2022-24921 by moving Docker version to 20.10.14 which includes moby/moby@0fa0d70

@alexec
Copy link
Contributor

alexec commented Apr 4, 2022

I'm not sure we need this:

  1. We're getting rid of docker in v3.4/v4.0
  2. I'm not sure we're exposed.

@alexec alexec enabled auto-merge (squash) April 4, 2022 15:15
@alexec alexec disabled auto-merge April 4, 2022 15:15
@alexec alexec changed the title chore(deps): Update docker version to address CVE-2022-24921 fix: Update docker version to address CVE-2022-24921 Apr 4, 2022
@alexec alexec enabled auto-merge (squash) April 4, 2022 15:16
@alexec
Copy link
Contributor

alexec commented Apr 4, 2022

That said, this PR is harmless.

@CashWilliams
Copy link
Contributor Author

Our security scanner is finding the docker binaries in the image and knows they are vulnerable. It makes sense that there probably isn't any exposure and I could go in and mark the vulnerabilities as ignored, but I figured it wouldn't hurt to bump the version.

@alexec
Copy link
Contributor

alexec commented Apr 4, 2022

I want to get rid of binaries in the argoexec image. It's bad practice to stuff your images with binaries like this.

@alexec alexec merged commit 0cdd2b4 into argoproj:master Apr 4, 2022
@sarabala1979 sarabala1979 mentioned this pull request Apr 14, 2022
Closed
85 tasks
@alexec alexec mentioned this pull request May 3, 2022
Closed
alexec pushed a commit that referenced this pull request May 3, 2022
@CashWilliams @alexec
fix: update docker version to address CVE-2022-24921 (#8312)
c17f8c7 
Signed-off-by: Cash Williams <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexec alexec alexec approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CashWilliams @alexec