Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump default coredns image to v1.11.3 (because previous ones had CVEs) #2021

Merged

Conversation

hidalgopl
Copy link
Contributor

What issue type does this pull request address? (keep at least one, remove the others)
/kind bugfix

What does this pull request do? Which issues does it resolve? (use resolves #<issue_number> if possible)
It updates default coredns image to 1.11.3, which has no CVEs and adds e2e tests to verify if pinned version is used:

trivy image coredns/coredns:1.11.3 --severity HIGH,CRITICAL

2024-08-05T08:51:42.727+0200	INFO	Vulnerability scanning is enabled
2024-08-05T08:51:42.727+0200	INFO	Secret scanning is enabled
2024-08-05T08:51:42.727+0200	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-08-05T08:51:42.727+0200	INFO	Please see also https://aquasecurity.github.io/trivy/v0.35/docs/secret/scanning/#recommendation for faster secret detection
2024-08-05T08:51:44.885+0200	INFO	Detected OS: debian
2024-08-05T08:51:44.885+0200	INFO	Detecting Debian vulnerabilities...
2024-08-05T08:51:44.885+0200	INFO	Number of language-specific files: 1
2024-08-05T08:51:44.885+0200	INFO	Detecting gobinary vulnerabilities...

coredns/coredns:1.11.3 (debian 11.10)

Total: 0 (HIGH: 0, CRITICAL: 0)

resolves ENG-3849

Please provide a short message that should be published in the vcluster release notes
Bumped CoreDNS image to v1.11.3

What else do we need to know?

Copy link

netlify bot commented Aug 5, 2024

Deploy Preview for vcluster-docs canceled.

Built without sensitive environment variables

Name Link
🔨 Latest commit 9b23c74
🔍 Latest deploy log https://app.netlify.com/sites/vcluster-docs/deploys/66b078b2ea19750008e7674b

@hidalgopl hidalgopl added the backport-to-v0.20 backport this PR to v0.20 branch label Aug 5, 2024
@FabianKramm FabianKramm merged commit ec2c9af into loft-sh:main Aug 5, 2024
61 checks passed
@loft-bot
Copy link

loft-bot commented Aug 5, 2024

💔 All backports failed

Status Branch Result
v0.20 An unhandled error occurred. Please see the logs for details

Manual backport

To create the backport manually run:

backport --pr 2021

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

@loft-bot
Copy link

loft-bot commented Aug 5, 2024

💚 All backports created successfully

Status Branch Result
v0.20

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

FabianKramm added a commit that referenced this pull request Aug 5, 2024
[v0.20] Merge pull request #2021 from hidalgopl/update-coredns-image-to-v1.11.3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-to-v0.20 backport this PR to v0.20 branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants