Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859 #139

Merged
merged 4 commits into from
Apr 11, 2023

Conversation

xumia
Copy link
Contributor

@xumia xumia commented Apr 9, 2023

[Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859

Upgrade the redis version from 2.10.5 to 4.5.4

|Alert title                             |Affected component                      |Severity                      |Due date                      |
|________________________________________|________________________________________|______________________________|______________________________|
|CVE-2023-28858                          |redis 2.10.5                            |High                          |2023-04-27T13:44:39.1802657Z  |

@xumia xumia requested a review from prsunny April 9, 2023 13:02
@xumia
Copy link
Contributor Author

xumia commented Apr 9, 2023

@prsunny , could you please help review it? Thanks.

@xumia
Copy link
Contributor Author

xumia commented Apr 9, 2023

/azp run Azure.sonic-restapi

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@xumia xumia changed the title [Security] Fix the redis security issue CVE-2023-28858 [Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859 Apr 11, 2023
@xumia xumia merged commit 4f6f979 into sonic-net:master Apr 11, 2023
@xumia xumia deleted the fix-CVE-2023-28858 branch April 11, 2023 23:39
@liushilongbuaa
Copy link
Contributor

Hi @xumia , @prsunny , This security change is needed in 202012,202205,202211.
Can we update submodule's HEAD to this commit in these branches?

@xumia
Copy link
Contributor Author

xumia commented Apr 13, 2023

Hi @xumia , @prsunny , This security change is needed in 202012,202205,202211. Can we update submodule's HEAD to this commit in these branches?

All releases 202012/202205/202211 use the master branch sonic-restapi, the 202012 has being used recent commit of master branch.

sonic-net/sonic-buildimage#14625
sonic-net/sonic-buildimage#14626
sonic-net/sonic-buildimage#14627

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants