Skip to content

Commit

Permalink
chore(bors): merge pull request #402
Browse files Browse the repository at this point in the history 
402: chore(deps): address CVE-2023-39325, CVE-2023-47108 and GHSA-m425-mq9… r=tiagolobocastro a=cmontemuino

Upgrade images to fix the following vulnerabilities:

- https://avd.aquasec.com/nvd/2023/cve-2023-47108/
- https://avd.aquasec.com/nvd/2023/cve-2023-39325/
- GHSA-m425-mq94-257g


## Description

CVE-2023-47108 and CVE-2023-39325 fixed in v2.10.0 from node-driver-registar

GHSA-m425-mq94-257g fixed in v2.10.0 from node-driver-registar, and v6.3.3 from csi-snapshotter (and controller) images.


## Motivation and Context

Have no HIGH vulnerabilities in mayastor-extensions

## Regression
No


Co-authored-by: cmontemuino <1761056+cmontemuino@users.noreply.github.com>
  • Loading branch information
@cmontemuino
mayastor-bors and cmontemuino committed Jan 18, 2024
2 parents 3e68cec + d4e7102 commit a6a3494
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions chart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,11 +104,11 @@ $ helm install my-release openebs/mayastor
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;attacherTag | csi-attacher image release tag | `"v4.3.0"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;provisionerTag | csi-provisioner image release tag | `"v3.5.0"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;pullPolicy | imagePullPolicy for all CSI Sidecar images | `"IfNotPresent"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;registrarTag | csi-node-driver-registrar image release tag | `"v2.9.0"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;registrarTag | csi-node-driver-registrar image release tag | `"v2.10.0"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;registry | Image registry to pull all CSI Sidecar images | `"registry.k8s.io"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;repo | Image registry's namespace | `"sig-storage"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;snapshotControllerTag | csi-snapshot-controller image release tag | `"v6.3.1"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;snapshotterTag | csi-snapshotter image release tag | `"v6.3.1"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;snapshotControllerTag | csi-snapshot-controller image release tag | `"v6.3.3"` |
| csi.&ZeroWidthSpace;image.&ZeroWidthSpace;snapshotterTag | csi-snapshotter image release tag | `"v6.3.3"` |
| csi.&ZeroWidthSpace;node.&ZeroWidthSpace;kubeletDir | The kubeletDir directory for the csi-node plugin | `"/var/lib/kubelet"` |
| csi.&ZeroWidthSpace;node.&ZeroWidthSpace;nvme.&ZeroWidthSpace;ctrl_loss_tmo | The ctrl_loss_tmo (controller loss timeout) in seconds | `"1980"` |
| csi.&ZeroWidthSpace;node.&ZeroWidthSpace;priorityClassName | Set PriorityClass, overrides global | `""` |
Expand Down
6 changes: 3 additions & 3 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,11 +269,11 @@ csi:
# -- csi-attacher image release tag
attacherTag: v4.3.0
# -- csi-snapshotter image release tag
snapshotterTag: v6.3.1
snapshotterTag: v6.3.3
# -- csi-snapshot-controller image release tag
snapshotControllerTag: v6.3.1
snapshotControllerTag: v6.3.3
# -- csi-node-driver-registrar image release tag
registrarTag: v2.9.0
registrarTag: v2.10.0

controller:
# -- Log level for the csi controller
Expand Down

0 comments on commit a6a3494

Please sign in to comment.