Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating of ansible-runner to 2.1.x #6167

Closed
whitfiea opened this issue Nov 10, 2022 · 7 comments
Closed

Updating of ansible-runner to 2.1.x #6167

whitfiea opened this issue Nov 10, 2022 · 7 comments
Milestone
Backlog

Comments

@whitfiea
Copy link

The current ansible-runner used in the operator image is 2.0.2 which has a known vulnerbility CVE-2021-4041 which is fixed in version 2.1.0 onwards. I can see the dependabot created this PR sometime ago to raise the version to 2.1.1: #6011

My question is, when will this PR be merged so that we can pickup the new operator-sdk image that resolves the vulnerbility?
@theishshah theishshah added this to the Backlog milestone Nov 14, 2022
@everettraven
Copy link
Contributor

/unassign jmrodri

@balane3
Copy link

balane3 commented Feb 3, 2023

Is there any plan on when the operator image will have an updated version of ansible? There are a number of vulnerabilities that are fixed in later versions (e.g. CVE-2021-3701, CVE-2021-3583, CVE-2022-3697).

@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 5, 2023
@whitfiea
Copy link
Author

whitfiea commented May 5, 2023

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 5, 2023
@acornett21
Copy link
Contributor

@acornett21
Copy link
Contributor

@everettraven I think you already resolved this.

@everettraven
Copy link
Contributor

@acornett21 You're correct - thanks for following up on this! Closing it now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
7 participants
@jmrodri @openshift-bot @balane3 @whitfiea @theishshah @everettraven @acornett21