Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't update envoy-dev:latest on security fix branch pushes #6595

Closed
htuch opened this issue Apr 15, 2019 · 2 comments
Closed

Don't update envoy-dev:latest on security fix branch pushes #6595

htuch opened this issue Apr 15, 2019 · 2 comments
Labels
area/build help wanted Needs help!

Comments

@htuch
Copy link
Member

htuch commented Apr 15, 2019

envoy-dev:latest was updated when the Envoy 1.9.1 security release branch was pushed. We should update the Docker tagging to avoid going back in time.

Action item for CVE-2019-9900
Action item for CVE-2019-9901
@mattklein123 mattklein123 mentioned this issue Apr 9, 2020
Closed
@mattklein123
Copy link
Member

This will be fixed by #10716 so closing this as a dup. cc @lizan

@lizan
Copy link
Member

lizan commented Apr 9, 2020

This is already fixed, we don't tag latest except master: https://github.com/envoyproxy/envoy/blob/master/ci/docker_push.sh#L20

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/build help wanted Needs help!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lizan @mattklein123 @htuch