Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update urllib3 for CVE-2019-11324 #897

Merged
merged 1 commit into from
Jul 26, 2019
Merged

Update urllib3 for CVE-2019-11324 #897

merged 1 commit into from
Jul 26, 2019

Conversation

micw523
Copy link
Contributor

@micw523 micw523 commented Jul 26, 2019
edited by roycaihw
Loading

CVE-2019-11324 affects all urllib3 versions before 1.24.2. We should bump the minimum version required.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 26, 2019
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 26, 2019
@micw523
Copy link
Contributor Author

micw523 commented Jul 26, 2019

/assign @roycaihw @yliaog

@roycaihw
Copy link
Member

/lgtm

@yliaog I'm not certain if we need to cherrypick this

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 26, 2019
@yliaog
Copy link
Contributor

yliaog commented Jul 26, 2019

/lgtm
/approve

CVE-2019-11324 is deemed high impact, so better to have a new release with the fix soon

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: micw523, yliaog

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 26, 2019
@k8s-ci-robot k8s-ci-robot merged commit 734e255 into kubernetes-client:master Jul 26, 2019
@roycaihw
Copy link
Member

@yliaog sounds good. I will do releases for k8s 1.13, 1.14 and 1.15

@roycaihw roycaihw mentioned this pull request Aug 2, 2019
Closed
@tomplus tomplus mentioned this pull request Sep 16, 2019
Merged
@micw523 micw523 deleted the patch-3 branch September 24, 2019 20:34
wmfgerrit pushed a commit to wikimedia/labs-tools-maintain-kubeusers that referenced this pull request Oct 31, 2019
updates: Upgrade to kubernetes-10.0.1 for CVE-2019-11324
4be8de9 
This will cover kubernetes-client/python#897
Also included are upgrades to the cryptography package and a bugfix update
to ldap3.

Tests, builds and full runs against test environments completed successfully.

Change-Id: Ica345d092f2ce5c59cdd9f4e7144ae22b594dc6b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

@yliaog yliaog Awaiting requested review from yliaog

Assignees

@roycaihw roycaihw

@yliaog yliaog

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@micw523 @roycaihw @yliaog @k8s-ci-robot