Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update debian image from bullseye to bookworm to fix CVEs #1694

Merged
merged 1 commit into from
Jun 4, 2024
Merged

Update debian image from bullseye to bookworm to fix CVEs #1694

merged 1 commit into from
Jun 4, 2024
+22 −8

Conversation

Sneha-at
Copy link
Contributor

@Sneha-at Sneha-at commented Apr 30, 2024
edited

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:
Update debian base image to bookworm as all bullseye version are stale and does not contain the fix for CVE-2024-33600, CVE-2024-33602, CVE-2024-2961, CVE-2024-33601, CVE-2024-33599
Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Update debian base image from bullseye to bookworm to fix CVE-2024-33600, CVE-2024-33602, CVE-2024-2961, CVE-2024-33601, CVE-2024-33599

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 30, 2024
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 30, 2024
@Sneha-at
Copy link
Contributor Author

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Apr 30, 2024
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels May 9, 2024
@Sneha-at
Copy link
Contributor Author

Sneha-at commented May 9, 2024

/retest-required

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 10, 2024
@Sneha-at
Copy link
Contributor Author

/retest-required

@Sneha-at
Copy link
Contributor Author

/retest

pwschuurman
pwschuurman reviewed May 11, 2024
View reviewed changes
Dockerfile Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
@Sneha-at
Copy link
Contributor Author

/retest

@Sneha-at
Copy link
Contributor Author

/retest

@Sneha-at Sneha-at marked this pull request as ready for review May 29, 2024 17:50
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels May 29, 2024
@Sneha-at Sneha-at changed the title Update debian image to fix CVE-2024-2961 Update debian image to fix CVE-2024-33600 CVE-2024-33602 CVE-2024-2961 CVE-2024-33601 CVE-2024-33599 May 29, 2024
@k8s-ci-robot k8s-ci-robot removed the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 29, 2024
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label May 29, 2024
@Sneha-at Sneha-at changed the title Update debian image to fix CVE-2024-33600 CVE-2024-33602 CVE-2024-2961 CVE-2024-33601 CVE-2024-33599 Update debian image to fix CVEs May 29, 2024
@Sneha-at Sneha-at changed the title Update debian image to fix CVEs Update debian image from bullseye to bookworm to fix CVEs May 29, 2024
@pwschuurman
Copy link
Contributor

Hmm, we never added verify-docker-deps.sh to the presubmit.

Can you validate that the image has all dependencies by running:

./hack/verify-docker-deps.sh

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 4, 2024
@pwschuurman
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 4, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pwschuurman, Sneha-at

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 4, 2024
@Sneha-at Sneha-at merged commit 6d2a1b2 into kubernetes-sigs:master Jun 4, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pwschuurman pwschuurman pwschuurman left review comments

@mattcary mattcary Awaiting requested review from mattcary

@songjiaxun songjiaxun Awaiting requested review from songjiaxun

@saikat-royc saikat-royc Awaiting requested review from saikat-royc

Assignees

@pwschuurman pwschuurman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Sneha-at @k8s-ci-robot @pwschuurman