Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE fix for all repos #239

Closed
heyselbi opened this issue Oct 18, 2023 · 1 comment · Fixed by opendatahub-io/modelmesh#41, opendatahub-io/rest-proxy#20, opendatahub-io/kserve#109, opendatahub-io/odh-model-controller#107 or opendatahub-io/modelmesh-runtime-adapter#29
Closed

CVE fix for all repos #239

heyselbi opened this issue Oct 18, 2023 · 1 comment · Fixed by opendatahub-io/modelmesh#41, opendatahub-io/rest-proxy#20, opendatahub-io/kserve#109, opendatahub-io/odh-model-controller#107 or opendatahub-io/modelmesh-runtime-adapter#29
Assignees
@spolti @Jooho @israel-hdez @heyselbi
Labels
rhods-2.4

Comments

@heyselbi
Copy link

heyselbi commented Oct 18, 2023
edited
Loading

Issue tracker for CVE-2023-44487 hotfix.
Gitlab CPaaS builds of ModelMesh and KServe have been updated to ubi8/go-toolset:1.19.
In general, across all repos:

  • golang.org/x/net/http2 updated to v0.17.0 in go.mod
  • google.golang.org/grpc upgraded to v1.56.3 in go.mod
  • ubi-minimal base image updated to 8.8

More modules were updated based on the SNYK report suggestions. CVE report on SNYK can be seen here.

Note: vulnerabilities in /docs in all repos and /client in OVMS repo can be ignored since they are not in shipped in the product.
@heyselbi heyselbi converted this from a draft issue Oct 18, 2023
@heyselbi heyselbi moved this from To-do/Groomed to In Progress in ODH Model Serving Planning Oct 18, 2023
This was referenced Oct 19, 2023
Merged
Merged
Closed
@heyselbi heyselbi linked a pull request Oct 19, 2023 that will close this issue
[RHODS-12555] - CVE-2023-44487 opendatahub-io/modelmesh#41
Merged
This was linked to pull requests Oct 19, 2023
[RHODS-12555] - CVE-2023-44487 opendatahub-io/rest-proxy#20
Merged
[RHODS-12555] - CVE-2023-44487 opendatahub-io/kserve#109
Merged
[RHODS-12555] - CVE-2023-44487 opendatahub-io/odh-model-controller#107
Merged
[RHODS-12555] - CVE-2023-44487 opendatahub-io/modelmesh-runtime-adapter#29
Merged
[RHODS-12555] - CVE-2023-44487 #243
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in ODH Model Serving Planning Oct 20, 2023
@spolti spolti reopened this Oct 20, 2023
@github-project-automation github-project-automation bot moved this from Done to New/Backlog in ODH Model Serving Planning Oct 20, 2023
@github-project-automation github-project-automation bot moved this from New/Backlog to Done in ODH Model Serving Planning Oct 20, 2023
@spolti spolti reopened this Oct 20, 2023
@github-project-automation github-project-automation bot moved this from Done to New/Backlog in ODH Model Serving Planning Oct 20, 2023
This was linked to pull requests Oct 20, 2023
[Cherry-pick] CVE-2023-44487 opendatahub-io/rest-proxy#22
Merged
[Cherry-pick] CVE-2023-44487 opendatahub-io/rest-proxy#21
Merged
[Cherry-pick] CVE-2023-44487 opendatahub-io/modelmesh#43
Merged
[Cherry-Pick] CVE-2023-44487 opendatahub-io/modelmesh#42
Merged
@github-project-automation github-project-automation bot moved this from New/Backlog to Done in ODH Model Serving Planning Oct 20, 2023
@spolti spolti reopened this Oct 20, 2023
@github-project-automation github-project-automation bot moved this from Done to New/Backlog in ODH Model Serving Planning Oct 20, 2023
@github-project-automation github-project-automation bot moved this from New/Backlog to Done in ODH Model Serving Planning Oct 21, 2023
@heyselbi heyselbi reopened this Oct 23, 2023
@github-project-automation github-project-automation bot moved this from Done to New/Backlog in ODH Model Serving Planning Oct 23, 2023
@heyselbi heyselbi moved this from New/Backlog to In Progress in ODH Model Serving Planning Oct 24, 2023
@heyselbi
Copy link
Author

heyselbi commented Oct 25, 2023
edited
Loading

GitHub Issues is not allowing addition of more than 10 PRs. Here are the PRs from downstream:
kserve

SHA tag update for kserve

modelmesh-serving

modelmesh

modelmesh-runtime-adapter

rest-proxy

odh-model-controller

@heyselbi heyselbi moved this from In Progress to Under Review in ODH Model Serving Planning Oct 25, 2023
@github-project-automation github-project-automation bot moved this from Under Review to Done in ODH Model Serving Planning Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spolti spolti

@Jooho Jooho

@israel-hdez israel-hdez

@heyselbi heyselbi

Labels
rhods-2.4
Projects
Internal tracking
Status: Done
ODH Feature Tracking
Status: No status
ODH Model Serving Planning
Status: Done
Milestone
No milestone
4 participants
@spolti @Jooho @israel-hdez @heyselbi