Skip to content
This repository has been archived by the owner on Apr 7, 2020. It is now read-only.

Fix CSI volume security issue on AliCloud for k8s v1.13 #448

Merged
merged 1 commit into from
Nov 21, 2019
Merged

Fix CSI volume security issue on AliCloud for k8s v1.13 #448

merged 1 commit into from
Nov 21, 2019

Conversation

jia-jerry
Copy link
Contributor

What this PR does / why we need it:
Fix issue CVE-2019-11255: CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation.

This issue only occurs in AliCloud for k8s v1.13.
Which issue(s) this PR fixes:
kubernetes/kubernetes#85233.

Special notes for your reviewer:

Release note:

Issue CVE-2019-11255 is fixed, which only affected shoot clusters in k8s version 1.13.

@jia-jerry jia-jerry requested a review from a team as a code owner November 21, 2019 03:41
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 21, 2019
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Nov 21, 2019
@jia-jerry jia-jerry changed the title Fix CSI volume security issue on AliCloud for k8s v1.13 #447 Fix CSI volume security issue on AliCloud for k8s v1.13 Nov 21, 2019
@zanetworker
Copy link
Contributor

@jia-jerry there are two similar PRs, I will close the older and keep this one, ok?

@jia-jerry
Copy link
Contributor Author

@jia-jerry there are two similar PRs, I will close the older and keep this one, ok?

Shall we have a new release for 11b based on master? otherwise, I need the cherry-picked one.

@zanetworker
Copy link
Contributor

so the next release was supposed to be 1.0.0, due to some validation in the testing we kept it at 0.14.4 for now. I am assuming your change will anyways go with the major release. Let's keep them both for now.

@zanetworker zanetworker merged commit 16a4e2c into gardener-attic:master Nov 21, 2019
@ialidzhikov
Copy link
Contributor

@jia-jerry, should I cherry-pick this one to release-1.0 branch?

@ialidzhikov
Copy link
Contributor

Ref 28804e6

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zanetworker zanetworker zanetworker approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jia-jerry @zanetworker @ialidzhikov @gardener-robot-ci-1 @gardener-robot-ci-3