Skip to content

Commit

Permalink
Bugfix release to fix CVE-2023-24538 (#4795)
Browse files Browse the repository at this point in the history
* Bugfix release to fix CVE-2023-24538

* Update CHANGELOG.md

* Update v2.7.md

* make build-jsonnet-tests

---------

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
  • Loading branch information
aldernero and aknuds1 authored Apr 20, 2023
1 parent 053cab4 commit 76a1021
Show file tree
Hide file tree
Showing 49 changed files with 385 additions and 378 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/compare-helm-with-jsonnet.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '1.20.1'
go-version: '1.20.3'
- uses: helm/kind-action@v1.2.0
- name: Download yq
uses: dsaltares/fetch-gh-release-asset@d9376dacd30fd38f49238586cd2e9295a8307f4c
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
conftest:
runs-on: ubuntu-latest
container:
image: grafana/mimir-build-image:goupdate-751733fe1
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/test-build-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
lint:
runs-on: ubuntu-latest
container:
image: grafana/mimir-build-image:goupdate-751733fe1
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand Down Expand Up @@ -64,7 +64,7 @@ jobs:
lint-jsonnet:
runs-on: ubuntu-latest
container:
image: grafana/mimir-build-image:goupdate-72d66708c
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand All @@ -90,7 +90,7 @@ jobs:
lint-helm:
runs-on: ubuntu-latest
container:
image: grafana/mimir-build-image:goupdate-751733fe1
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand Down Expand Up @@ -119,7 +119,7 @@ jobs:
test_group_id: [0, 1, 2, 3]
test_group_total: [4]
container:
image: grafana/mimir-build-image:goupdate-751733fe1
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand Down Expand Up @@ -154,7 +154,7 @@ jobs:
build:
runs-on: ubuntu-latest
container:
image: grafana/mimir-build-image:goupdate-751733fe1
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand Down Expand Up @@ -198,7 +198,7 @@ jobs:
- name: Upgrade golang
uses: actions/setup-go@v3
with:
go-version: 1.20.1
go-version: 1.20.3
- name: Check out repository
uses: actions/checkout@v3
- name: Run Git Config
Expand Down Expand Up @@ -244,7 +244,7 @@ jobs:
if: (startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/r') ) && github.event_name == 'push' && github.repository == 'grafana/mimir'
runs-on: ubuntu-latest
container:
image: grafana/mimir-build-image:goupdate-751733fe1
image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
steps:
- name: Check out repository
uses: actions/checkout@v3
Expand Down
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## 2.7.2

### Grafana Mimir

* [BUGFIX] Security: updated Go version to 1.20.3 to fix CVE-2023-24538 #4795

## 2.7.1

**Note**: During the release process, version 2.7.0 was tagged too early, before completing the release checklist and production testing. Release 2.7.1 doesn't include any code changes since 2.7.0, but now has proper release notes, published documentation, and has been fully tested in our production environment.
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ mimir-build-image/$(UPTODATE): mimir-build-image/*
# All the boiler plate for building golang follows:
SUDO := $(shell docker info >/dev/null 2>&1 || echo "sudo -E")
BUILD_IN_CONTAINER ?= true
LATEST_BUILD_IMAGE_TAG ?= goupdate-751733fe1
LATEST_BUILD_IMAGE_TAG ?= chore-upgrade-go-1203-5c4c29f01

# TTY is parameterized to allow Google Cloud Builder to run builds,
# as it currently disallows TTY devices. This value needs to be overridden
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.7.1
2.7.2
2 changes: 1 addition & 1 deletion development/mimir-microservices-mode/dev.dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.20.1
FROM golang:1.20.3
ENV CGO_ENABLED=0
RUN go install github.com/go-delve/delve/cmd/dlv@v1.9.1

Expand Down
2 changes: 1 addition & 1 deletion development/mimir-read-write-mode/dev.dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.20.1
FROM golang:1.20.3
ENV CGO_ENABLED=0
RUN go install github.com/go-delve/delve/cmd/dlv@v1.7.3

Expand Down
1 change: 1 addition & 0 deletions docs/sources/mimir/release-notes/v2.7.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,3 +79,4 @@ In Grafana Mimir 2.7, the following options, metrics, and labels have been remov
- Ingester: conversion of global limits max-series-per-user, max-series-per-metric, max-metadata-per-user and max-metadata-per-metric into corresponding local limits now takes into account the number of ingesters in each zone. [PR 4238](https://github.com/grafana/mimir/pull/4238)
- Ingester: track cortex_ingester_memory_series metric consistently with cortex_ingester_memory_series_created_total and cortex_ingester_memory_series_removed_total. [PR 4312](https://github.com/grafana/mimir/pull/4312)
- Querier: fixed a bug which was incorrectly matching series with regular expression label matchers with begin/end anchors in the middle of the regular expression. [PR 4340](https://github.com/grafana/mimir/pull/4340)
- Security: updated the Go version to 1.20.3 to fix CVE-2023-24538. [PR 4795](https://github.com/grafana/mimir/pull/4795)
2 changes: 1 addition & 1 deletion mimir-build-image/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

FROM k8s.gcr.io/kustomize/kustomize:v4.5.5 as kustomize
FROM alpine/helm:3.11.1 as helm
FROM golang:1.20.1-bullseye
FROM golang:1.20.3-bullseye
ARG goproxyValue
ENV GOPROXY=${goproxyValue}
ENV SKOPEO_DEPS="libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config"
Expand Down
2 changes: 1 addition & 1 deletion operations/mimir-rules-action/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: AGPL-3.0-only

FROM grafana/mimirtool:2.7.1
FROM grafana/mimirtool:2.7.2

COPY entrypoint.sh /entrypoint.sh

Expand Down
24 changes: 12 additions & 12 deletions operations/mimir-tests/test-autoscaling-generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,7 @@ spec:
- -server.http-listen-port=8080
- -target=distributor
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: distributor
ports:
Expand Down Expand Up @@ -564,7 +564,7 @@ spec:
env:
- name: JAEGER_REPORTER_MAX_QUEUE_SIZE
value: "1024"
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: querier
ports:
Expand Down Expand Up @@ -637,7 +637,7 @@ spec:
- -server.http-listen-port=8080
- -target=query-frontend
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: query-frontend
ports:
Expand Down Expand Up @@ -708,7 +708,7 @@ spec:
- -server.http-listen-port=8080
- -target=query-scheduler
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: query-scheduler
ports:
Expand Down Expand Up @@ -792,7 +792,7 @@ spec:
- -store-gateway.sharding-ring.store=memberlist
- -target=ruler
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ruler
ports:
Expand Down Expand Up @@ -884,7 +884,7 @@ spec:
env:
- name: JAEGER_REPORTER_MAX_QUEUE_SIZE
value: "1024"
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ruler-querier
ports:
Expand Down Expand Up @@ -960,7 +960,7 @@ spec:
- -server.http-listen-port=8080
- -target=query-frontend
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ruler-query-frontend
ports:
Expand Down Expand Up @@ -1031,7 +1031,7 @@ spec:
- -server.http-listen-port=8080
- -target=query-scheduler
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ruler-query-scheduler
ports:
Expand Down Expand Up @@ -1099,7 +1099,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.podIP
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: alertmanager
ports:
Expand Down Expand Up @@ -1195,7 +1195,7 @@ spec:
- -server.http-listen-port=8080
- -target=compactor
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: compactor
ports:
Expand Down Expand Up @@ -1298,7 +1298,7 @@ spec:
- -server.http-listen-port=8080
- -target=ingester
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ingester
ports:
Expand Down Expand Up @@ -1627,7 +1627,7 @@ spec:
- -store-gateway.sharding-ring.wait-stability-min-duration=1m
- -target=store-gateway
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: store-gateway
ports:
Expand Down
18 changes: 9 additions & 9 deletions operations/mimir-tests/test-consul-generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -767,7 +767,7 @@ spec:
- -server.http-listen-port=8080
- -target=distributor
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: distributor
ports:
Expand Down Expand Up @@ -857,7 +857,7 @@ spec:
env:
- name: JAEGER_REPORTER_MAX_QUEUE_SIZE
value: "1024"
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: querier
ports:
Expand Down Expand Up @@ -929,7 +929,7 @@ spec:
- -server.http-listen-port=8080
- -target=query-frontend
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: query-frontend
ports:
Expand Down Expand Up @@ -1000,7 +1000,7 @@ spec:
- -server.http-listen-port=8080
- -target=query-scheduler
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: query-scheduler
ports:
Expand Down Expand Up @@ -1083,7 +1083,7 @@ spec:
- -store-gateway.sharding-ring.store=consul
- -target=ruler
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ruler
ports:
Expand Down Expand Up @@ -1158,7 +1158,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.podIP
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: alertmanager
ports:
Expand Down Expand Up @@ -1250,7 +1250,7 @@ spec:
- -server.http-listen-port=8080
- -target=compactor
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: compactor
ports:
Expand Down Expand Up @@ -1349,7 +1349,7 @@ spec:
- -server.http-listen-port=8080
- -target=ingester
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: ingester
ports:
Expand Down Expand Up @@ -1674,7 +1674,7 @@ spec:
- -store-gateway.sharding-ring.wait-stability-min-duration=1m
- -target=store-gateway
- -usage-stats.installation-mode=jsonnet
image: grafana/mimir:2.7.1
image: grafana/mimir:2.7.2
imagePullPolicy: IfNotPresent
name: store-gateway
ports:
Expand Down
Loading

0 comments on commit 76a1021

Please sign in to comment.