Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v0.11] Changes to minimize exposure to security issues #94

Merged
merged 1 commit into from
Oct 6, 2023
Merged

[v0.11] Changes to minimize exposure to security issues #94

merged 1 commit into from
Oct 6, 2023

Conversation

israel-hdez
Copy link

Same as #93, but for release-v0.11 branch (vX.Y branch).

@israel-hdez
[v0.11] Changes to minimize exposure to security issues
820006e 
* cmd/agent/main.go
  * Static code analysis states that unsanitized usage of the
    `--component-port` flag can potentially lead to SSRF. In
    practice, this may be very hard to happen, given that the source of
    the flag is always an integer (taken from `containerPort` of a Pod).
    Anyways, this is switching that flag to an Integer to be on the safe
    side (and to prevent the warning from the static code analysis tool).
* python/kserve
  * Run `poetry update`.
  * The main reason of the upgrade is [a recent fix to the MSAL
    library](AzureAD/microsoft-authentication-library-for-python@3427c25)
    to escape an unsafe string.
  * As an aside, this also moves away from
    [CVE-202-4807](https://www.cve.org/CVERecord?id=CVE-2023-4807), which is
    only applicable to Windows 64 platforms.

Additionally, this adds some more resiliency to openshift-ci runs.

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
@openshift-ci
Copy link

openshift-ci bot commented Sep 29, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: israel-hdez

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@israel-hdez israel-hdez mentioned this pull request Oct 2, 2023
Merged
@israel-hdez
Copy link
Author

Merging, because #93 has been merged.

@israel-hdez israel-hdez merged commit 1c21579 into opendatahub-io:release-v0.11 Oct 6, 2023
39 of 42 checks passed
@heyselbi heyselbi linked an issue Oct 9, 2023 that may be closed by this pull request
Follow-up: Address remaining "High" vulnerabilities in KServe repo from SNYK scans #91
Closed
4 tasks
@israel-hdez israel-hdez deleted the security-updates-v011 branch October 10, 2023 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anishasthana anishasthana Awaiting requested review from anishasthana

@VedantMahabaleshwarkar VedantMahabaleshwarkar Awaiting requested review from VedantMahabaleshwarkar

Assignees
No one assigned
Labels
approved
Projects
ODH Model Serving Planning
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Follow-up: Address remaining "High" vulnerabilities in KServe repo from SNYK scans
1 participant
@israel-hdez