Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address security issues #7

Merged
merged 1 commit into from
Nov 16, 2023
Merged

Address security issues #7

merged 1 commit into from
Nov 16, 2023

Conversation

spolti
Copy link
Member

@spolti spolti commented Nov 14, 2023

  • update go lang base image Vulnerabilities
    Current image golang:1.18 200
    Proposed image golang:1.20.10 72

  • google.golang.org/grpc Denial of Service (DoS)

    • bum grpc to 1.57.1

Image test:

docker run --net=host --rm ovmsclient --serving-address localhost:9000 arctic-fox.jpeg
2023/11/14 14:25:15 Request sent successfullyving-address localhost:9000 arctic-fox.jpeg                                                                                                   ─╯
Predicted class: Arctic fox, white fox, Alopex lagopus
Classification confidence: 86.700356%

Description

How Has This Been Tested?

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@spolti
Address security issues
cdda86a 
- update go lang base image
  				Vulnerabilities
Current image	golang:1.18		    200
Proposed image	golang:1.20.10		     72

- google.golang.org/grpc Denial of Service (DoS)
  - bum grpc to 1.57.1

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti spolti requested review from Xaenalt and heyselbi November 14, 2023 14:26
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Nov 14, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: spolti
Once this PR has been reviewed and has the lgtm label, please assign heyselbi for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@spolti spolti mentioned this pull request Nov 14, 2023
Closed
4 tasks
@Xaenalt Xaenalt merged commit 2bd3fb2 into opendatahub-io:2023.1-release Nov 16, 2023
@spolti spolti deleted the cve-demos-img-class-2023.1 branch November 16, 2023 23:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xaenalt Xaenalt Awaiting requested review from Xaenalt

@heyselbi heyselbi Awaiting requested review from heyselbi

@anishasthana anishasthana Awaiting requested review from anishasthana

@israel-hdez israel-hdez Awaiting requested review from israel-hdez

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spolti @Xaenalt