Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add v1.18.0-1.1 images #1554

Closed
wants to merge 3 commits into from
Closed

Add v1.18.0-1.1 images #1554

wants to merge 3 commits into from

Conversation

kenhys
Copy link
Contributor

@kenhys kenhys commented Jan 20, 2025

Closes: #1553

  • ruby:3.2-slim-bookworm: OK
  • fluentd:v1.18.0-debian-amd64-1.0: OK
  • v1.18.0-1.0: vulnerable REXML < 3.3.6

kenhys added 3 commits January 20, 2025 11:44
@kenhys
Fix DoS in rexml
bb3a9bd 
The REXML gem before 3.3.6 has a DoS vulnerability when it parses an
XML that has many deep elements that have same local name attributes.

See GHSA-vmwr-mc7x-5vc3

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
@kenhys
Bump version to v1.18.0-1.1
dd0a5da 
Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
@kenhys
Add v1.18.0-1.1 images
de38f04 
Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
@kenhys kenhys force-pushed the release-v1.18.0-1.1 branch from 17e7e51 to de38f04 Compare January 20, 2025 03:05
@kenhys kenhys requested review from Watson1978 and daipom January 20, 2025 03:05
@kenhys kenhys closed this Jan 20, 2025
@kenhys kenhys deleted the release-v1.18.0-1.1 branch January 20, 2025 06:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Watson1978 Watson1978 Awaiting requested review from Watson1978

@daipom daipom Awaiting requested review from daipom

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

High CVEs in fluent/fluentd-kubernetes-daemonset:v1.18.0-debian-forward-1.0 image
1 participant
@kenhys