Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include open issues in official CVE feed #97

Closed
Tracked by #1
sftim opened this issue Aug 24, 2023 · 4 comments
Closed
Tracked by #1

Include open issues in official CVE feed #97

sftim opened this issue Aug 24, 2023 · 4 comments

Comments

@sftim
Copy link
Contributor

sftim commented Aug 24, 2023

https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ should include all public CVE IDs, even ones where we have not yet shipped a patch.

@PushkarJ FYI
@mtardy
Copy link
Member

mtardy commented Aug 24, 2023

We discussed that we could use the (close) status of the issue to retrieve three states for the CVE feed items:

  • issue open -> not fixed
  • issue closed as completed -> fixed (patch exists)
  • issue closed as not planned -> won't fix (patch will not be issued)

Pushkar mentioned that we should make sure the official-cve-feed label imposes the same condition as lifecycle/frozen label to avoid the unintended closing of the issue.

@sftim sftim mentioned this issue Aug 24, 2023
Closed
@PushkarJ PushkarJ mentioned this issue Nov 16, 2023
Merged
@PushkarJ
Copy link
Member

This is fixed via #97 should be followed up with #98

@PushkarJ
Copy link
Member

/close

@k8s-ci-robot
Copy link
Contributor

@PushkarJ: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@PushkarJ PushkarJ mentioned this issue Nov 22, 2023
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PushkarJ @mtardy @k8s-ci-robot @sftim