Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use get-latest action to avoid issues with git after CVE-2022-24765 #492

Merged
merged 1 commit into from
May 4, 2022

Conversation

arbulu89
Copy link
Contributor

@arbulu89 arbulu89 commented May 4, 2022

The version of the container is incorrectly found. Fix for that.

Fix for the git CVE-2022-24765. More info in:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
actions/checkout#760

@arbulu89 arbulu89 added the bug Something isn't working label May 4, 2022
@dottorblaster dottorblaster merged commit 822f76c into main May 4, 2022
@dottorblaster dottorblaster deleted the fix-git-cve-2022-24765 branch May 4, 2022 08:15
dottorblaster added a commit that referenced this pull request May 4, 2022
@stefanotorresi
Copy link
Member

Using the last tag as VERSION with osc is not enough, otherwise we're gonna do multiple OBS commits with the same version. This is why the python script appended a +dev{N}-SHA suffix.

@arbulu89
Copy link
Contributor Author

arbulu89 commented May 4, 2022

@stefanotorresi The container delivery system works in a different way. We cannot add the commit sha there, as it is not permitted.
PD: That's why OBS includes the %RELEASE% tag, so you can have different builds for each execution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Development

Successfully merging this pull request may close these issues.

3 participants