mirror of
https://github.com/argoproj/argo-cd.git
synced 2026-02-23 19:18:47 +01:00
Compare commits
1 Commits
commit-ser
...
temp-cherr
| Author | SHA1 | Date | |
|---|---|---|---|
|
5cc3935dc6 |
20
.github/workflows/ci-build.yaml
vendored
20
.github/workflows/ci-build.yaml
vendored
@@ -13,7 +13,7 @@ on:
|
||||
|
||||
env:
|
||||
# Golang version to use across CI steps
|
||||
GOLANG_VERSION: '1.22'
|
||||
GOLANG_VERSION: '1.21'
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
@@ -43,8 +43,6 @@ jobs:
|
||||
frontend:
|
||||
- 'ui/**'
|
||||
- Dockerfile
|
||||
docs:
|
||||
- 'docs/**'
|
||||
check-go:
|
||||
name: Ensure Go modules synchronicity
|
||||
if: ${{ needs.changes.outputs.backend == 'true' }}
|
||||
@@ -171,12 +169,12 @@ jobs:
|
||||
- name: Run all unit tests
|
||||
run: make test-local
|
||||
- name: Generate code coverage artifacts
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
|
||||
with:
|
||||
name: code-coverage
|
||||
path: coverage.out
|
||||
- name: Generate test results artifacts
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
|
||||
with:
|
||||
name: test-results
|
||||
path: test-results/
|
||||
@@ -240,14 +238,14 @@ jobs:
|
||||
- name: Run all unit tests
|
||||
run: make test-race-local
|
||||
- name: Generate test results artifacts
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
|
||||
with:
|
||||
name: race-results
|
||||
path: test-results/
|
||||
|
||||
codegen:
|
||||
name: Check changes to generated code
|
||||
if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.docs == 'true'}}
|
||||
if: ${{ needs.changes.outputs.backend == 'true' }}
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- changes
|
||||
@@ -359,11 +357,11 @@ jobs:
|
||||
run: |
|
||||
mkdir -p test-results
|
||||
- name: Get code coverage artifact
|
||||
uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: code-coverage
|
||||
- name: Get test result artifact
|
||||
uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: test-results
|
||||
path: test-results
|
||||
@@ -474,7 +472,7 @@ jobs:
|
||||
run: |
|
||||
docker pull ghcr.io/dexidp/dex:v2.38.0
|
||||
docker pull argoproj/argo-cd-ci-builder:v1.0.0
|
||||
docker pull redis:7.0.15-alpine
|
||||
docker pull redis:7.0.14-alpine
|
||||
- name: Create target directory for binaries in the build-process
|
||||
run: |
|
||||
mkdir -p dist
|
||||
@@ -502,7 +500,7 @@ jobs:
|
||||
set -x
|
||||
make test-e2e-local
|
||||
- name: Upload e2e-server logs
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
|
||||
with:
|
||||
name: e2e-server-k8s${{ matrix.k3s-version }}.log
|
||||
path: /tmp/e2e-server.log
|
||||
|
||||
2
.github/workflows/image-reuse.yaml
vendored
2
.github/workflows/image-reuse.yaml
vendored
@@ -134,7 +134,7 @@ jobs:
|
||||
echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
|
||||
|
||||
- name: Free Disk Space (Ubuntu)
|
||||
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
|
||||
uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91
|
||||
with:
|
||||
large-packages: false
|
||||
docker-images: false
|
||||
|
||||
6
.github/workflows/image.yaml
vendored
6
.github/workflows/image.yaml
vendored
@@ -52,7 +52,7 @@ jobs:
|
||||
uses: ./.github/workflows/image-reuse.yaml
|
||||
with:
|
||||
# Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
|
||||
go-version: 1.22
|
||||
go-version: 1.21
|
||||
platforms: ${{ needs.set-vars.outputs.platforms }}
|
||||
push: false
|
||||
|
||||
@@ -68,7 +68,7 @@ jobs:
|
||||
quay_image_name: quay.io/argoproj/argocd:latest
|
||||
ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
|
||||
# Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
|
||||
go-version: 1.22
|
||||
go-version: 1.21
|
||||
platforms: ${{ needs.set-vars.outputs.platforms }}
|
||||
push: true
|
||||
secrets:
|
||||
@@ -86,7 +86,7 @@ jobs:
|
||||
packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
|
||||
if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
|
||||
# Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
|
||||
with:
|
||||
image: ghcr.io/argoproj/argo-cd/argocd
|
||||
digest: ${{ needs.build-and-publish.outputs.image-digest }}
|
||||
|
||||
2
.github/workflows/init-release.yaml
vendored
2
.github/workflows/init-release.yaml
vendored
@@ -64,7 +64,7 @@ jobs:
|
||||
git stash pop
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4
|
||||
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
|
||||
with:
|
||||
commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
|
||||
title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
|
||||
|
||||
2
.github/workflows/pr-title-check.yml
vendored
2
.github/workflows/pr-title-check.yml
vendored
@@ -23,7 +23,7 @@ jobs:
|
||||
name: Validate PR Title
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2
|
||||
- uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0
|
||||
with:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
configuration_path: ".github/pr-title-checker-config.json"
|
||||
|
||||
14
.github/workflows/release.yaml
vendored
14
.github/workflows/release.yaml
vendored
@@ -10,7 +10,7 @@ on:
|
||||
permissions: {}
|
||||
|
||||
env:
|
||||
GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version
|
||||
GOLANG_VERSION: '1.21' # Note: go-version must also be set in job argocd-image.with.go-version
|
||||
|
||||
jobs:
|
||||
argocd-image:
|
||||
@@ -23,7 +23,7 @@ jobs:
|
||||
with:
|
||||
quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
|
||||
# Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
|
||||
go-version: 1.22
|
||||
go-version: 1.21
|
||||
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
|
||||
push: true
|
||||
secrets:
|
||||
@@ -38,7 +38,7 @@ jobs:
|
||||
packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
|
||||
# Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
|
||||
if: github.repository == 'argoproj/argo-cd'
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
|
||||
with:
|
||||
image: quay.io/argoproj/argocd
|
||||
digest: ${{ needs.argocd-image.outputs.image-digest }}
|
||||
@@ -88,7 +88,7 @@ jobs:
|
||||
echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
|
||||
|
||||
- name: Free Disk Space (Ubuntu)
|
||||
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
|
||||
uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91
|
||||
with:
|
||||
large-packages: false
|
||||
docker-images: false
|
||||
@@ -128,7 +128,7 @@ jobs:
|
||||
contents: write # Needed for release uploads
|
||||
if: github.repository == 'argoproj/argo-cd'
|
||||
# Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
|
||||
with:
|
||||
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
|
||||
provenance-name: "argocd-cli.intoto.jsonl"
|
||||
@@ -212,7 +212,7 @@ jobs:
|
||||
contents: write # Needed for release uploads
|
||||
if: github.repository == 'argoproj/argo-cd'
|
||||
# Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
|
||||
with:
|
||||
base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}"
|
||||
provenance-name: "argocd-sbom.intoto.jsonl"
|
||||
@@ -295,7 +295,7 @@ jobs:
|
||||
if: ${{ env.UPDATE_VERSION == 'true' }}
|
||||
|
||||
- name: Create PR to update VERSION on master branch
|
||||
uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4
|
||||
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
|
||||
with:
|
||||
commit-message: Bump version in master
|
||||
title: "chore: Bump version in master"
|
||||
|
||||
2
.github/workflows/scorecard.yaml
vendored
2
.github/workflows/scorecard.yaml
vendored
@@ -54,7 +54,7 @@ jobs:
|
||||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
||||
# format to the repository Actions tab.
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -19,7 +19,6 @@ node_modules/
|
||||
./test/cmp/*.sock
|
||||
.envrc.remote
|
||||
.*.swp
|
||||
rerunreport.txt
|
||||
|
||||
# ignore built binaries
|
||||
cmd/argocd/argocd
|
||||
|
||||
@@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fca
|
||||
# Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
|
||||
# Also used as the image in CI jobs so needs all dependencies
|
||||
####################################################################################################
|
||||
FROM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS builder
|
||||
FROM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd AS builder
|
||||
|
||||
RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list
|
||||
|
||||
@@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP
|
||||
####################################################################################################
|
||||
# Argo CD Build stage which performs the actual build of Argo CD binaries
|
||||
####################################################################################################
|
||||
FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS argocd-build
|
||||
FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21.9@sha256:7d0dcbe5807b1ad7272a598fbf9d7af15b5e2bed4fd6c4c2b5b3684df0b317dd AS argocd-build
|
||||
|
||||
WORKDIR /go/src/github.com/argoproj/argo-cd
|
||||
|
||||
|
||||
8
USERS.md
8
USERS.md
@@ -18,7 +18,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [Albert Heijn](https://ah.nl/)
|
||||
1. [Alibaba Group](https://www.alibabagroup.com/)
|
||||
1. [Allianz Direct](https://www.allianzdirect.de/)
|
||||
1. [AlphaSense](https://www.alpha-sense.com/)
|
||||
1. [Amadeus IT Group](https://amadeus.com/)
|
||||
1. [Ambassador Labs](https://www.getambassador.io/)
|
||||
1. [Ancestry](https://www.ancestry.com/)
|
||||
@@ -36,7 +35,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform)
|
||||
1. [Beat](https://thebeat.co/en/)
|
||||
1. [Beez Innovation Labs](https://www.beezlabs.com/)
|
||||
1. [Bedag Informatik AG](https://www.bedag.ch/)
|
||||
1. [Beleza Na Web](https://www.belezanaweb.com.br/)
|
||||
1. [BigPanda](https://bigpanda.io)
|
||||
1. [BioBox Analytics](https://biobox.io)
|
||||
@@ -60,7 +58,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [Cisco ET&I](https://eti.cisco.com/)
|
||||
1. [Cloud Posse](https://www.cloudposse.com/)
|
||||
1. [Cloud Scale](https://cloudscaleinc.com/)
|
||||
1. [CloudGeometry](https://www.cloudgeometry.io/)
|
||||
1. [Cloudmate](https://cloudmt.co.kr/)
|
||||
1. [Cloudogu](https://cloudogu.com/)
|
||||
1. [Cobalt](https://www.cobalt.io/)
|
||||
@@ -135,7 +132,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [IABAI](https://www.iab.ai)
|
||||
1. [IBM](https://www.ibm.com/)
|
||||
1. [Ibotta](https://home.ibotta.com)
|
||||
1. [IFS](https://www.ifs.com)
|
||||
1. [IITS-Consulting](https://iits-consulting.de)
|
||||
1. [IllumiDesk](https://www.illumidesk.com)
|
||||
1. [imaware](https://imaware.health)
|
||||
@@ -183,7 +179,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [Meilleurs Agents](https://www.meilleursagents.com/)
|
||||
1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/)
|
||||
1. [Mercedes-Benz.io](https://www.mercedes-benz.io/)
|
||||
1. [Metacore Games](https://metacoregames.com/)
|
||||
1. [Metanet](http://www.metanet.co.kr/en/)
|
||||
1. [MindSpore](https://mindspore.cn)
|
||||
1. [Mirantis](https://mirantis.com/)
|
||||
@@ -204,7 +199,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [Objective](https://www.objective.com.br/)
|
||||
1. [OCCMundial](https://occ.com.mx)
|
||||
1. [Octadesk](https://octadesk.com)
|
||||
1. [Octopus Deploy](https://octopus.com)
|
||||
1. [Olfeo](https://www.olfeo.com/)
|
||||
1. [omegaUp](https://omegaUp.com)
|
||||
1. [Omni](https://omni.se/)
|
||||
@@ -231,7 +225,6 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [Percona](https://percona.com/)
|
||||
1. [PGS](https://www.pgs.com)
|
||||
1. [Pigment](https://www.gopigment.com/)
|
||||
1. [Pipedrive](https://www.pipedrive.com/)
|
||||
1. [Pipefy](https://www.pipefy.com/)
|
||||
1. [Pismo](https://pismo.io/)
|
||||
1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/)
|
||||
@@ -251,6 +244,7 @@ Currently, the following organizations are **officially** using Argo CD:
|
||||
1. [Quipper](https://www.quipper.com/)
|
||||
1. [RapidAPI](https://www.rapidapi.com/)
|
||||
1. [rebuy](https://www.rebuy.de/)
|
||||
1. [Recreation.gov](https://www.recreation.gov/)
|
||||
1. [Red Hat](https://www.redhat.com/)
|
||||
1. [Redpill Linpro](https://www.redpill-linpro.com/)
|
||||
1. [Reenigne Cloud](https://reenigne.ca)
|
||||
|
||||
@@ -168,16 +168,6 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, nil
|
||||
}
|
||||
|
||||
currentApplications, err := r.getCurrentApplications(ctx, applicationSetInfo)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err)
|
||||
}
|
||||
|
||||
err = r.updateResourcesStatus(ctx, logCtx, &applicationSetInfo, currentApplications)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, fmt.Errorf("failed to get update resources status for application set: %w", err)
|
||||
}
|
||||
|
||||
// appMap is a name->app collection of Applications in this ApplicationSet.
|
||||
appMap := map[string]argov1alpha1.Application{}
|
||||
// appSyncMap tracks which apps will be synced during this reconciliation.
|
||||
@@ -194,11 +184,16 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
} else if applicationSetInfo.Spec.Strategy != nil {
|
||||
// appset uses progressive sync
|
||||
for _, app := range currentApplications {
|
||||
applications, err := r.getCurrentApplications(ctx, applicationSetInfo)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err)
|
||||
}
|
||||
|
||||
for _, app := range applications {
|
||||
appMap[app.Name] = app
|
||||
}
|
||||
|
||||
appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, desiredApplications, appMap)
|
||||
appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, applications, desiredApplications, appMap)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err)
|
||||
}
|
||||
@@ -1370,86 +1365,6 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica
|
||||
return -1
|
||||
}
|
||||
|
||||
func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error {
|
||||
statusMap := getResourceStatusMap(appset)
|
||||
statusMap = buildResourceStatus(statusMap, apps)
|
||||
|
||||
statuses := []argov1alpha1.ResourceStatus{}
|
||||
for _, status := range statusMap {
|
||||
statuses = append(statuses, status)
|
||||
}
|
||||
appset.Status.Resources = statuses
|
||||
|
||||
namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name}
|
||||
err := r.Client.Status().Update(ctx, appset)
|
||||
if err != nil {
|
||||
|
||||
logCtx.Errorf("unable to set application set status: %v", err)
|
||||
return fmt.Errorf("unable to set application set status: %v", err)
|
||||
}
|
||||
|
||||
if err := r.Get(ctx, namespacedName, appset); err != nil {
|
||||
if client.IgnoreNotFound(err) != nil {
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("error fetching updated application set: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func buildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus {
|
||||
appMap := map[string]argov1alpha1.Application{}
|
||||
for _, app := range apps {
|
||||
appCopy := app
|
||||
appMap[app.Name] = app
|
||||
|
||||
gvk := app.GroupVersionKind()
|
||||
// Create status if it does not exist
|
||||
status, ok := statusMap[app.Name]
|
||||
if !ok {
|
||||
status = argov1alpha1.ResourceStatus{
|
||||
Group: gvk.Group,
|
||||
Version: gvk.Version,
|
||||
Kind: gvk.Kind,
|
||||
Name: app.Name,
|
||||
Namespace: app.Namespace,
|
||||
Status: app.Status.Sync.Status,
|
||||
Health: &appCopy.Status.Health,
|
||||
}
|
||||
}
|
||||
|
||||
status.Group = gvk.Group
|
||||
status.Version = gvk.Version
|
||||
status.Kind = gvk.Kind
|
||||
status.Name = app.Name
|
||||
status.Namespace = app.Namespace
|
||||
status.Status = app.Status.Sync.Status
|
||||
status.Health = &appCopy.Status.Health
|
||||
|
||||
statusMap[app.Name] = status
|
||||
}
|
||||
cleanupDeletedApplicationStatuses(statusMap, appMap)
|
||||
|
||||
return statusMap
|
||||
}
|
||||
|
||||
func getResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus {
|
||||
statusMap := map[string]argov1alpha1.ResourceStatus{}
|
||||
for _, status := range appset.Status.Resources {
|
||||
statusMap[status.Name] = status
|
||||
}
|
||||
return statusMap
|
||||
}
|
||||
|
||||
func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) {
|
||||
for name := range statusMap {
|
||||
if _, ok := apps[name]; !ok {
|
||||
delete(statusMap, name)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// setApplicationSetApplicationStatus updates the ApplicatonSet's status field
|
||||
// with any new/changed Application statuses.
|
||||
func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error {
|
||||
|
||||
@@ -6132,219 +6132,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdateResourceStatus(t *testing.T) {
|
||||
|
||||
scheme := runtime.NewScheme()
|
||||
err := v1alpha1.AddToScheme(scheme)
|
||||
assert.Nil(t, err)
|
||||
|
||||
err = v1alpha1.AddToScheme(scheme)
|
||||
assert.Nil(t, err)
|
||||
|
||||
for _, cc := range []struct {
|
||||
name string
|
||||
appSet v1alpha1.ApplicationSet
|
||||
apps []v1alpha1.Application
|
||||
expectedResources []v1alpha1.ResourceStatus
|
||||
}{
|
||||
{
|
||||
name: "handles an empty application list",
|
||||
appSet: v1alpha1.ApplicationSet{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "name",
|
||||
Namespace: "argocd",
|
||||
},
|
||||
Status: v1alpha1.ApplicationSetStatus{
|
||||
Resources: []v1alpha1.ResourceStatus{},
|
||||
},
|
||||
},
|
||||
apps: []v1alpha1.Application{},
|
||||
expectedResources: nil,
|
||||
},
|
||||
{
|
||||
name: "adds status if no existing statuses",
|
||||
appSet: v1alpha1.ApplicationSet{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "name",
|
||||
Namespace: "argocd",
|
||||
},
|
||||
Status: v1alpha1.ApplicationSetStatus{
|
||||
ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{},
|
||||
},
|
||||
},
|
||||
apps: []v1alpha1.Application{
|
||||
{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "app1",
|
||||
},
|
||||
Status: v1alpha1.ApplicationStatus{
|
||||
Sync: v1alpha1.SyncStatus{
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
},
|
||||
Health: v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedResources: []v1alpha1.ResourceStatus{
|
||||
{
|
||||
Name: "app1",
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
Health: &v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "handles an applicationset with existing and up-to-date status",
|
||||
appSet: v1alpha1.ApplicationSet{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "name",
|
||||
Namespace: "argocd",
|
||||
},
|
||||
Status: v1alpha1.ApplicationSetStatus{
|
||||
Resources: []v1alpha1.ResourceStatus{
|
||||
{
|
||||
Name: "app1",
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
Health: &v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
apps: []v1alpha1.Application{
|
||||
{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "app1",
|
||||
},
|
||||
Status: v1alpha1.ApplicationStatus{
|
||||
Sync: v1alpha1.SyncStatus{
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
},
|
||||
Health: v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedResources: []v1alpha1.ResourceStatus{
|
||||
{
|
||||
Name: "app1",
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
Health: &v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "updates an applicationset with existing and out of date status",
|
||||
appSet: v1alpha1.ApplicationSet{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "name",
|
||||
Namespace: "argocd",
|
||||
},
|
||||
Status: v1alpha1.ApplicationSetStatus{
|
||||
Resources: []v1alpha1.ResourceStatus{
|
||||
{
|
||||
Name: "app1",
|
||||
Status: v1alpha1.SyncStatusCodeOutOfSync,
|
||||
Health: &v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusProgressing,
|
||||
Message: "Progressing",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
apps: []v1alpha1.Application{
|
||||
{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "app1",
|
||||
},
|
||||
Status: v1alpha1.ApplicationStatus{
|
||||
Sync: v1alpha1.SyncStatus{
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
},
|
||||
Health: v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedResources: []v1alpha1.ResourceStatus{
|
||||
{
|
||||
Name: "app1",
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
Health: &v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "deletes an applicationset status if the application no longer exists",
|
||||
appSet: v1alpha1.ApplicationSet{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "name",
|
||||
Namespace: "argocd",
|
||||
},
|
||||
Status: v1alpha1.ApplicationSetStatus{
|
||||
Resources: []v1alpha1.ResourceStatus{
|
||||
{
|
||||
Name: "app1",
|
||||
Status: v1alpha1.SyncStatusCodeSynced,
|
||||
Health: &v1alpha1.HealthStatus{
|
||||
Status: health.HealthStatusHealthy,
|
||||
Message: "OK",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
apps: []v1alpha1.Application{},
|
||||
expectedResources: nil,
|
||||
},
|
||||
} {
|
||||
|
||||
t.Run(cc.name, func(t *testing.T) {
|
||||
|
||||
kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...)
|
||||
argoDBMock := dbmocks.ArgoDB{}
|
||||
argoObjs := []runtime.Object{}
|
||||
|
||||
client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build()
|
||||
|
||||
r := ApplicationSetReconciler{
|
||||
Client: client,
|
||||
Scheme: scheme,
|
||||
Recorder: record.NewFakeRecorder(1),
|
||||
Cache: &fakeCache{},
|
||||
Generators: map[string]generators.Generator{},
|
||||
ArgoDB: &argoDBMock,
|
||||
ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...),
|
||||
KubeClientset: kubeclientset,
|
||||
}
|
||||
|
||||
err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps)
|
||||
|
||||
assert.Equal(t, err, nil, "expected no errors, but errors occured")
|
||||
assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual")
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestOwnsHandler(t *testing.T) {
|
||||
// progressive syncs do not affect create, delete, or generic
|
||||
ownsHandler := getOwnsHandlerPredicates(true)
|
||||
|
||||
@@ -2030,43 +2030,6 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"/api/v1/applicationsets/{name}/resource-tree": {
|
||||
"get": {
|
||||
"tags": [
|
||||
"ApplicationSetService"
|
||||
],
|
||||
"summary": "ResourceTree returns resource tree",
|
||||
"operationId": "ApplicationSetService_ResourceTree",
|
||||
"parameters": [
|
||||
{
|
||||
"type": "string",
|
||||
"name": "name",
|
||||
"in": "path",
|
||||
"required": true
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"description": "The application set namespace. Default empty is argocd control plane namespace.",
|
||||
"name": "appsetNamespace",
|
||||
"in": "query"
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "A successful response.",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/v1alpha1ApplicationSetTree"
|
||||
}
|
||||
},
|
||||
"default": {
|
||||
"description": "An unexpected error response.",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/runtimeError"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/api/v1/certificates": {
|
||||
"get": {
|
||||
"tags": [
|
||||
@@ -6225,13 +6188,6 @@
|
||||
"items": {
|
||||
"$ref": "#/definitions/v1alpha1ApplicationSetCondition"
|
||||
}
|
||||
},
|
||||
"resources": {
|
||||
"description": "Resources is a list of Applications resources managed by this application set.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/v1alpha1ResourceStatus"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -6303,19 +6259,6 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"v1alpha1ApplicationSetTree": {
|
||||
"type": "object",
|
||||
"title": "ApplicationSetTree holds nodes which belongs to the application\nUsed to build a tree of an ApplicationSet and its children",
|
||||
"properties": {
|
||||
"nodes": {
|
||||
"type": "array",
|
||||
"title": "Nodes contains list of nodes which are directly managed by the applicationset",
|
||||
"items": {
|
||||
"$ref": "#/definitions/v1alpha1ResourceNode"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"v1alpha1ApplicationSource": {
|
||||
"type": "object",
|
||||
"title": "ApplicationSource contains all required information about the source of an application",
|
||||
|
||||
@@ -51,7 +51,6 @@ import (
|
||||
"github.com/argoproj/argo-cd/v2/util/git"
|
||||
"github.com/argoproj/argo-cd/v2/util/grpc"
|
||||
argoio "github.com/argoproj/argo-cd/v2/util/io"
|
||||
logutils "github.com/argoproj/argo-cd/v2/util/log"
|
||||
"github.com/argoproj/argo-cd/v2/util/manifeststream"
|
||||
"github.com/argoproj/argo-cd/v2/util/templates"
|
||||
"github.com/argoproj/argo-cd/v2/util/text/label"
|
||||
@@ -1313,7 +1312,6 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg
|
||||
WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, ignoreNormalizerOpts).
|
||||
WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod).
|
||||
WithNoCache().
|
||||
WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())).
|
||||
Build()
|
||||
errors.CheckError(err)
|
||||
diffRes, err := argodiff.StateDiff(item.live, item.target, diffConfig)
|
||||
|
||||
@@ -75,11 +75,11 @@ func NewCommand() *cobra.Command {
|
||||
command.PersistentFlags().StringVar(&clientOpts.GRPCWebRootPath, "grpc-web-root-path", config.GetFlag("grpc-web-root-path", ""), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.")
|
||||
command.PersistentFlags().StringVar(&cmdutil.LogFormat, "logformat", config.GetFlag("logformat", "text"), "Set the logging format. One of: text|json")
|
||||
command.PersistentFlags().StringVar(&cmdutil.LogLevel, "loglevel", config.GetFlag("loglevel", "info"), "Set the logging level. One of: debug|info|warn|error")
|
||||
command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", config.GetStringSliceFlag("header", []string{}), "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)")
|
||||
command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", []string{}, "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)")
|
||||
command.PersistentFlags().BoolVar(&clientOpts.PortForward, "port-forward", config.GetBoolFlag("port-forward"), "Connect to a random argocd-server port using port forwarding")
|
||||
command.PersistentFlags().StringVar(&clientOpts.PortForwardNamespace, "port-forward-namespace", config.GetFlag("port-forward-namespace", ""), "Namespace name which should be used for port forwarding")
|
||||
command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", config.GetIntFlag("http-retry-max", 0), "Maximum number of retries to establish http connection to Argo CD server")
|
||||
command.PersistentFlags().BoolVar(&clientOpts.Core, "core", config.GetBoolFlag("core"), "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server")
|
||||
command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", 0, "Maximum number of retries to establish http connection to Argo CD server")
|
||||
command.PersistentFlags().BoolVar(&clientOpts.Core, "core", false, "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server")
|
||||
command.PersistentFlags().StringVar(&clientOpts.ServerName, "server-name", env.StringFromEnv(common.EnvServerName, common.DefaultServerName), fmt.Sprintf("Name of the Argo CD API server; set this or the %s environment variable when the server's name label differs from the default, for example when installing via the Helm chart", common.EnvServerName))
|
||||
command.PersistentFlags().StringVar(&clientOpts.AppControllerName, "controller-name", env.StringFromEnv(common.EnvAppControllerName, common.DefaultApplicationControllerName), fmt.Sprintf("Name of the Argo CD Application controller; set this or the %s environment variable when the controller's name label differs from the default, for example when installing via the Helm chart", common.EnvAppControllerName))
|
||||
command.PersistentFlags().StringVar(&clientOpts.RedisHaProxyName, "redis-haproxy-name", env.StringFromEnv(common.EnvRedisHaProxyName, common.DefaultRedisHaProxyName), fmt.Sprintf("Name of the Redis HA Proxy; set this or the %s environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart", common.EnvRedisHaProxyName))
|
||||
|
||||
@@ -2,9 +2,6 @@ package apiclient
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/argoproj/argo-cd/v2/common"
|
||||
"github.com/argoproj/argo-cd/v2/util/env"
|
||||
"math"
|
||||
"time"
|
||||
|
||||
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
|
||||
@@ -17,9 +14,9 @@ import (
|
||||
"github.com/argoproj/argo-cd/v2/util/io"
|
||||
)
|
||||
|
||||
var (
|
||||
const (
|
||||
// MaxGRPCMessageSize contains max grpc message size
|
||||
MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024
|
||||
MaxGRPCMessageSize = 100 * 1024 * 1024
|
||||
)
|
||||
|
||||
// Clientset represents config management plugin server api clients
|
||||
|
||||
@@ -369,7 +369,7 @@ func TestRunCommandEmptyCommand(t *testing.T) {
|
||||
assert.ErrorContains(t, err, "Command is empty")
|
||||
}
|
||||
|
||||
// TestRunCommandContextTimeoutWithCleanup makes sure that the process is given enough time to cleanup before sending SIGKILL.
|
||||
// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL.
|
||||
func TestRunCommandContextTimeoutWithCleanup(t *testing.T) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond)
|
||||
defer cancel()
|
||||
|
||||
@@ -273,8 +273,6 @@ const (
|
||||
// EnvServerSideDiff defines the env var used to enable ServerSide Diff feature.
|
||||
// If defined, value must be "true" or "false".
|
||||
EnvServerSideDiff = "ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF"
|
||||
// EnvGRPCMaxSizeMB is the environment variable to look for a max GRPC message size
|
||||
EnvGRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB"
|
||||
)
|
||||
|
||||
// Config Management Plugin related constants
|
||||
|
||||
@@ -374,7 +374,7 @@ func assertMetricsPrinted(t *testing.T, expectedLines, body string) {
|
||||
}
|
||||
}
|
||||
|
||||
// assertMetricsNotPrinted
|
||||
// assertMetricNotPrinted
|
||||
func assertMetricsNotPrinted(t *testing.T, expectedLines, body string) {
|
||||
for _, line := range strings.Split(expectedLines, "\n") {
|
||||
if line == "" {
|
||||
|
||||
@@ -77,12 +77,10 @@ metadata:
|
||||
data:
|
||||
token: "$plugin.myplugin.token" # Alternatively $<some_K8S_secret>:plugin.myplugin.token
|
||||
baseUrl: "http://myplugin.plugin-ns.svc.cluster.local."
|
||||
requestTimeout: "60"
|
||||
```
|
||||
|
||||
- `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret)
|
||||
- `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster.
|
||||
- `requestTimeout`: Timeout of the request to the plugin in seconds (default: 30)
|
||||
|
||||
### Store credentials
|
||||
|
||||
|
||||
@@ -187,8 +187,6 @@ The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon
|
||||
|
||||
Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations.
|
||||
|
||||
Similarly, applications referencing an external Helm values file will not get the benefits of this feature when an unrelated change happens in the external source.
|
||||
|
||||
For webhooks, the comparison is done using the files specified in the webhook event payload instead.
|
||||
|
||||
!!! note
|
||||
|
||||
@@ -60,7 +60,7 @@
|
||||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (name)",
|
||||
"expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (notifier)",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
@@ -146,7 +146,7 @@
|
||||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (service)",
|
||||
"expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (notifier)",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
|
||||
@@ -13,8 +13,8 @@ The following metrics are available:
|
||||
Number of delivered notifications.
|
||||
Labels:
|
||||
|
||||
* `trigger` - trigger name
|
||||
* `service` - notification service name
|
||||
* `template` - notification template name
|
||||
* `notifier` - notification service name
|
||||
* `succeeded` - flag that indicates if notification was successfully sent or failed
|
||||
|
||||
### `argocd_notifications_trigger_eval_total`
|
||||
|
||||
@@ -19,7 +19,6 @@ Here are some ways people are doing GitOps secrets:
|
||||
* [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer)
|
||||
* [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver)
|
||||
* [Vals-Operator](https://github.com/digitalis-io/vals-operator)
|
||||
* [argocd-secret-replacer](https://github.com/mmalyska/argocd-secret-replacer)
|
||||
|
||||
For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364)
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ argocd-repo-server [flags]
|
||||
--sentinelmaster string Redis sentinel master group name. (default "master")
|
||||
--streamed-manifest-max-extracted-size string Maximum size of streamed manifest archives when extracted (default "1G")
|
||||
--streamed-manifest-max-tar-size string Maximum size of streamed manifest archives (default "100M")
|
||||
--tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
|
||||
--tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
|
||||
--tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
|
||||
--tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
|
||||
```
|
||||
|
||||
@@ -100,7 +100,7 @@ argocd-server [flags]
|
||||
--server string The address and port of the Kubernetes API server
|
||||
--staticassets string Directory path that contains additional static assets (default "/shared/app")
|
||||
--tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
|
||||
--tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
|
||||
--tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
|
||||
--tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
|
||||
--tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
|
||||
--token string Bearer token for authentication to the API server
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
| Argo CD version | Kubernetes versions |
|
||||
|-----------------|---------------------|
|
||||
| 2.7 | v1.26, v1.25, v1.24, v1.23 |
|
||||
| 2.6 | v1.24, v1.23, v1.22 |
|
||||
| 2.5 | v1.24, v1.23, v1.22 |
|
||||
|
||||
| 2.11 | v1.29, v1.28, v1.27, v1.26, v1.25 |
|
||||
| 2.10 | v1.28, v1.27, v1.26, v1.25 |
|
||||
| 2.9 | v1.28, v1.27, v1.26, v1.25 |
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
# v2.11 to 2.12
|
||||
|
||||
## Server-Side Apply Management of ApplicationSet Fields
|
||||
|
||||
### Summary
|
||||
|
||||
If you are using server-side apply with multiple field managers to manage a single `selector` or `labelSelector` field
|
||||
in an ApplicationSet, that field management must be changed to be atomic starting with 2.12.
|
||||
|
||||
### Details
|
||||
|
||||
Argo CD 2.12 upgraded its controller-gen version from 0.4.1 to 0.14.0. As part of that change, several ApplicationSet
|
||||
CRD fields now have `x-kubernetes-map-type: atomic`.
|
||||
|
||||
Each of the affected fields is a label selector with two child keys: `matchLabels` and `matchExpressions`.
|
||||
|
||||
Prior to this change, two field managers could manage the `matchLabels` and `matchExpressions` fields independently.
|
||||
Starting with the 2.12 CRD, a single field manager must manage both of those fields. This behavior is in line with the
|
||||
upstream behavior of the label selector struct.
|
||||
|
||||
See the [Kubernetes server-side apply merge strategy docs](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy)
|
||||
for more information about the fields' behavior.
|
||||
|
||||
The affected ApplicationSet fields are the following (jq selector syntax):
|
||||
|
||||
* `.spec.generators[].selector`
|
||||
* `.spec.generators[].cluster.selector`
|
||||
* `.spec.generators[].clusterDecisionResource.labelSelector`
|
||||
* `.spec.generators[].matrix.generators[].selector`
|
||||
* `.spec.generators[].merge.generators[].selector`
|
||||
@@ -37,8 +37,6 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/<v
|
||||
|
||||
<hr/>
|
||||
|
||||
* [v2.11 to v2.12](./2.11-2.12.md)
|
||||
* [v2.10 to v2.11](./2.10-2.11.md)
|
||||
* [v2.9 to v2.10](./2.9-2.10.md)
|
||||
* [v2.8 to v2.9](./2.8-2.9.md)
|
||||
* [v2.7 to v2.8](./2.7-2.8.md)
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 113 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 105 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 20 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 126 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 62 KiB |
@@ -1,226 +0,0 @@
|
||||
---
|
||||
title: Proposal for support multi-source apps in the UI
|
||||
authors:
|
||||
- "@keithchong"
|
||||
sponsors:
|
||||
- TBD
|
||||
reviewers:
|
||||
- "@alexmt"
|
||||
- "@crenshaw-dev"
|
||||
- "@ishitasequeira"
|
||||
- "@jannfis"
|
||||
- "@rbreeze"
|
||||
approvers:
|
||||
- "@jannfis"
|
||||
- "@alexmt"
|
||||
- "@crenshaw-dev"
|
||||
|
||||
creation-date: 2024-02-06
|
||||
last-updated: 2024-02-06
|
||||
---
|
||||
|
||||
# UI Support for Multiple Sources in Applications
|
||||
|
||||
This is the proposal for the UI changes to support multiple sources for an Application.
|
||||
|
||||
Related Issues:
|
||||
* [Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md)
|
||||
* [Issue for the Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/issues/677)
|
||||
|
||||
## Summary
|
||||
|
||||
This is a follow-on proposal to supporting Multiple Sources for Applications, but for the UI.
|
||||
|
||||
The above [original](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md#changes-to-ui) ‘core’ proposal deferred
|
||||
any design changes for the UI to a separate feature or secondary proposal. The proposal implementation that was made in [PR 10432](https://github.com/argoproj/argo-cd/pull/10432)
|
||||
enabled the UI to tolerate multi-source applications with the new Sources field, while still supporting the original Source field.
|
||||
|
||||
Here are the current restrictions and limitations of the UI when applications with multiple sources are used:
|
||||
|
||||
1. The application’s details page (for [example](https://cd.apps.argoproj.io/applications/argocd/guestbook?view=tree&node=argoproj.io%2FApplication%2Fargocd%2Fguestbook%2F0&resource=))
|
||||
currently shows one ApplicationSource, regardless of whether the application has one source or multiple sources. With the PR 10432 implementation, if the application has multiple sources,
|
||||
the UI displays only the first of the sources. Also, in particular, in the Summary tab, the source parameters are non-editable.
|
||||
|
||||
2. History and Rollback is disabled for multi-source applications. The button is disabled. Jorge has submitted a PR for
|
||||
rollback which includes [controller and UI changes](https://github.com/argoproj/argo-cd/pull/14124).
|
||||
|
||||
<img height="40%" width="40%" src="images/history-and-rollback-button.png"/>
|
||||
|
||||
3. The New Application dialog currently only allows users to provide one source.
|
||||
|
||||
Thus, multiple source applications are not considered first class citizens in the UI.
|
||||
|
||||
Note, see the [Open Questions](https://github.com/argoproj/argo-cd/docs/proposals/multiple-sources-for-applications-ui.md#open-questions)
|
||||
section for concerns regarding the priority or value of some of the above changes.
|
||||
|
||||
## Motivation
|
||||
|
||||
The motivation behind this change is to add a more complete story for the multiple source feature. The UI should support
|
||||
the creation of multiple source applications, and also support the viewing and editing of parameters from all sources. The three
|
||||
points in the summary above are the base or core changes that need to be addressed.
|
||||
|
||||
### Goals
|
||||
|
||||
The goals of the proposal are:
|
||||
|
||||
- Provide first-class support of multiple sources for applications in the UI (e.g. address the aforementioned restrictions)
|
||||
- Outline stages of implementation that will help ease PR review, and reduce the risk of introducing regressions/issues.
|
||||
|
||||
|
||||
### Non-goals
|
||||
* The design changes for the Argo CD CLI is beyond the scope of this proposal (The server APIs can probably be reused)
|
||||
|
||||
## Proposal
|
||||
|
||||
As mentioned in the previous summary section, the application source parameters are surfaced in the UI in three locations.
|
||||
The Resource details pages, specifically, the Summary and Parameters tabs, the deployment history, and the Application
|
||||
Create panel page. These pages should be updated.
|
||||
|
||||
### Resource Details
|
||||
|
||||
The following describes the current behavior and proposed changes for the Summary tab and the Parameters Tab.
|
||||
|
||||
#### i) Summary Tab
|
||||
|
||||
_Current Behavior:_
|
||||
|
||||
The current Summary tab includes source-related information, including the repository. For example, in Figure 1 below,
|
||||
the REPO URL and PATH.
|
||||
|
||||
<img height="50%" width="50%" src="images/current-summary-tab.png"/>
|
||||
|
||||
Figure 1: The current Summary tab
|
||||
|
||||
_Proposed Change:_
|
||||
|
||||
To support multiple sources, the source-related information, from a single-source-based design, will be ‘pulled out’
|
||||
and put into a new tab called **Sources**, and it will be combined with the **Parameters** tab (more details following).
|
||||
The new **Sources** tab will allow users to view all the information related to each source, including the repo URL
|
||||
and path, chart and revision for Helm, etc.
|
||||
|
||||
The view should show one source at a time (similar to what the UI is doing now, which only shows one source), but with
|
||||
widgets to allow users to cycle (via pagination or combo selector?) through each source. There are API calls to retrieve
|
||||
the data for each source.
|
||||
|
||||
<img height="50%" width="50%" src="images/new-sources-tab.png"/>
|
||||
|
||||
Figure 2. The new SOURCES tab will allow access to view all sources and application parameters.
|
||||
|
||||
#### ii) Parameters Tab
|
||||
_Current Behavior:_
|
||||
|
||||
The Parameters tab shows the application parameters for the application’s repository details type or source. These can
|
||||
be Helm, Kustomize, Directory or Plugin (CMP).
|
||||
|
||||
_Proposed Change:_
|
||||
|
||||
The Parameter tab will be removed but the contents of the current parameters tab will be ‘reused’ and will be shown in
|
||||
the new **SOURCES** tab as described above. The parameters and parameter values will be shown for whatever source is
|
||||
selected by the user.
|
||||
|
||||
#### iii) Update/Edit Capability in the New Sources Tab
|
||||
|
||||
The above points describe how all the sources will be rendered. However, the Sources tab should be the page to allow
|
||||
users to delete and add sources. (You can currently change the repo URL and path from the Summary tab, or manually edit
|
||||
the application by hand, in the Manifest tab, but this is not considered as ‘guided’ editing.)
|
||||
|
||||
_Current Behavior:_
|
||||
|
||||
The current form-based UI doesn’t support deleting a chosen/desired source of a multi-source application. It,
|
||||
obviously, does not support deleting the only source in a single-source application.
|
||||
|
||||
_Proposed Change:_
|
||||
|
||||
In addition to adding the new SOURCES tab from section i) and ii), two new buttons (_Add Source_ and _Delete Source_) will
|
||||
be added to the page. For the _Add Source_ button, a separate dialog/panel will need to appear to allow the user to
|
||||
input the parameters or other information.
|
||||
|
||||
Validation of any newly added source should prevent users from adding the same resource, and prevent users from
|
||||
deleting all sources, etc.
|
||||
|
||||
### History and Rollback
|
||||
|
||||
Current Behavior: The History and Rollback button for multi-source apps is disabled. It's only enabled
|
||||
for single-source apps, and shows source information as shown in Figure 3.
|
||||
|
||||
<img height="50%" width="50%" src="images/history-rollback-contents.png"/>
|
||||
|
||||
Figure 3: Source information in History
|
||||
|
||||
Jorge has submitted a [PR](https://github.com/argoproj/argo-cd/pull/14124) for rollback which includes controller and UI changes.
|
||||
This can be treated as a separate, independent proposal.
|
||||
|
||||
Other related changes pertain to the Last Synced Details. The Sync Details panel needs to be updated to show sync info
|
||||
from multiple sources. See [Issue 13215](https://github.com/argoproj/argo-cd/issues/13215).
|
||||
|
||||
### New App Dialog
|
||||
|
||||
_Current Behavior:_
|
||||
|
||||
The dialog currently allows users to ‘quickly’ create a single source application..
|
||||
|
||||
_Proposed Changes:_
|
||||
|
||||
Make the form view of the dialog support adding, updating and viewing of multiple sources. The issue with the current
|
||||
single source New App wizard is that it can lead to loss of “input” provided by the user. The content in the form-based
|
||||
editor and the YAML editor (accessed via the Edit as YAML button) must match. If the user provides multiple sources in
|
||||
the YAML editor, and then switches back to the form view, the form will only show the first source. The other sources
|
||||
are effectively ‘lost’. Furthermore, if the user switches back to the YAML editor, only one source will be shown as well.
|
||||
|
||||
The design and changes (React components) from the new Sources tab can likely be reused in this dialog.
|
||||
|
||||
Other Changes. This includes the underlying plumbing to create an app using the Sources field of the Application CR, so that the
|
||||
deprecated Source field can be removed in the future.
|
||||
|
||||
|
||||
|
||||
### Use cases
|
||||
|
||||
The use cases involves those areas in the UI where the current source is displayed. These have been described
|
||||
in the Summary and Proposal sections.
|
||||
|
||||
|
||||
### Implementation Details
|
||||
|
||||
The implementation plan can be divided into different stages. Read-only capability can be provided first and it will
|
||||
be the safest change. The UI currently is not showing all the sources for the multi-source application so this should
|
||||
be the highest priority. (Before you can edit, you have to first display it.)
|
||||
|
||||
Here are the general enhancements to be implemented (Upstream issues to be opened if not already):
|
||||
|
||||
1. Create new Sources tab to replace Parameters tab so that all sources can be displayed (Read-only)
|
||||
2. Update History and Rollback to show a summary of all sources of an application
|
||||
As mentioned above, this is already covered by Jorge’s [PR](https://github.com/argoproj/argo-cd/pull/14124)
|
||||
3. Add _Add Source_ and _Delete Source_ buttons to Sources tab. This will depend on #1 above. (Update and Delete)
|
||||
4. Update New App dialog. (Creation)
|
||||
- Support adding multiple sources in New App dialog. (This will likely depend on the Components from #1 and #3)
|
||||
- Use Sources field instead of Source field. Clean up code.
|
||||
|
||||
### Security Considerations
|
||||
None
|
||||
|
||||
### Risks and Mitigations
|
||||
None
|
||||
|
||||
### Upgrade / Downgrade Strategy
|
||||
If downgraded, the UI will revert to showing just the first source.
|
||||
|
||||
## Drawbacks
|
||||
None
|
||||
|
||||
## Open Questions
|
||||
|
||||
Supporting multiple sources in the New App dialog may not be ‘worth’ the effort? The drawback is that switching from the
|
||||
YAML editor and form editor can lead to loss of information.
|
||||
|
||||
Users can simply edit the application manifest to add their sources by hand.
|
||||
|
||||
|
||||
## Appendix
|
||||
Multiple sources can be shown as a list of collapsible cards or sections, one below the other, under one page of the
|
||||
SOURCES tab. However, this can be cumbersome especially when a source, like Helm, has many source parameters.
|
||||
so it'll be difficult to find the desired source. Perhaps showing one source per page will be better.
|
||||
|
||||
Appendix Figure 1: Zoomed out view of the Helm source parameter list
|
||||
|
||||
<img height="50%" width="50%" src="images/helm-parameter-list.png"/>
|
||||
@@ -13,63 +13,50 @@ recent minor releases.
|
||||
|
||||
| | Critical | High | Medium | Low |
|
||||
|---:|:--------:|:----:|:------:|:---:|
|
||||
| [go.mod](master/argocd-test.html) | 0 | 0 | 7 | 0 |
|
||||
| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 |
|
||||
| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 |
|
||||
| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 |
|
||||
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 6 | 14 |
|
||||
| [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 |
|
||||
| [go.mod](master/argocd-test.html) | 0 | 0 | 9 | 0 |
|
||||
| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 |
|
||||
| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 1 |
|
||||
| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
|
||||
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 14 |
|
||||
| [redis:7.0.14-alpine](master/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 |
|
||||
| [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
|
||||
### v2.11.0-rc2
|
||||
### v2.9.9
|
||||
|
||||
| | Critical | High | Medium | Low |
|
||||
|---:|:--------:|:----:|:------:|:---:|
|
||||
| [go.mod](v2.11.0-rc2/argocd-test.html) | 0 | 1 | 10 | 0 |
|
||||
| [ui/yarn.lock](v2.11.0-rc2/argocd-test.html) | 0 | 0 | 1 | 0 |
|
||||
| [dex:v2.38.0](v2.11.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 |
|
||||
| [haproxy:2.6.14-alpine](v2.11.0-rc2/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 |
|
||||
| [argocd:v2.11.0-rc2](v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html) | 0 | 0 | 7 | 14 |
|
||||
| [redis:7.0.14-alpine](v2.11.0-rc2/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 |
|
||||
| [install.yaml](v2.11.0-rc2/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.11.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
| [go.mod](v2.9.9/argocd-test.html) | 0 | 1 | 11 | 0 |
|
||||
| [ui/yarn.lock](v2.9.9/argocd-test.html) | 0 | 0 | 0 | 0 |
|
||||
| [dex:v2.37.0](v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
|
||||
| [haproxy:2.6.14-alpine](v2.9.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
|
||||
| [argocd:v2.9.9](v2.9.9/quay.io_argoproj_argocd_v2.9.9.html) | 0 | 0 | 9 | 14 |
|
||||
| [redis:7.0.11-alpine](v2.9.9/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 |
|
||||
| [install.yaml](v2.9.9/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.9.9/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
|
||||
### v2.10.7
|
||||
### v2.8.13
|
||||
|
||||
| | Critical | High | Medium | Low |
|
||||
|---:|:--------:|:----:|:------:|:---:|
|
||||
| [go.mod](v2.10.7/argocd-test.html) | 0 | 1 | 12 | 0 |
|
||||
| [ui/yarn.lock](v2.10.7/argocd-test.html) | 0 | 0 | 1 | 0 |
|
||||
| [dex:v2.37.0](v2.10.7/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 |
|
||||
| [haproxy:2.6.14-alpine](v2.10.7/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 |
|
||||
| [argocd:v2.10.7](v2.10.7/quay.io_argoproj_argocd_v2.10.7.html) | 0 | 0 | 9 | 14 |
|
||||
| [redis:7.0.14-alpine](v2.10.7/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 |
|
||||
| [install.yaml](v2.10.7/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.10.7/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
| [go.mod](v2.8.13/argocd-test.html) | 0 | 1 | 11 | 0 |
|
||||
| [ui/yarn.lock](v2.8.13/argocd-test.html) | 0 | 0 | 0 | 0 |
|
||||
| [dex:v2.37.0](v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
|
||||
| [haproxy:2.6.14-alpine](v2.8.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
|
||||
| [argocd:v2.8.13](v2.8.13/quay.io_argoproj_argocd_v2.8.13.html) | 0 | 0 | 9 | 14 |
|
||||
| [redis:7.0.11-alpine](v2.8.13/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 |
|
||||
| [install.yaml](v2.8.13/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.8.13/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
|
||||
### v2.9.12
|
||||
### v2.7.17
|
||||
|
||||
| | Critical | High | Medium | Low |
|
||||
|---:|:--------:|:----:|:------:|:---:|
|
||||
| [go.mod](v2.9.12/argocd-test.html) | 0 | 2 | 11 | 0 |
|
||||
| [ui/yarn.lock](v2.9.12/argocd-test.html) | 0 | 0 | 1 | 0 |
|
||||
| [dex:v2.37.0](v2.9.12/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 |
|
||||
| [haproxy:2.6.14-alpine](v2.9.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 |
|
||||
| [argocd:v2.9.12](v2.9.12/quay.io_argoproj_argocd_v2.9.12.html) | 0 | 0 | 9 | 14 |
|
||||
| [redis:7.0.11-alpine](v2.9.12/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 2 |
|
||||
| [install.yaml](v2.9.12/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.9.12/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
|
||||
### v2.8.16
|
||||
|
||||
| | Critical | High | Medium | Low |
|
||||
|---:|:--------:|:----:|:------:|:---:|
|
||||
| [go.mod](v2.8.16/argocd-test.html) | 0 | 2 | 11 | 0 |
|
||||
| [ui/yarn.lock](v2.8.16/argocd-test.html) | 0 | 0 | 1 | 0 |
|
||||
| [dex:v2.37.0](v2.8.16/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 |
|
||||
| [haproxy:2.6.14-alpine](v2.8.16/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 |
|
||||
| [argocd:v2.8.16](v2.8.16/quay.io_argoproj_argocd_v2.8.16.html) | 0 | 0 | 9 | 14 |
|
||||
| [redis:7.0.11-alpine](v2.8.16/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 2 |
|
||||
| [install.yaml](v2.8.16/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.8.16/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
| [go.mod](v2.7.17/argocd-test.html) | 0 | 0 | 9 | 0 |
|
||||
| [ui/yarn.lock](v2.7.17/argocd-test.html) | 0 | 1 | 0 | 0 |
|
||||
| [dex:v2.37.0](v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
|
||||
| [haproxy:2.6.14-alpine](v2.7.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
|
||||
| [argocd:v2.7.17](v2.7.17/quay.io_argoproj_argocd_v2.7.17.html) | 0 | 0 | 12 | 19 |
|
||||
| [redis:7.0.14-alpine](v2.7.17/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 |
|
||||
| [install.yaml](v2.7.17/argocd-iac-install.html) | - | - | - | - |
|
||||
| [namespace-install.yaml](v2.7.17/argocd-iac-namespace-install.html) | - | - | - | - |
|
||||
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:17:41 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:17:17 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -507,7 +507,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21039
|
||||
Line number: 21035
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -553,7 +553,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20748
|
||||
Line number: 20744
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -599,7 +599,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20833
|
||||
Line number: 20829
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -645,7 +645,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20861
|
||||
Line number: 20857
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -691,7 +691,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20891
|
||||
Line number: 20887
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -737,7 +737,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20909
|
||||
Line number: 20905
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -783,7 +783,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20925
|
||||
Line number: 20921
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -835,7 +835,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22219
|
||||
Line number: 22203
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -893,7 +893,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21516
|
||||
Line number: 21512
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -951,7 +951,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21767
|
||||
Line number: 21763
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1009,7 +1009,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21733
|
||||
Line number: 21729
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1067,7 +1067,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21827
|
||||
Line number: 21823
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1125,7 +1125,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21926
|
||||
Line number: 21922
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1183,7 +1183,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22219
|
||||
Line number: 22203
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1241,7 +1241,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21983
|
||||
Line number: 21979
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1299,7 +1299,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22304
|
||||
Line number: 22288
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1357,7 +1357,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22650
|
||||
Line number: 22634
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1409,7 +1409,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21747
|
||||
Line number: 21743
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1461,7 +1461,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21516
|
||||
Line number: 21512
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1513,7 +1513,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21733
|
||||
Line number: 21729
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1565,7 +1565,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21926
|
||||
Line number: 21922
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1623,7 +1623,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21516
|
||||
Line number: 21512
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1681,7 +1681,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21733
|
||||
Line number: 21729
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1739,7 +1739,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21767
|
||||
Line number: 21763
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1797,7 +1797,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21827
|
||||
Line number: 21823
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1855,7 +1855,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21926
|
||||
Line number: 21922
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1913,7 +1913,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22219
|
||||
Line number: 22203
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1971,7 +1971,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21983
|
||||
Line number: 21979
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2029,7 +2029,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22304
|
||||
Line number: 22288
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2087,7 +2087,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22650
|
||||
Line number: 22634
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2143,7 +2143,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21657
|
||||
Line number: 21653
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2199,7 +2199,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21775
|
||||
Line number: 21771
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2255,7 +2255,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21750
|
||||
Line number: 21746
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2311,7 +2311,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21860
|
||||
Line number: 21856
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2367,7 +2367,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 21936
|
||||
Line number: 21932
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2423,7 +2423,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22226
|
||||
Line number: 22210
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2479,7 +2479,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22192
|
||||
Line number: 22176
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2535,7 +2535,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22560
|
||||
Line number: 22544
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2591,7 +2591,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 22840
|
||||
Line number: 22824
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:17:50 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:17:26 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -789,7 +789,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1336
|
||||
Line number: 1324
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1137,7 +1137,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1336
|
||||
Line number: 1324
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1253,7 +1253,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1421
|
||||
Line number: 1409
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1311,7 +1311,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1767
|
||||
Line number: 1755
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1867,7 +1867,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1336
|
||||
Line number: 1324
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1983,7 +1983,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1421
|
||||
Line number: 1409
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2041,7 +2041,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1767
|
||||
Line number: 1755
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2377,7 +2377,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1343
|
||||
Line number: 1331
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2433,7 +2433,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1309
|
||||
Line number: 1297
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2489,7 +2489,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1677
|
||||
Line number: 1665
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2545,7 +2545,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 1957
|
||||
Line number: 1945
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="29 known vulnerabilities found in 71 vulnerable dependency paths.">
|
||||
<meta name="description" content="27 known vulnerabilities found in 62 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:15:50 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:15:32 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
@@ -469,8 +469,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>29</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>71 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>62 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>829</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -479,86 +479,6 @@
|
||||
|
||||
<div class="layout-container" style="padding-top: 35px;">
|
||||
<div class="cards--vuln filter--patch filter--ignore">
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--high">
|
||||
<span class="label__text">high severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Package Manager: golang
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
golang.org/x/net/http2
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/hairyhenderson/gomplate/v3@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.19.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/dexidp/dex@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.20.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="overview">Overview</h2>
|
||||
<p><a href="https://pkg.go.dev/golang.org/x/net/http2">golang.org/x/net/http2</a> is a work-in-progress HTTP/2 implementation for Go.</p>
|
||||
<p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from <code>CONTINUATION</code> frames. As part of the HPACK flow, all incoming <code>HEADERS</code> and <code>CONTINUATION</code> frames are read even if their payloads exceed <code>MaxHeaderBytes</code> and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>golang.org/x/net/http2</code> to version 0.23.0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/traefik/traefik/commit/099c7e9444a5d56918b8221672fc8d6a09a5d389">Github Commit</a></li>
|
||||
<li><a href="https://github.com/golang/net/commit/ba872109ef2dc8f1da778651bd1fd3792d0e4587">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/golang/go/issues/65051">GitHub Issue</a></li>
|
||||
<li><a href="https://pkg.go.dev/vuln/GO-2024-2687">Go Advisory</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
|
||||
<h2 class="card__title">Out-of-bounds Write</h2>
|
||||
<div class="card__section">
|
||||
@@ -859,13 +779,13 @@
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2633,156 +2553,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.19
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.38.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.19</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-6593965">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="6 known vulnerabilities found in 54 vulnerable dependency paths.">
|
||||
<meta name="description" content="5 known vulnerabilities found in 45 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:15:57 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:15:37 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -466,8 +466,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>6</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>54 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>45 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>18</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -660,14 +660,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -844,13 +844,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1204,13 +1204,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1368,178 +1368,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="4 known vulnerabilities found in 36 vulnerable dependency paths.">
|
||||
<meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:18:30 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:15:59 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
@@ -467,8 +467,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>36 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>27 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>19</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -821,13 +821,13 @@
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -985,178 +985,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.19
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20231208.201137
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20231208.201137
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20231208.201137
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.19</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-6593965">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
@@ -1,657 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
|
||||
<meta http-equiv="Content-Language" content="en-us">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="1 known vulnerabilities found in 9 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
|
||||
<style type="text/css">
|
||||
|
||||
body {
|
||||
-moz-font-feature-settings: "pnum";
|
||||
-webkit-font-feature-settings: "pnum";
|
||||
font-variant-numeric: proportional-nums;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
font-feature-settings: "pnum";
|
||||
font-size: 100%;
|
||||
line-height: 1.5;
|
||||
min-height: 100vh;
|
||||
-webkit-text-size-adjust: 100%;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
background-color: #F5F5F5;
|
||||
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
|
||||
}
|
||||
|
||||
h1,
|
||||
h2,
|
||||
h3,
|
||||
h4,
|
||||
h5,
|
||||
h6 {
|
||||
font-weight: 500;
|
||||
}
|
||||
|
||||
a,
|
||||
a:link,
|
||||
a:visited {
|
||||
border-bottom: 1px solid #4b45a9;
|
||||
text-decoration: none;
|
||||
color: #4b45a9;
|
||||
}
|
||||
|
||||
a:hover,
|
||||
a:focus,
|
||||
a:active {
|
||||
border-bottom: 1px solid #4b45a9;
|
||||
}
|
||||
|
||||
hr {
|
||||
border: none;
|
||||
margin: 1em 0;
|
||||
border-top: 1px solid #c5c5c5;
|
||||
}
|
||||
|
||||
ul {
|
||||
padding: 0 1em;
|
||||
margin: 1em 0;
|
||||
}
|
||||
|
||||
code {
|
||||
background-color: #EEE;
|
||||
color: #333;
|
||||
padding: 0.25em 0.5em;
|
||||
border-radius: 0.25em;
|
||||
}
|
||||
|
||||
pre {
|
||||
background-color: #333;
|
||||
font-family: monospace;
|
||||
padding: 0.5em 1em 0.75em;
|
||||
border-radius: 0.25em;
|
||||
font-size: 14px;
|
||||
}
|
||||
|
||||
pre code {
|
||||
padding: 0;
|
||||
background-color: transparent;
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
a code {
|
||||
border-radius: .125rem .125rem 0 0;
|
||||
padding-bottom: 0;
|
||||
color: #4b45a9;
|
||||
}
|
||||
|
||||
a[href^="http://"]:after,
|
||||
a[href^="https://"]:after {
|
||||
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
|
||||
background-repeat: no-repeat;
|
||||
background-size: .75rem;
|
||||
content: "";
|
||||
display: inline-block;
|
||||
height: .75rem;
|
||||
margin-left: .25rem;
|
||||
width: .75rem;
|
||||
}
|
||||
|
||||
|
||||
/* Layout */
|
||||
|
||||
[class*=layout-container] {
|
||||
margin: 0 auto;
|
||||
max-width: 71.25em;
|
||||
padding: 1.9em 1.3em;
|
||||
position: relative;
|
||||
}
|
||||
.layout-container--short {
|
||||
padding-top: 0;
|
||||
padding-bottom: 0;
|
||||
max-width: 48.75em;
|
||||
}
|
||||
|
||||
.layout-container--short:after {
|
||||
display: block;
|
||||
content: "";
|
||||
clear: both;
|
||||
}
|
||||
|
||||
/* Header */
|
||||
|
||||
.header {
|
||||
padding-bottom: 1px;
|
||||
}
|
||||
|
||||
.paths {
|
||||
margin-left: 8px;
|
||||
}
|
||||
.header-wrap {
|
||||
display: flex;
|
||||
flex-direction: row;
|
||||
justify-content: space-between;
|
||||
padding-top: 2em;
|
||||
}
|
||||
.project__header {
|
||||
background-color: #4b45a9;
|
||||
color: #fff;
|
||||
margin-bottom: -1px;
|
||||
padding-top: 1em;
|
||||
padding-bottom: 0.25em;
|
||||
border-bottom: 2px solid #BBB;
|
||||
}
|
||||
|
||||
.project__header__title {
|
||||
overflow-wrap: break-word;
|
||||
word-wrap: break-word;
|
||||
word-break: break-all;
|
||||
margin-bottom: .1em;
|
||||
margin-top: 0;
|
||||
}
|
||||
|
||||
.timestamp {
|
||||
float: right;
|
||||
clear: none;
|
||||
margin-bottom: 0;
|
||||
}
|
||||
|
||||
.meta-counts {
|
||||
clear: both;
|
||||
display: block;
|
||||
flex-wrap: wrap;
|
||||
justify-content: space-between;
|
||||
margin: 0 0 1.5em;
|
||||
color: #fff;
|
||||
clear: both;
|
||||
font-size: 1.1em;
|
||||
}
|
||||
|
||||
.meta-count {
|
||||
display: block;
|
||||
flex-basis: 100%;
|
||||
margin: 0 1em 1em 0;
|
||||
float: left;
|
||||
padding-right: 1em;
|
||||
border-right: 2px solid #fff;
|
||||
}
|
||||
|
||||
.meta-count:last-child {
|
||||
border-right: 0;
|
||||
padding-right: 0;
|
||||
margin-right: 0;
|
||||
}
|
||||
|
||||
/* Card */
|
||||
|
||||
.card {
|
||||
background-color: #fff;
|
||||
border: 1px solid #c5c5c5;
|
||||
border-radius: .25rem;
|
||||
margin: 0 0 2em 0;
|
||||
position: relative;
|
||||
min-height: 40px;
|
||||
padding: 1.5em;
|
||||
}
|
||||
|
||||
.card .label {
|
||||
background-color: #767676;
|
||||
border: 2px solid #767676;
|
||||
color: white;
|
||||
padding: 0.25rem 0.75rem;
|
||||
font-size: 0.875rem;
|
||||
text-transform: uppercase;
|
||||
display: inline-block;
|
||||
margin: 0;
|
||||
border-radius: 0.25rem;
|
||||
}
|
||||
|
||||
.card .label__text {
|
||||
vertical-align: text-top;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.card .label--critical {
|
||||
background-color: #AB1A1A;
|
||||
border-color: #AB1A1A;
|
||||
}
|
||||
|
||||
.card .label--high {
|
||||
background-color: #CE5019;
|
||||
border-color: #CE5019;
|
||||
}
|
||||
|
||||
.card .label--medium {
|
||||
background-color: #D68000;
|
||||
border-color: #D68000;
|
||||
}
|
||||
|
||||
.card .label--low {
|
||||
background-color: #88879E;
|
||||
border-color: #88879E;
|
||||
}
|
||||
|
||||
.severity--low {
|
||||
border-color: #88879E;
|
||||
}
|
||||
|
||||
.severity--medium {
|
||||
border-color: #D68000;
|
||||
}
|
||||
|
||||
.severity--high {
|
||||
border-color: #CE5019;
|
||||
}
|
||||
|
||||
.severity--critical {
|
||||
border-color: #AB1A1A;
|
||||
}
|
||||
|
||||
.card--vuln {
|
||||
padding-top: 4em;
|
||||
}
|
||||
|
||||
.card--vuln .label {
|
||||
left: 0;
|
||||
position: absolute;
|
||||
top: 1.1em;
|
||||
padding-left: 1.9em;
|
||||
padding-right: 1.9em;
|
||||
border-radius: 0 0.25rem 0.25rem 0;
|
||||
}
|
||||
|
||||
.card--vuln .card__section h2 {
|
||||
font-size: 22px;
|
||||
margin-bottom: 0.5em;
|
||||
}
|
||||
|
||||
.card--vuln .card__section p {
|
||||
margin: 0 0 0.5em 0;
|
||||
}
|
||||
|
||||
.card--vuln .card__meta {
|
||||
padding: 0 0 0 1em;
|
||||
margin: 0;
|
||||
font-size: 1.1em;
|
||||
}
|
||||
|
||||
.card .card__meta__paths {
|
||||
font-size: 0.9em;
|
||||
}
|
||||
|
||||
.card--vuln .card__title {
|
||||
font-size: 28px;
|
||||
margin-top: 0;
|
||||
}
|
||||
|
||||
.card--vuln .card__cta p {
|
||||
margin: 0;
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
.source-panel {
|
||||
clear: both;
|
||||
display: flex;
|
||||
justify-content: flex-start;
|
||||
flex-direction: column;
|
||||
align-items: flex-start;
|
||||
padding: 0.5em 0;
|
||||
width: fit-content;
|
||||
}
|
||||
|
||||
|
||||
|
||||
</style>
|
||||
<style type="text/css">
|
||||
.metatable {
|
||||
text-size-adjust: 100%;
|
||||
-webkit-font-smoothing: antialiased;
|
||||
-webkit-box-direction: normal;
|
||||
color: inherit;
|
||||
font-feature-settings: "pnum";
|
||||
box-sizing: border-box;
|
||||
background: transparent;
|
||||
border: 0;
|
||||
font: inherit;
|
||||
font-size: 100%;
|
||||
margin: 0;
|
||||
outline: none;
|
||||
padding: 0;
|
||||
text-align: left;
|
||||
text-decoration: none;
|
||||
vertical-align: baseline;
|
||||
z-index: auto;
|
||||
margin-top: 12px;
|
||||
border-collapse: collapse;
|
||||
border-spacing: 0;
|
||||
font-variant-numeric: tabular-nums;
|
||||
max-width: 51.75em;
|
||||
}
|
||||
|
||||
tbody {
|
||||
text-size-adjust: 100%;
|
||||
-webkit-font-smoothing: antialiased;
|
||||
-webkit-box-direction: normal;
|
||||
color: inherit;
|
||||
font-feature-settings: "pnum";
|
||||
border-collapse: collapse;
|
||||
border-spacing: 0;
|
||||
box-sizing: border-box;
|
||||
background: transparent;
|
||||
border: 0;
|
||||
font: inherit;
|
||||
font-size: 100%;
|
||||
margin: 0;
|
||||
outline: none;
|
||||
padding: 0;
|
||||
text-align: left;
|
||||
text-decoration: none;
|
||||
vertical-align: baseline;
|
||||
z-index: auto;
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
}
|
||||
|
||||
.meta-row {
|
||||
text-size-adjust: 100%;
|
||||
-webkit-font-smoothing: antialiased;
|
||||
-webkit-box-direction: normal;
|
||||
color: inherit;
|
||||
font-feature-settings: "pnum";
|
||||
border-collapse: collapse;
|
||||
border-spacing: 0;
|
||||
box-sizing: border-box;
|
||||
background: transparent;
|
||||
border: 0;
|
||||
font: inherit;
|
||||
font-size: 100%;
|
||||
outline: none;
|
||||
text-align: left;
|
||||
text-decoration: none;
|
||||
vertical-align: baseline;
|
||||
z-index: auto;
|
||||
display: flex;
|
||||
align-items: start;
|
||||
border-top: 1px solid #d3d3d9;
|
||||
padding: 8px 0 0 0;
|
||||
border-bottom: none;
|
||||
margin: 8px;
|
||||
width: 47.75%;
|
||||
}
|
||||
|
||||
.meta-row-label {
|
||||
text-size-adjust: 100%;
|
||||
-webkit-font-smoothing: antialiased;
|
||||
-webkit-box-direction: normal;
|
||||
font-feature-settings: "pnum";
|
||||
border-collapse: collapse;
|
||||
border-spacing: 0;
|
||||
color: #4c4a73;
|
||||
box-sizing: border-box;
|
||||
background: transparent;
|
||||
border: 0;
|
||||
font: inherit;
|
||||
margin: 0;
|
||||
outline: none;
|
||||
text-decoration: none;
|
||||
z-index: auto;
|
||||
align-self: start;
|
||||
flex: 1;
|
||||
font-size: 1rem;
|
||||
line-height: 1.5rem;
|
||||
padding: 0;
|
||||
text-align: left;
|
||||
vertical-align: top;
|
||||
text-transform: none;
|
||||
letter-spacing: 0;
|
||||
}
|
||||
|
||||
.meta-row-value {
|
||||
text-size-adjust: 100%;
|
||||
-webkit-font-smoothing: antialiased;
|
||||
-webkit-box-direction: normal;
|
||||
color: inherit;
|
||||
font-feature-settings: "pnum";
|
||||
border-collapse: collapse;
|
||||
border-spacing: 0;
|
||||
word-break: break-word;
|
||||
box-sizing: border-box;
|
||||
background: transparent;
|
||||
border: 0;
|
||||
font: inherit;
|
||||
font-size: 100%;
|
||||
margin: 0;
|
||||
outline: none;
|
||||
padding: 0;
|
||||
text-align: right;
|
||||
text-decoration: none;
|
||||
vertical-align: baseline;
|
||||
z-index: auto;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body class="section-projects">
|
||||
<main class="layout-stacked">
|
||||
<div class="layout-stacked__header header">
|
||||
<header class="project__header">
|
||||
<div class="layout-container">
|
||||
<a class="brand" href="https://snyk.io" title="Snyk">
|
||||
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
|
||||
<title>Snyk - Open Source Security</title>
|
||||
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
|
||||
<g fill="#fff">
|
||||
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
</a>
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:16:23 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
<ul>
|
||||
<li class="paths">redis:7.0.15-alpine (apk)</li>
|
||||
<li class="paths">redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>1</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>9 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>19</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
</header><!-- .project__header -->
|
||||
</div><!-- .layout-stacked__header -->
|
||||
|
||||
<div class="layout-container" style="padding-top: 35px;">
|
||||
<div class="cards--vuln filter--patch filter--ignore">
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.19
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20240315.235535
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20240315.235535
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20240315.235535
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.15-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r5
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.19</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-6593965">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
</body>
|
||||
|
||||
</html>
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
2957
docs/snyk/v2.7.17/argocd-test.html
Normal file
2957
docs/snyk/v2.7.17/argocd-test.html
Normal file
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="44 known vulnerabilities found in 130 vulnerable dependency paths.">
|
||||
<meta name="description" content="42 known vulnerabilities found in 121 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:24:36 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:21:56 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
@@ -469,8 +469,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>44</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>130 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>42</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>121 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>786</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -655,7 +655,7 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>busybox</code> to version 1.36.1-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">https://bugs.busybox.net/show_bug.cgi?id=15216</a></li>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">cve@mitre.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -818,14 +818,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -904,7 +904,6 @@
|
||||
<ul>
|
||||
<li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
|
||||
<li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
|
||||
<li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
|
||||
@@ -995,7 +994,6 @@
|
||||
<ul>
|
||||
<li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
|
||||
<li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
|
||||
<li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
|
||||
@@ -1016,86 +1014,6 @@
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--high">
|
||||
<span class="label__text">high severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Package Manager: golang
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
golang.org/x/net/http2
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/hairyhenderson/gomplate/v3@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.7.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/dexidp/dex@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.11.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="overview">Overview</h2>
|
||||
<p><a href="https://pkg.go.dev/golang.org/x/net/http2">golang.org/x/net/http2</a> is a work-in-progress HTTP/2 implementation for Go.</p>
|
||||
<p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from <code>CONTINUATION</code> frames. As part of the HPACK flow, all incoming <code>HEADERS</code> and <code>CONTINUATION</code> frames are read even if their payloads exceed <code>MaxHeaderBytes</code> and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>golang.org/x/net/http2</code> to version 0.23.0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/traefik/traefik/commit/099c7e9444a5d56918b8221672fc8d6a09a5d389">Github Commit</a></li>
|
||||
<li><a href="https://github.com/golang/net/commit/ba872109ef2dc8f1da778651bd1fd3792d0e4587">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/golang/go/issues/65051">GitHub Issue</a></li>
|
||||
<li><a href="https://pkg.go.dev/vuln/GO-2024-2687">Go Advisory</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Heap-based Buffer Overflow</h2>
|
||||
@@ -1236,7 +1154,6 @@
|
||||
<p>Upgrade <code>github.com/go-jose/go-jose/v3</code> to version 3.0.1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/advisories/GHSA-2c7c-3mj9-8fqh">Github Advisory</a></li>
|
||||
<li><a href="https://github.com/go-jose/go-jose/commit/65351c27657d58960c2e6c9fbb2b00f818e50568">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/go-jose/go-jose/issues/64">GitHub Issue</a></li>
|
||||
</ul>
|
||||
@@ -1386,13 +1303,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r2 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">https://www.openssl.org/news/secadv/20230714.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">http://www.openwall.com/lists/oss-security/2023/07/15/1</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">https://security.netapp.com/advisory/ntap-20230725-0004/</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1545,18 +1462,18 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r3 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">https://www.openssl.org/news/secadv/20230719.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">http://www.openwall.com/lists/oss-security/2023/07/19/4</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">http://www.openwall.com/lists/oss-security/2023/07/19/6</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">https://security.netapp.com/advisory/ntap-20230803-0011/</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1707,20 +1624,20 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.2-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">https://www.openssl.org/news/secadv/20230731.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">http://seclists.org/fulldisclosure/2023/Jul/43</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">https://security.netapp.com/advisory/ntap-20230818-0014/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">http://www.openwall.com/lists/oss-security/2023/09/22/9</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">http://www.openwall.com/lists/oss-security/2023/09/22/11</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">https://security.netapp.com/advisory/ntap-20231027-0008/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1875,13 +1792,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2191,13 +2108,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2728,18 +2645,13 @@
|
||||
<li><a href="https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/sshtools/maverick-synergy/commit/3cd7fd156c0d1091e303824807be038b4eead2cd">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/sshtools/maverick-synergy/commit/aadec4c3a5051fd99ad4791c80eeac271d56c859">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/warp-tech/russh/commit/a355c62d11352cf93c3f9fda7499e03753a938ae">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/paramiko/paramiko/issues/2337">GitHub Issue</a></li>
|
||||
<li><a href="https://go.dev/issue/64784">GitHub Issue</a></li>
|
||||
<li><a href="https://github.com/jenkinsci/jenkins/pull/9089">GitHub PR</a></li>
|
||||
<li><a href="https://go.dev/cl/550715">Go Forum</a></li>
|
||||
<li><a href="https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg">Google Groups Forum</a></li>
|
||||
<li><a href="https://www.jenkins.io/security/advisory/2024-04-17/#SECURITY-3386">Jenkins Advisory</a></li>
|
||||
<li><a href="https://www.openssh.com/txt/release-9.6">Security Release</a></li>
|
||||
<li><a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/javascript/cves/2023/CVE-2023-48795.yaml">Nuclei Templates</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -4417,156 +4329,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="6 known vulnerabilities found in 54 vulnerable dependency paths.">
|
||||
<meta name="description" content="5 known vulnerabilities found in 45 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:24:39 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:22:00 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -466,8 +466,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>6</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>54 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>45 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>18</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -660,14 +660,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -844,13 +844,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1204,13 +1204,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1368,178 +1368,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="4 known vulnerabilities found in 36 vulnerable dependency paths.">
|
||||
<meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:20:37 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:22:21 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
@@ -467,8 +467,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>36 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>27 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>19</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -821,13 +821,13 @@
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -985,178 +985,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.19
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20231208.201137
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20231208.201137
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20231208.201137
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r5
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r15
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.4-r2
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.19</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.19</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-6593965">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:26:06 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:21:30 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -507,7 +507,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 18460
|
||||
Line number: 18466
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -553,7 +553,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 18537
|
||||
Line number: 18543
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -599,7 +599,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 18565
|
||||
Line number: 18571
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -645,7 +645,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 18595
|
||||
Line number: 18601
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -691,7 +691,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 18613
|
||||
Line number: 18619
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -737,7 +737,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 18629
|
||||
Line number: 18635
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -789,7 +789,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19755
|
||||
Line number: 19761
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -847,7 +847,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19112
|
||||
Line number: 19118
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -905,7 +905,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19345
|
||||
Line number: 19351
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -963,7 +963,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19311
|
||||
Line number: 19317
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1021,7 +1021,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19405
|
||||
Line number: 19411
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1079,7 +1079,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19498
|
||||
Line number: 19504
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1137,7 +1137,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19755
|
||||
Line number: 19761
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1195,7 +1195,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19555
|
||||
Line number: 19561
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1253,7 +1253,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19840
|
||||
Line number: 19846
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1311,7 +1311,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20162
|
||||
Line number: 20168
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1363,7 +1363,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19325
|
||||
Line number: 19331
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1415,7 +1415,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19112
|
||||
Line number: 19118
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1467,7 +1467,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19311
|
||||
Line number: 19317
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1519,7 +1519,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19498
|
||||
Line number: 19504
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1577,7 +1577,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19112
|
||||
Line number: 19118
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1635,7 +1635,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19311
|
||||
Line number: 19317
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1693,7 +1693,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19345
|
||||
Line number: 19351
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1751,7 +1751,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19405
|
||||
Line number: 19411
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1809,7 +1809,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19498
|
||||
Line number: 19504
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1867,7 +1867,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19755
|
||||
Line number: 19761
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1925,7 +1925,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19555
|
||||
Line number: 19561
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -1983,7 +1983,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19840
|
||||
Line number: 19846
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2041,7 +2041,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20162
|
||||
Line number: 20168
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2097,7 +2097,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19235
|
||||
Line number: 19241
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2153,7 +2153,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19353
|
||||
Line number: 19359
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2209,7 +2209,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19328
|
||||
Line number: 19334
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2265,7 +2265,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19432
|
||||
Line number: 19438
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2321,7 +2321,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19508
|
||||
Line number: 19514
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2377,7 +2377,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19762
|
||||
Line number: 19768
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2433,7 +2433,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 19728
|
||||
Line number: 19734
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2489,7 +2489,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20072
|
||||
Line number: 20078
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -2545,7 +2545,7 @@
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">
|
||||
Line number: 20310
|
||||
Line number: 20316
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:26:14 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:21:38 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
3027
docs/snyk/v2.8.13/argocd-test.html
Normal file
3027
docs/snyk/v2.8.13/argocd-test.html
Normal file
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="44 known vulnerabilities found in 130 vulnerable dependency paths.">
|
||||
<meta name="description" content="42 known vulnerabilities found in 121 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:20:13 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:19:56 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
@@ -469,8 +469,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>44</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>130 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>42</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>121 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>786</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -655,7 +655,7 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>busybox</code> to version 1.36.1-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">https://bugs.busybox.net/show_bug.cgi?id=15216</a></li>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">cve@mitre.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -818,14 +818,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -904,7 +904,6 @@
|
||||
<ul>
|
||||
<li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
|
||||
<li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
|
||||
<li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
|
||||
@@ -995,7 +994,6 @@
|
||||
<ul>
|
||||
<li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
|
||||
<li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
|
||||
<li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
|
||||
@@ -1016,86 +1014,6 @@
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--high">
|
||||
<span class="label__text">high severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Package Manager: golang
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
golang.org/x/net/http2
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/hairyhenderson/gomplate/v3@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.7.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/dexidp/dex@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.11.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="overview">Overview</h2>
|
||||
<p><a href="https://pkg.go.dev/golang.org/x/net/http2">golang.org/x/net/http2</a> is a work-in-progress HTTP/2 implementation for Go.</p>
|
||||
<p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from <code>CONTINUATION</code> frames. As part of the HPACK flow, all incoming <code>HEADERS</code> and <code>CONTINUATION</code> frames are read even if their payloads exceed <code>MaxHeaderBytes</code> and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>golang.org/x/net/http2</code> to version 0.23.0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/traefik/traefik/commit/099c7e9444a5d56918b8221672fc8d6a09a5d389">Github Commit</a></li>
|
||||
<li><a href="https://github.com/golang/net/commit/ba872109ef2dc8f1da778651bd1fd3792d0e4587">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/golang/go/issues/65051">GitHub Issue</a></li>
|
||||
<li><a href="https://pkg.go.dev/vuln/GO-2024-2687">Go Advisory</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Heap-based Buffer Overflow</h2>
|
||||
@@ -1236,7 +1154,6 @@
|
||||
<p>Upgrade <code>github.com/go-jose/go-jose/v3</code> to version 3.0.1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/advisories/GHSA-2c7c-3mj9-8fqh">Github Advisory</a></li>
|
||||
<li><a href="https://github.com/go-jose/go-jose/commit/65351c27657d58960c2e6c9fbb2b00f818e50568">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/go-jose/go-jose/issues/64">GitHub Issue</a></li>
|
||||
</ul>
|
||||
@@ -1386,13 +1303,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r2 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">https://www.openssl.org/news/secadv/20230714.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">http://www.openwall.com/lists/oss-security/2023/07/15/1</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">https://security.netapp.com/advisory/ntap-20230725-0004/</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1545,18 +1462,18 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r3 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">https://www.openssl.org/news/secadv/20230719.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">http://www.openwall.com/lists/oss-security/2023/07/19/4</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">http://www.openwall.com/lists/oss-security/2023/07/19/6</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">https://security.netapp.com/advisory/ntap-20230803-0011/</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1707,20 +1624,20 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.2-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">https://www.openssl.org/news/secadv/20230731.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">http://seclists.org/fulldisclosure/2023/Jul/43</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">https://security.netapp.com/advisory/ntap-20230818-0014/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">http://www.openwall.com/lists/oss-security/2023/09/22/9</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">http://www.openwall.com/lists/oss-security/2023/09/22/11</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">https://security.netapp.com/advisory/ntap-20231027-0008/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1875,13 +1792,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2191,13 +2108,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2728,18 +2645,13 @@
|
||||
<li><a href="https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/sshtools/maverick-synergy/commit/3cd7fd156c0d1091e303824807be038b4eead2cd">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/sshtools/maverick-synergy/commit/aadec4c3a5051fd99ad4791c80eeac271d56c859">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/warp-tech/russh/commit/a355c62d11352cf93c3f9fda7499e03753a938ae">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/paramiko/paramiko/issues/2337">GitHub Issue</a></li>
|
||||
<li><a href="https://go.dev/issue/64784">GitHub Issue</a></li>
|
||||
<li><a href="https://github.com/jenkinsci/jenkins/pull/9089">GitHub PR</a></li>
|
||||
<li><a href="https://go.dev/cl/550715">Go Forum</a></li>
|
||||
<li><a href="https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg">Google Groups Forum</a></li>
|
||||
<li><a href="https://www.jenkins.io/security/advisory/2024-04-17/#SECURITY-3386">Jenkins Advisory</a></li>
|
||||
<li><a href="https://www.openssh.com/txt/release-9.6">Security Release</a></li>
|
||||
<li><a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/javascript/cves/2023/CVE-2023-48795.yaml">Nuclei Templates</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -4417,156 +4329,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="6 known vulnerabilities found in 54 vulnerable dependency paths.">
|
||||
<meta name="description" content="5 known vulnerabilities found in 45 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:22:29 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:20:01 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -466,8 +466,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>6</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>54 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>45 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>18</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -660,14 +660,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -844,13 +844,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1204,13 +1204,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1368,178 +1368,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="10 known vulnerabilities found in 86 vulnerable dependency paths.">
|
||||
<meta name="description" content="9 known vulnerabilities found in 77 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:22:52 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:20:22 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -466,8 +466,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>10</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>86 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>77 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>18</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -583,7 +583,7 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>busybox</code> to version 1.36.1-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">https://bugs.busybox.net/show_bug.cgi?id=15216</a></li>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">cve@mitre.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -768,14 +768,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -945,13 +945,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r2 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">https://www.openssl.org/news/secadv/20230714.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">http://www.openwall.com/lists/oss-security/2023/07/15/1</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">https://security.netapp.com/advisory/ntap-20230725-0004/</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1126,18 +1126,18 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r3 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">https://www.openssl.org/news/secadv/20230719.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">http://www.openwall.com/lists/oss-security/2023/07/19/4</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">http://www.openwall.com/lists/oss-security/2023/07/19/6</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">https://security.netapp.com/advisory/ntap-20230803-0011/</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1310,20 +1310,20 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.2-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">https://www.openssl.org/news/secadv/20230731.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">http://seclists.org/fulldisclosure/2023/Jul/43</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">https://security.netapp.com/advisory/ntap-20230818-0014/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">http://www.openwall.com/lists/oss-security/2023/09/22/9</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">http://www.openwall.com/lists/oss-security/2023/09/22/11</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">https://security.netapp.com/advisory/ntap-20231027-0008/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1500,13 +1500,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1860,13 +1860,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2024,178 +2024,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20230614.215749
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20230614.215749
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20230614.215749
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
File diff suppressed because it is too large
Load Diff
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:24:05 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:19:27 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:24:14 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:19:35 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="44 known vulnerabilities found in 130 vulnerable dependency paths.">
|
||||
<meta name="description" content="42 known vulnerabilities found in 121 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:22:25 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:17:49 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following paths:</span>
|
||||
@@ -469,8 +469,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>44</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>130 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>42</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>121 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>786</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -655,7 +655,7 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>busybox</code> to version 1.36.1-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">https://bugs.busybox.net/show_bug.cgi?id=15216</a></li>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">cve@mitre.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -818,14 +818,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -904,7 +904,6 @@
|
||||
<ul>
|
||||
<li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
|
||||
<li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
|
||||
<li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
|
||||
@@ -995,7 +994,6 @@
|
||||
<ul>
|
||||
<li><a href="https://github.com/helidon-io/helidon/commit/58f43670086e530750c7cb74b0bec92bf5189c79">Github Commit</a></li>
|
||||
<li><a href="https://github.com/pgjones/hypercorn/commit/7c39c68b61012a3c30979176080861c8b00fb229">Github Commit</a></li>
|
||||
<li><a href="https://github.com/akka/akka-http/commit/1f29fe6a8567c57dfe848a21ae883304cce5646d">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/eclipse/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148">GitHub Commit</a></li>
|
||||
@@ -1016,86 +1014,6 @@
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--high">
|
||||
<span class="label__text">high severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Package Manager: golang
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
golang.org/x/net/http2
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/hairyhenderson/gomplate/v3@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.7.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
github.com/dexidp/dex@*
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
golang.org/x/net/http2@v0.11.0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="overview">Overview</h2>
|
||||
<p><a href="https://pkg.go.dev/golang.org/x/net/http2">golang.org/x/net/http2</a> is a work-in-progress HTTP/2 implementation for Go.</p>
|
||||
<p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from <code>CONTINUATION</code> frames. As part of the HPACK flow, all incoming <code>HEADERS</code> and <code>CONTINUATION</code> frames are read even if their payloads exceed <code>MaxHeaderBytes</code> and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>golang.org/x/net/http2</code> to version 0.23.0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/traefik/traefik/commit/099c7e9444a5d56918b8221672fc8d6a09a5d389">Github Commit</a></li>
|
||||
<li><a href="https://github.com/golang/net/commit/ba872109ef2dc8f1da778651bd1fd3792d0e4587">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/golang/go/issues/65051">GitHub Issue</a></li>
|
||||
<li><a href="https://pkg.go.dev/vuln/GO-2024-2687">Go Advisory</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
|
||||
<h2 class="card__title">Heap-based Buffer Overflow</h2>
|
||||
@@ -1236,7 +1154,6 @@
|
||||
<p>Upgrade <code>github.com/go-jose/go-jose/v3</code> to version 3.0.1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/advisories/GHSA-2c7c-3mj9-8fqh">Github Advisory</a></li>
|
||||
<li><a href="https://github.com/go-jose/go-jose/commit/65351c27657d58960c2e6c9fbb2b00f818e50568">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/go-jose/go-jose/issues/64">GitHub Issue</a></li>
|
||||
</ul>
|
||||
@@ -1386,13 +1303,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r2 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">https://www.openssl.org/news/secadv/20230714.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">http://www.openwall.com/lists/oss-security/2023/07/15/1</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">https://security.netapp.com/advisory/ntap-20230725-0004/</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1545,18 +1462,18 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r3 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">https://www.openssl.org/news/secadv/20230719.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">http://www.openwall.com/lists/oss-security/2023/07/19/4</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">http://www.openwall.com/lists/oss-security/2023/07/19/6</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">https://security.netapp.com/advisory/ntap-20230803-0011/</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1707,20 +1624,20 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.2-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">https://www.openssl.org/news/secadv/20230731.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">http://seclists.org/fulldisclosure/2023/Jul/43</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">https://security.netapp.com/advisory/ntap-20230818-0014/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">http://www.openwall.com/lists/oss-security/2023/09/22/9</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">http://www.openwall.com/lists/oss-security/2023/09/22/11</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">https://security.netapp.com/advisory/ntap-20231027-0008/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1875,13 +1792,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2191,13 +2108,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2728,18 +2645,13 @@
|
||||
<li><a href="https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/sshtools/maverick-synergy/commit/3cd7fd156c0d1091e303824807be038b4eead2cd">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/sshtools/maverick-synergy/commit/aadec4c3a5051fd99ad4791c80eeac271d56c859">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/warp-tech/russh/commit/a355c62d11352cf93c3f9fda7499e03753a938ae">GitHub Commit</a></li>
|
||||
<li><a href="https://github.com/paramiko/paramiko/issues/2337">GitHub Issue</a></li>
|
||||
<li><a href="https://go.dev/issue/64784">GitHub Issue</a></li>
|
||||
<li><a href="https://github.com/jenkinsci/jenkins/pull/9089">GitHub PR</a></li>
|
||||
<li><a href="https://go.dev/cl/550715">Go Forum</a></li>
|
||||
<li><a href="https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg">Google Groups Forum</a></li>
|
||||
<li><a href="https://www.jenkins.io/security/advisory/2024-04-17/#SECURITY-3386">Jenkins Advisory</a></li>
|
||||
<li><a href="https://www.openssh.com/txt/release-9.6">Security Release</a></li>
|
||||
<li><a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/javascript/cves/2023/CVE-2023-48795.yaml">Nuclei Templates</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -4417,156 +4329,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|ghcr.io/dexidp/dex@v2.37.0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="6 known vulnerabilities found in 54 vulnerable dependency paths.">
|
||||
<meta name="description" content="5 known vulnerabilities found in 45 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:20:17 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:17:53 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -466,8 +466,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>6</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>54 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>45 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>18</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -660,14 +660,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -844,13 +844,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1204,13 +1204,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1368,178 +1368,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.haproxy-rundeps@20230809.001942
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|haproxy@2.6.14-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.2-r0
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
File diff suppressed because it is too large
Load Diff
@@ -7,7 +7,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>Snyk test report</title>
|
||||
<meta name="description" content="10 known vulnerabilities found in 86 vulnerable dependency paths.">
|
||||
<meta name="description" content="9 known vulnerabilities found in 77 vulnerable dependency paths.">
|
||||
<base target="_blank">
|
||||
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
|
||||
sizes="194x194">
|
||||
@@ -456,7 +456,7 @@
|
||||
<div class="header-wrap">
|
||||
<h1 class="project__header__title">Snyk test report</h1>
|
||||
|
||||
<p class="timestamp">April 21st 2024, 12:25:00 am (UTC+00:00)</p>
|
||||
<p class="timestamp">March 24th 2024, 12:18:14 am (UTC+00:00)</p>
|
||||
</div>
|
||||
<div class="source-panel">
|
||||
<span>Scanned the following path:</span>
|
||||
@@ -466,8 +466,8 @@
|
||||
</div>
|
||||
|
||||
<div class="meta-counts">
|
||||
<div class="meta-count"><span>10</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>86 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
|
||||
<div class="meta-count"><span>77 vulnerable dependency paths</span></div>
|
||||
<div class="meta-count"><span>18</span> <span>dependencies</span></div>
|
||||
</div><!-- .meta-counts -->
|
||||
</div><!-- .layout-container--short -->
|
||||
@@ -583,7 +583,7 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>busybox</code> to version 1.36.1-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">https://bugs.busybox.net/show_bug.cgi?id=15216</a></li>
|
||||
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15216">cve@mitre.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -768,14 +768,14 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">http://www.openwall.com/lists/oss-security/2023/10/24/1</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">https://www.debian.org/security/2023/dsa-5532</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">https://www.openssl.org/news/secadv/20231024.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">https://security.netapp.com/advisory/ntap-20231027-0010/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">https://security.netapp.com/advisory/ntap-20240201-0003/</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">https://security.netapp.com/advisory/ntap-20240201-0004/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/10/24/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.debian.org/security/2023/dsa-5532">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231024.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0010/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0003/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240201-0004/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -945,13 +945,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r2 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">https://www.openssl.org/news/secadv/20230714.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">http://www.openwall.com/lists/oss-security/2023/07/15/1</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">https://security.netapp.com/advisory/ntap-20230725-0004/</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230714.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/15/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230725-0004/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1126,18 +1126,18 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.1-r3 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">https://www.openssl.org/news/secadv/20230719.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">http://www.openwall.com/lists/oss-security/2023/07/19/4</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">http://www.openwall.com/lists/oss-security/2023/07/19/6</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">https://security.netapp.com/advisory/ntap-20230803-0011/</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230719.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230803-0011/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1310,20 +1310,20 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.2-r0 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">https://www.openssl.org/news/secadv/20230731.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">http://www.openwall.com/lists/oss-security/2023/07/31/1</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">http://seclists.org/fulldisclosure/2023/Jul/43</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">https://security.netapp.com/advisory/ntap-20230818-0014/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">http://www.openwall.com/lists/oss-security/2023/09/22/9</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">http://www.openwall.com/lists/oss-security/2023/09/22/11</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">https://security.netapp.com/advisory/ntap-20231027-0008/</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">https://security.gentoo.org/glsa/202402-08</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20230731.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/07/31/1">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://seclists.org/fulldisclosure/2023/Jul/43">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20230818-0014/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/9">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/09/22/11">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231027-0008/">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.gentoo.org/glsa/202402-08">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1500,13 +1500,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r1 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">https://www.openssl.org/news/secadv/20231106.txt</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">http://www.openwall.com/lists/oss-security/2023/11/06/2</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">https://security.netapp.com/advisory/ntap-20231130-0010/</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20231106.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="http://www.openwall.com/lists/oss-security/2023/11/06/2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20231130-0010/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -1860,13 +1860,13 @@
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r5 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">https://www.openssl.org/news/secadv/20240125.txt</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">https://security.netapp.com/advisory/ntap-20240208-0006/</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240125.txt">openssl-security@openssl.org</a></li>
|
||||
<li><a href="https://security.netapp.com/advisory/ntap-20240208-0006/">openssl-security@openssl.org</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
@@ -2024,178 +2024,6 @@
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
|
||||
<h2 class="card__title">CVE-2024-2511</h2>
|
||||
<div class="card__section">
|
||||
|
||||
<div class="label label--low">
|
||||
<span class="label__text">low severity</span>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<ul class="card__meta">
|
||||
<li class="card__meta__item">
|
||||
Package Manager: alpine:3.18
|
||||
</li>
|
||||
<li class="card__meta__item">
|
||||
Vulnerable module:
|
||||
|
||||
openssl/libcrypto3
|
||||
</li>
|
||||
|
||||
<li class="card__meta__item">Introduced through:
|
||||
|
||||
docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
|
||||
<h3 class="card__section__title">Detailed paths</h3>
|
||||
|
||||
<ul class="card__meta__paths">
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20230614.215749
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20230614.215749
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libcrypto3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
.redis-rundeps@20230614.215749
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
apk-tools/apk-tools@2.14.0-r2
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
<li>
|
||||
<span class="list-paths__item__introduced"><em>Introduced through</em>:
|
||||
docker-image|redis@7.0.11-alpine
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
busybox/ssl_client@1.36.1-r0
|
||||
<span class="list-paths__item__arrow">›</span>
|
||||
openssl/libssl3@3.1.1-r1
|
||||
|
||||
</span>
|
||||
|
||||
</li>
|
||||
</ul><!-- .list-paths -->
|
||||
|
||||
</div><!-- .card__section -->
|
||||
|
||||
<hr/>
|
||||
<!-- Overview -->
|
||||
<h2 id="nvd-description">NVD Description</h2>
|
||||
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
|
||||
<em>See <code>How to fix?</code> for <code>Alpine:3.18</code> relevant fixed versions and status.</em></p>
|
||||
<p>Issue summary: Some non-default TLS server configurations can cause unbounded
|
||||
memory growth when processing TLSv1.3 sessions</p>
|
||||
<p>Impact summary: An attacker may exploit certain server configurations to trigger
|
||||
unbounded memory growth that would lead to a Denial of Service</p>
|
||||
<p>This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
|
||||
being used (but not if early_data support is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions, the
|
||||
session cache can get into an incorrect state and it will fail to flush properly
|
||||
as it fills. The session cache will continue to grow in an unbounded manner. A
|
||||
malicious client could deliberately create the scenario for this failure to
|
||||
force a Denial of Service. It may also happen by accident in normal operation.</p>
|
||||
<p>This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
|
||||
clients.</p>
|
||||
<p>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
|
||||
1.0.2 is also not affected by this issue.</p>
|
||||
<h2 id="remediation">Remediation</h2>
|
||||
<p>Upgrade <code>Alpine:3.18</code> <code>openssl</code> to version 3.1.4-r6 or higher.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce">https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d">https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d</a></li>
|
||||
<li><a href="https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08">https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08</a></li>
|
||||
<li><a href="https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640">https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640</a></li>
|
||||
<li><a href="https://www.openssl.org/news/secadv/20240408.txt">https://www.openssl.org/news/secadv/20240408.txt</a></li>
|
||||
</ul>
|
||||
|
||||
<hr/>
|
||||
|
||||
<div class="cta card__cta">
|
||||
<p><a href="https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964">More about this vulnerability</a></p>
|
||||
</div>
|
||||
|
||||
</div><!-- .card -->
|
||||
</div><!-- cards -->
|
||||
</div>
|
||||
</main><!-- .layout-stacked__content -->
|
||||
@@ -114,7 +114,7 @@ metadata:
|
||||
...
|
||||
```
|
||||
|
||||
Note: This annotation is only effective when Server-Side Diff is
|
||||
Note: This annoation is only effective when Server-Side Diff is
|
||||
enabled. To enable both options for a given application add the
|
||||
following annotation in the Argo CD Application resource:
|
||||
|
||||
|
||||
@@ -201,28 +201,6 @@ the result will be param1=value5
|
||||
The list of parameters seen in the ui is not what is used for resources, rather it is the values/valuesObject merged with parameters (see [this issue](https://github.com/argoproj/argo-cd/issues/9213) incase it has been resolved)
|
||||
As a workaround using parameters instead of values/valuesObject will provide a better overview of what will be used for resources
|
||||
|
||||
## Helm --set-file support
|
||||
|
||||
The `--set-file` argument to helm can be used with the following syntax on
|
||||
the cli:
|
||||
|
||||
```bash
|
||||
argocd app set helm-guestbook --helm-set-file some.key=path/to/file.ext
|
||||
```
|
||||
|
||||
or using the fileParameters for yaml:
|
||||
|
||||
```yaml
|
||||
source:
|
||||
helm:
|
||||
fileParameters:
|
||||
- name: some.key
|
||||
value: path/to/file.ext
|
||||
```
|
||||
|
||||
!!! warning "Reference in multiple sources not supported"
|
||||
Please note that using a multiple sources application will not let you load the file by reference. See [argoproj/argo-cd#13220](https://github.com/argoproj/argo-cd/issues/13220)
|
||||
|
||||
## Helm Release Name
|
||||
|
||||
By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised Argo CD,
|
||||
|
||||
@@ -14,45 +14,7 @@ The URLs for status image are available on application details page:
|
||||
for the status image URL in markdown, html, etc are available .
|
||||
4. Copy the text and paste it into your README or website.
|
||||
|
||||
## Additional query parameters options
|
||||
### showAppName
|
||||
Display the application name in the status badge.
|
||||
The application name may optionally be displayed in the status badge by adding the `?showAppName=true` query parameter.
|
||||
|
||||
Available values: `true/false`
|
||||
|
||||
Default value: `false`
|
||||
|
||||
Example: `&showAppName=true`
|
||||
|
||||
### revision
|
||||
Display revision targeted by the application.
|
||||
|
||||
It will also extend the badge width to 192px.
|
||||
|
||||
Available values: `true/false`
|
||||
|
||||
Default value: `false`
|
||||
|
||||
Example: `&revision=true`
|
||||
### keepFullRevision
|
||||
By default, displayed revision is truncated to 7 characters.
|
||||
|
||||
This parameter allows to display it fully if it exceeds that length.
|
||||
|
||||
It will also extend the badge width to 400px.
|
||||
|
||||
Available values: `true/false`
|
||||
|
||||
Default value: `false`
|
||||
|
||||
Example: `&keepFullRevision=true`
|
||||
### width
|
||||
Change width of the badge.
|
||||
|
||||
Completely replace current calculated width.
|
||||
|
||||
Available values: `integer`
|
||||
|
||||
Default value: `nil`
|
||||
|
||||
Example: `&width=500`
|
||||
For example, `${argoCdBaseUrl}/api/badge?name=${appName}&showAppName=true`.
|
||||
To remove the application name from the badge, remove the query parameter from the URL or set it to `false`.
|
||||
@@ -38,7 +38,7 @@ operation:
|
||||
username: <username>
|
||||
sync:
|
||||
syncStrategy:
|
||||
hook: {}
|
||||
hook: {}
|
||||
```
|
||||
|
||||
```bash
|
||||
|
||||
@@ -165,21 +165,6 @@ metadata:
|
||||
argocd.argoproj.io/sync-options: Replace=true
|
||||
```
|
||||
|
||||
## Force Sync
|
||||
|
||||
For certain resources you might want to delete and recreate. e.g. job resources that should run every time when syncing.
|
||||
|
||||
!!! warning
|
||||
During the sync process, the resources will be synchronized using the 'kubectl delete/create' command.
|
||||
This sync option has a destructive action, which could cause an outage for your application.
|
||||
|
||||
In such cases you might use `Force=true` sync option in target resources annotation:
|
||||
```yaml
|
||||
metadata:
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Force=true,Replace=true
|
||||
```
|
||||
|
||||
## Server-Side Apply
|
||||
|
||||
This option enables Kubernetes
|
||||
|
||||
22
go.mod
22
go.mod
@@ -5,7 +5,7 @@ go 1.21
|
||||
toolchain go1.21.0
|
||||
|
||||
require (
|
||||
code.gitea.io/sdk/gitea v0.18.0
|
||||
code.gitea.io/sdk/gitea v0.15.1
|
||||
github.com/Azure/kubelogin v0.0.20
|
||||
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible
|
||||
github.com/Masterminds/semver/v3 v3.2.1
|
||||
@@ -13,7 +13,7 @@ require (
|
||||
github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d
|
||||
github.com/alicebob/miniredis/v2 v2.30.4
|
||||
github.com/antonmedv/expr v1.15.2
|
||||
github.com/argoproj/gitops-engine v0.7.1-0.20240416142647-fbecbb86e412
|
||||
github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757
|
||||
github.com/argoproj/notifications-engine v0.4.1-0.20240206192038-2daee6022f41
|
||||
github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1
|
||||
github.com/aws/aws-sdk-go v1.50.8
|
||||
@@ -40,7 +40,7 @@ require (
|
||||
github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355
|
||||
github.com/gogo/protobuf v1.3.2
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0
|
||||
github.com/golang/protobuf v1.5.4
|
||||
github.com/golang/protobuf v1.5.3
|
||||
github.com/google/go-cmp v0.6.0
|
||||
github.com/google/go-github/v35 v35.3.0
|
||||
github.com/google/go-jsonnet v0.20.0
|
||||
@@ -82,14 +82,14 @@ require (
|
||||
go.opentelemetry.io/otel v1.21.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
|
||||
go.opentelemetry.io/otel/sdk v1.21.0
|
||||
golang.org/x/crypto v0.22.0
|
||||
golang.org/x/crypto v0.19.0
|
||||
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
|
||||
golang.org/x/oauth2 v0.11.0
|
||||
golang.org/x/sync v0.3.0
|
||||
golang.org/x/term v0.19.0
|
||||
golang.org/x/term v0.17.0
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d
|
||||
google.golang.org/grpc v1.59.0
|
||||
google.golang.org/protobuf v1.33.0
|
||||
google.golang.org/protobuf v1.31.0
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
k8s.io/api v0.26.11
|
||||
@@ -129,8 +129,6 @@ require (
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
|
||||
github.com/aws/smithy-go v1.19.0 // indirect
|
||||
github.com/davidmz/go-pageant v1.0.2 // indirect
|
||||
github.com/go-fed/httpsig v1.1.0 // indirect
|
||||
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
|
||||
github.com/google/s2a-go v0.1.4 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
|
||||
@@ -210,7 +208,7 @@ require (
|
||||
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
|
||||
github.com/hashicorp/go-version v1.6.0 // indirect
|
||||
github.com/hashicorp/go-version v1.2.1 // indirect
|
||||
github.com/huandu/xstrings v1.3.3 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
||||
github.com/itchyny/timefmt-go v0.1.5 // indirect
|
||||
@@ -269,8 +267,8 @@ require (
|
||||
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
|
||||
go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
|
||||
golang.org/x/mod v0.12.0 // indirect
|
||||
golang.org/x/net v0.23.0
|
||||
golang.org/x/sys v0.19.0 // indirect
|
||||
golang.org/x/net v0.19.0
|
||||
golang.org/x/sys v0.17.0 // indirect
|
||||
golang.org/x/text v0.14.0 // indirect
|
||||
golang.org/x/time v0.3.0
|
||||
golang.org/x/tools v0.13.0 // indirect
|
||||
@@ -297,7 +295,7 @@ replace (
|
||||
// https://github.com/golang/go/issues/33546#issuecomment-519656923
|
||||
github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
|
||||
|
||||
github.com/golang/protobuf => github.com/golang/protobuf v1.5.4
|
||||
github.com/golang/protobuf => github.com/golang/protobuf v1.4.2
|
||||
github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0
|
||||
|
||||
// Avoid CVE-2023-46402
|
||||
|
||||
39
go.sum
39
go.sum
@@ -597,8 +597,9 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS
|
||||
cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M=
|
||||
cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA=
|
||||
cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw=
|
||||
code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI=
|
||||
code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI=
|
||||
code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
|
||||
code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M=
|
||||
code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA=
|
||||
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
|
||||
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
@@ -693,8 +694,8 @@ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb
|
||||
github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
|
||||
github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU=
|
||||
github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
|
||||
github.com/argoproj/gitops-engine v0.7.1-0.20240416142647-fbecbb86e412 h1:je2wJpWtaoS55mA5MBPCeDnKMeF42pkxO9Oa5KbWrdg=
|
||||
github.com/argoproj/gitops-engine v0.7.1-0.20240416142647-fbecbb86e412/go.mod h1:gWE8uROi7hIkWGNAVM+8FWkMfo0vZ03SLx/aFw/DBzg=
|
||||
github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757 h1:5fKAhTQcTBom0vin56cz/UTPx2GMuvdb+lJRAUOPbHA=
|
||||
github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757/go.mod h1:gWE8uROi7hIkWGNAVM+8FWkMfo0vZ03SLx/aFw/DBzg=
|
||||
github.com/argoproj/notifications-engine v0.4.1-0.20240206192038-2daee6022f41 h1:PQE8LbcbRHdtnQzeEWwVU2QHXACKOA30yS3No5HSoTQ=
|
||||
github.com/argoproj/notifications-engine v0.4.1-0.20240206192038-2daee6022f41/go.mod h1:TsyusmXQWIL0ST7YMRG/ered7WlWDmbmnPpXnS2LJmM=
|
||||
github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo=
|
||||
@@ -831,8 +832,6 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0=
|
||||
github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE=
|
||||
github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
|
||||
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I=
|
||||
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE=
|
||||
@@ -921,8 +920,6 @@ github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
|
||||
github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
|
||||
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
|
||||
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
|
||||
github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
|
||||
github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
|
||||
github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g=
|
||||
github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks=
|
||||
github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
|
||||
@@ -1093,8 +1090,8 @@ github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71
|
||||
github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
|
||||
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
|
||||
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
|
||||
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
|
||||
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
|
||||
github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
|
||||
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
|
||||
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
@@ -1256,8 +1253,8 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv
|
||||
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||
github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
|
||||
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
|
||||
github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
|
||||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
@@ -1802,7 +1799,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
|
||||
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
@@ -1818,9 +1814,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45
|
||||
golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
|
||||
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
|
||||
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
|
||||
golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
|
||||
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
|
||||
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
|
||||
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
|
||||
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
@@ -1966,8 +1961,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
|
||||
golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
|
||||
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
|
||||
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
|
||||
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
|
||||
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
|
||||
golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
|
||||
golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@@ -2139,9 +2134,8 @@ golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
|
||||
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
|
||||
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
@@ -2156,9 +2150,8 @@ golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
|
||||
golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
|
||||
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
|
||||
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
|
||||
golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
|
||||
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
|
||||
golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
|
||||
golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@@ -2235,6 +2228,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK
|
||||
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
|
||||
golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
|
||||
golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
|
||||
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
|
||||
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
@@ -2582,9 +2576,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
|
||||
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
|
||||
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
|
||||
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
|
||||
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
|
||||
|
||||
@@ -2,7 +2,6 @@ package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
@@ -28,6 +27,7 @@ func getCustomResourceDefinitions() map[string]*extensionsobj.CustomResourceDefi
|
||||
crdYamlBytes, err := exec.Command(
|
||||
"controller-gen",
|
||||
"paths=./pkg/apis/application/...",
|
||||
"crd:trivialVersions=true",
|
||||
"crd:crdVersions=v1",
|
||||
"output:crd:stdout",
|
||||
).Output()
|
||||
@@ -117,10 +117,6 @@ func removeDescription(v interface{}) {
|
||||
|
||||
func checkErr(err error) {
|
||||
if err != nil {
|
||||
var execError *exec.ExitError
|
||||
if errors.As(err, &execError) {
|
||||
fmt.Println(string(execError.Stderr))
|
||||
}
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,7 +45,7 @@ go_mod_install k8s.io/code-generator/cmd/lister-gen
|
||||
go_mod_install k8s.io/kube-openapi/cmd/openapi-gen
|
||||
|
||||
# controller-gen is run by ./hack/gen-crd-spec to generate the CRDs
|
||||
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
|
||||
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1
|
||||
|
||||
# swagger cli is used to generate swagger docs
|
||||
go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0
|
||||
|
||||
@@ -37,8 +37,8 @@ git clone https://github.com/argoproj/argo-cd.git
|
||||
cd argo-cd
|
||||
git checkout master
|
||||
|
||||
minor_version=$(git tag -l | sort -V | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+')
|
||||
patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1)
|
||||
minor_version=$(git tag -l | sort -g | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+')
|
||||
patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1)
|
||||
version="v$minor_version.$patch_num"
|
||||
versions="master "
|
||||
|
||||
@@ -54,7 +54,7 @@ for i in $(seq "$version_count"); do
|
||||
minor_num=$(printf '%s' "$minor_version" | sed -E 's/[0-9]+\.//')
|
||||
minor_num=$((minor_num-1))
|
||||
minor_version=$(printf '%s' "$minor_version" | sed -E "s/\.[0-9]+$/.$minor_num/g")
|
||||
patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1)
|
||||
patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1)
|
||||
version="v$minor_version.$patch_num"
|
||||
done
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ kind: Kustomization
|
||||
images:
|
||||
- name: quay.io/argoproj/argocd
|
||||
newName: quay.io/argoproj/argocd
|
||||
newTag: latest
|
||||
newTag: v2.11.0-rc2
|
||||
resources:
|
||||
- ./application-controller
|
||||
- ./dex
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
serviceAccountName: argocd-redis
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- "--save"
|
||||
|
||||
@@ -198,12 +198,6 @@ spec:
|
||||
key: reposerver.git.request.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_GRPC_MAX_SIZE_MB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.grpc.max.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
|
||||
@@ -35,19 +35,14 @@ spec:
|
||||
description: Application is a definition of Application resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -145,21 +140,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version (Helm)
|
||||
which to sync the application to If omitted, will use the revision
|
||||
specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or chart
|
||||
version (Helm) which to sync each source in sources field for
|
||||
the application to If omitted, will use the revision specified
|
||||
in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must be specified
|
||||
@@ -480,18 +476,18 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be
|
||||
commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required information
|
||||
about the source of an application
|
||||
@@ -819,10 +815,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -841,10 +838,10 @@ spec:
|
||||
the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -852,10 +849,10 @@ spec:
|
||||
perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -876,9 +873,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -907,9 +904,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted managers.
|
||||
Fields mutated by those managers will take precedence over
|
||||
the desired state defined in the SCM and won't be displayed
|
||||
in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -936,17 +934,18 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
project:
|
||||
description: |-
|
||||
Project is a reference to the project this application belongs to.
|
||||
The empty string means that application belongs to the 'default' project.
|
||||
description: Project is a reference to the project this application
|
||||
belongs to. The empty string means that application belongs to the
|
||||
'default' project.
|
||||
type: string
|
||||
revisionHistoryLimit:
|
||||
description: |-
|
||||
RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
|
||||
This should only be changed in exceptional circumstances.
|
||||
Setting to zero will store no history. This will reduce storage used.
|
||||
Increasing will increase the space used to store the history, so we do not recommend increasing it.
|
||||
Default is 10.
|
||||
description: RevisionHistoryLimit limits the number of items kept
|
||||
in the application's revision history, which is used for informational
|
||||
purposes as well as for rollbacks to previous versions. This should
|
||||
only be changed in exceptional circumstances. Setting to zero will
|
||||
store no history. This will reduce storage used. Increasing will
|
||||
increase the space used to store the history, so we do not recommend
|
||||
increasing it. Default is 10.
|
||||
format: int64
|
||||
type: integer
|
||||
source:
|
||||
@@ -1265,10 +1264,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -1597,10 +1596,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of
|
||||
Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2093,10 +2092,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2438,10 +2438,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2453,9 +2454,9 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
observedAt:
|
||||
description: |-
|
||||
ObservedAt indicates when the application state was updated without querying latest git state
|
||||
Deprecated: controller no longer updates ObservedAt field
|
||||
description: 'ObservedAt indicates when the application state was
|
||||
updated without querying latest git state Deprecated: controller
|
||||
no longer updates ObservedAt field'
|
||||
format: date-time
|
||||
type: string
|
||||
operationState:
|
||||
@@ -2568,21 +2569,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version
|
||||
(Helm) which to sync the application to If omitted,
|
||||
will use the revision specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or
|
||||
chart version (Helm) which to sync each source in sources
|
||||
field for the application to If omitted, will use the
|
||||
revision specified in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must
|
||||
@@ -2925,18 +2927,19 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required
|
||||
information about the source of an application
|
||||
@@ -3287,10 +3290,11 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision
|
||||
of the source to sync the application to. In case
|
||||
of Git, this can be commit, tag, or branch. If
|
||||
omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -3311,10 +3315,11 @@ spec:
|
||||
to perform the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -3322,10 +3327,11 @@ spec:
|
||||
to perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -3369,9 +3375,9 @@ spec:
|
||||
description: Group specifies the API group of the resource
|
||||
type: string
|
||||
hookPhase:
|
||||
description: |-
|
||||
HookPhase contains the state of any operation associated with this resource OR hook
|
||||
This can also contain values for non-hook resources.
|
||||
description: HookPhase contains the state of any operation
|
||||
associated with this resource OR hook This can also
|
||||
contain values for non-hook resources.
|
||||
type: string
|
||||
hookType:
|
||||
description: HookType specifies the type of the hook.
|
||||
@@ -3756,10 +3762,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4110,10 +4117,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4140,9 +4148,8 @@ spec:
|
||||
description: Resources is a list of Kubernetes resources managed by
|
||||
this application
|
||||
items:
|
||||
description: |-
|
||||
ResourceStatus holds the current sync and health status of a resource
|
||||
TODO: describe members of this type
|
||||
description: 'ResourceStatus holds the current sync and health status
|
||||
of a resource TODO: describe members of this type'
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -4225,9 +4232,10 @@ spec:
|
||||
if Server is not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace
|
||||
for the application's resources. The namespace will
|
||||
only be set for namespace-scoped resources that have
|
||||
not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -4256,9 +4264,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted
|
||||
managers. Fields mutated by those managers will take
|
||||
precedence over the desired state defined in the SCM
|
||||
and won't be displayed in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -4604,10 +4613,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4958,10 +4968,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -5058,7 +5069,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -5655,7 +5665,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -7418,7 +7427,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -8015,7 +8023,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -11881,7 +11888,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
template:
|
||||
@@ -12478,7 +12484,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -13075,7 +13080,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -16941,7 +16945,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
mergeKeys:
|
||||
@@ -19642,7 +19645,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
goTemplate:
|
||||
@@ -20329,37 +20331,6 @@ spec:
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
resources:
|
||||
items:
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
health:
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
status:
|
||||
type: string
|
||||
type: object
|
||||
hook:
|
||||
type: boolean
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
requiresPruning:
|
||||
type: boolean
|
||||
status:
|
||||
type: string
|
||||
syncWave:
|
||||
format: int64
|
||||
type: integer
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
@@ -20392,28 +20363,22 @@ spec:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
AppProject provides a logical grouping of applications, providing controls for:
|
||||
* where the apps may deploy to (cluster whitelist)
|
||||
* what may be deployed (repository whitelist, resource whitelist/blacklist)
|
||||
* who can access these applications (roles, OIDC group claims bindings)
|
||||
* and what they can do (RBAC policies)
|
||||
* automation access to these roles (JWT tokens)
|
||||
description: 'AppProject provides a logical grouping of applications, providing
|
||||
controls for: * where the apps may deploy to (cluster whitelist) * what
|
||||
may be deployed (repository whitelist, resource whitelist/blacklist) * who
|
||||
can access these applications (roles, OIDC group claims bindings) * and
|
||||
what they can do (RBAC policies) * automation access to these roles (JWT
|
||||
tokens)'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -20424,9 +20389,9 @@ spec:
|
||||
description: ClusterResourceBlacklist contains list of blacklisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20441,9 +20406,9 @@ spec:
|
||||
description: ClusterResourceWhitelist contains list of whitelisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20470,9 +20435,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -20485,9 +20450,9 @@ spec:
|
||||
description: NamespaceResourceBlacklist contains list of blacklisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20502,9 +20467,9 @@ spec:
|
||||
description: NamespaceResourceWhitelist contains list of whitelisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -21219,7 +21184,7 @@ spec:
|
||||
key: applicationsetcontroller.enable.scm.providers
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -21314,7 +21279,7 @@ spec:
|
||||
- ""
|
||||
- --appendonly
|
||||
- "no"
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: Always
|
||||
name: redis
|
||||
ports:
|
||||
@@ -21543,19 +21508,13 @@ spec:
|
||||
key: reposerver.git.request.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_GRPC_MAX_SIZE_MB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.grpc.max.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -21607,7 +21566,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -21874,7 +21833,7 @@ spec:
|
||||
key: controller.ignore.normalizer.jq.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
|
||||
@@ -12,4 +12,4 @@ resources:
|
||||
images:
|
||||
- name: quay.io/argoproj/argocd
|
||||
newName: quay.io/argoproj/argocd
|
||||
newTag: latest
|
||||
newTag: v2.11.0-rc2
|
||||
|
||||
@@ -34,19 +34,14 @@ spec:
|
||||
description: Application is a definition of Application resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -144,21 +139,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version (Helm)
|
||||
which to sync the application to If omitted, will use the revision
|
||||
specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or chart
|
||||
version (Helm) which to sync each source in sources field for
|
||||
the application to If omitted, will use the revision specified
|
||||
in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must be specified
|
||||
@@ -479,18 +475,18 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be
|
||||
commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required information
|
||||
about the source of an application
|
||||
@@ -818,10 +814,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -840,10 +837,10 @@ spec:
|
||||
the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -851,10 +848,10 @@ spec:
|
||||
perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -875,9 +872,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -906,9 +903,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted managers.
|
||||
Fields mutated by those managers will take precedence over
|
||||
the desired state defined in the SCM and won't be displayed
|
||||
in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -935,17 +933,18 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
project:
|
||||
description: |-
|
||||
Project is a reference to the project this application belongs to.
|
||||
The empty string means that application belongs to the 'default' project.
|
||||
description: Project is a reference to the project this application
|
||||
belongs to. The empty string means that application belongs to the
|
||||
'default' project.
|
||||
type: string
|
||||
revisionHistoryLimit:
|
||||
description: |-
|
||||
RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
|
||||
This should only be changed in exceptional circumstances.
|
||||
Setting to zero will store no history. This will reduce storage used.
|
||||
Increasing will increase the space used to store the history, so we do not recommend increasing it.
|
||||
Default is 10.
|
||||
description: RevisionHistoryLimit limits the number of items kept
|
||||
in the application's revision history, which is used for informational
|
||||
purposes as well as for rollbacks to previous versions. This should
|
||||
only be changed in exceptional circumstances. Setting to zero will
|
||||
store no history. This will reduce storage used. Increasing will
|
||||
increase the space used to store the history, so we do not recommend
|
||||
increasing it. Default is 10.
|
||||
format: int64
|
||||
type: integer
|
||||
source:
|
||||
@@ -1264,10 +1263,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -1596,10 +1595,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of
|
||||
Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2092,10 +2091,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2437,10 +2437,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2452,9 +2453,9 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
observedAt:
|
||||
description: |-
|
||||
ObservedAt indicates when the application state was updated without querying latest git state
|
||||
Deprecated: controller no longer updates ObservedAt field
|
||||
description: 'ObservedAt indicates when the application state was
|
||||
updated without querying latest git state Deprecated: controller
|
||||
no longer updates ObservedAt field'
|
||||
format: date-time
|
||||
type: string
|
||||
operationState:
|
||||
@@ -2567,21 +2568,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version
|
||||
(Helm) which to sync the application to If omitted,
|
||||
will use the revision specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or
|
||||
chart version (Helm) which to sync each source in sources
|
||||
field for the application to If omitted, will use the
|
||||
revision specified in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must
|
||||
@@ -2924,18 +2926,19 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required
|
||||
information about the source of an application
|
||||
@@ -3286,10 +3289,11 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision
|
||||
of the source to sync the application to. In case
|
||||
of Git, this can be commit, tag, or branch. If
|
||||
omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -3310,10 +3314,11 @@ spec:
|
||||
to perform the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -3321,10 +3326,11 @@ spec:
|
||||
to perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -3368,9 +3374,9 @@ spec:
|
||||
description: Group specifies the API group of the resource
|
||||
type: string
|
||||
hookPhase:
|
||||
description: |-
|
||||
HookPhase contains the state of any operation associated with this resource OR hook
|
||||
This can also contain values for non-hook resources.
|
||||
description: HookPhase contains the state of any operation
|
||||
associated with this resource OR hook This can also
|
||||
contain values for non-hook resources.
|
||||
type: string
|
||||
hookType:
|
||||
description: HookType specifies the type of the hook.
|
||||
@@ -3755,10 +3761,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4109,10 +4116,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4139,9 +4147,8 @@ spec:
|
||||
description: Resources is a list of Kubernetes resources managed by
|
||||
this application
|
||||
items:
|
||||
description: |-
|
||||
ResourceStatus holds the current sync and health status of a resource
|
||||
TODO: describe members of this type
|
||||
description: 'ResourceStatus holds the current sync and health status
|
||||
of a resource TODO: describe members of this type'
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -4224,9 +4231,10 @@ spec:
|
||||
if Server is not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace
|
||||
for the application's resources. The namespace will
|
||||
only be set for namespace-scoped resources that have
|
||||
not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -4255,9 +4263,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted
|
||||
managers. Fields mutated by those managers will take
|
||||
precedence over the desired state defined in the SCM
|
||||
and won't be displayed in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -4603,10 +4612,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4957,10 +4967,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
|
||||
@@ -61,7 +61,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -658,7 +657,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -2421,7 +2419,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -3018,7 +3015,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -6884,7 +6880,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
template:
|
||||
@@ -7481,7 +7476,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -8078,7 +8072,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -11944,7 +11937,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
mergeKeys:
|
||||
@@ -14645,7 +14637,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
goTemplate:
|
||||
@@ -15332,37 +15323,6 @@ spec:
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
resources:
|
||||
items:
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
health:
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
status:
|
||||
type: string
|
||||
type: object
|
||||
hook:
|
||||
type: boolean
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
requiresPruning:
|
||||
type: boolean
|
||||
status:
|
||||
type: string
|
||||
syncWave:
|
||||
format: int64
|
||||
type: integer
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
|
||||
@@ -20,28 +20,22 @@ spec:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
AppProject provides a logical grouping of applications, providing controls for:
|
||||
* where the apps may deploy to (cluster whitelist)
|
||||
* what may be deployed (repository whitelist, resource whitelist/blacklist)
|
||||
* who can access these applications (roles, OIDC group claims bindings)
|
||||
* and what they can do (RBAC policies)
|
||||
* automation access to these roles (JWT tokens)
|
||||
description: 'AppProject provides a logical grouping of applications, providing
|
||||
controls for: * where the apps may deploy to (cluster whitelist) * what
|
||||
may be deployed (repository whitelist, resource whitelist/blacklist) * who
|
||||
can access these applications (roles, OIDC group claims bindings) * and
|
||||
what they can do (RBAC policies) * automation access to these roles (JWT
|
||||
tokens)'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -52,9 +46,9 @@ spec:
|
||||
description: ClusterResourceBlacklist contains list of blacklisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -69,9 +63,9 @@ spec:
|
||||
description: ClusterResourceWhitelist contains list of whitelisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -98,9 +92,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -113,9 +107,9 @@ spec:
|
||||
description: NamespaceResourceBlacklist contains list of blacklisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -130,9 +124,9 @@ spec:
|
||||
description: NamespaceResourceWhitelist contains list of whitelisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
|
||||
@@ -12,7 +12,7 @@ patches:
|
||||
images:
|
||||
- name: quay.io/argoproj/argocd
|
||||
newName: quay.io/argoproj/argocd
|
||||
newTag: latest
|
||||
newTag: v2.11.0-rc2
|
||||
resources:
|
||||
- ../../base/application-controller
|
||||
- ../../base/applicationset-controller
|
||||
|
||||
@@ -1207,7 +1207,7 @@ spec:
|
||||
automountServiceAccountToken: false
|
||||
initContainers:
|
||||
- name: config-init
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
{}
|
||||
@@ -1241,7 +1241,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- redis-server
|
||||
@@ -1298,7 +1298,7 @@ spec:
|
||||
- /bin/sh
|
||||
- /readonly-config/trigger-failover-if-master.sh
|
||||
- name: sentinel
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- redis-sentinel
|
||||
@@ -1349,7 +1349,7 @@ spec:
|
||||
{}
|
||||
|
||||
- name: split-brain-fix
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- sh
|
||||
|
||||
@@ -20,7 +20,7 @@ redis-ha:
|
||||
metrics:
|
||||
enabled: true
|
||||
image:
|
||||
tag: 7.0.15-alpine
|
||||
tag: 7.0.14-alpine
|
||||
containerSecurityContext: null
|
||||
sentinel:
|
||||
bind: "0.0.0.0"
|
||||
|
||||
@@ -35,19 +35,14 @@ spec:
|
||||
description: Application is a definition of Application resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -145,21 +140,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version (Helm)
|
||||
which to sync the application to If omitted, will use the revision
|
||||
specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or chart
|
||||
version (Helm) which to sync each source in sources field for
|
||||
the application to If omitted, will use the revision specified
|
||||
in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must be specified
|
||||
@@ -480,18 +476,18 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be
|
||||
commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required information
|
||||
about the source of an application
|
||||
@@ -819,10 +815,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -841,10 +838,10 @@ spec:
|
||||
the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -852,10 +849,10 @@ spec:
|
||||
perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -876,9 +873,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -907,9 +904,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted managers.
|
||||
Fields mutated by those managers will take precedence over
|
||||
the desired state defined in the SCM and won't be displayed
|
||||
in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -936,17 +934,18 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
project:
|
||||
description: |-
|
||||
Project is a reference to the project this application belongs to.
|
||||
The empty string means that application belongs to the 'default' project.
|
||||
description: Project is a reference to the project this application
|
||||
belongs to. The empty string means that application belongs to the
|
||||
'default' project.
|
||||
type: string
|
||||
revisionHistoryLimit:
|
||||
description: |-
|
||||
RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
|
||||
This should only be changed in exceptional circumstances.
|
||||
Setting to zero will store no history. This will reduce storage used.
|
||||
Increasing will increase the space used to store the history, so we do not recommend increasing it.
|
||||
Default is 10.
|
||||
description: RevisionHistoryLimit limits the number of items kept
|
||||
in the application's revision history, which is used for informational
|
||||
purposes as well as for rollbacks to previous versions. This should
|
||||
only be changed in exceptional circumstances. Setting to zero will
|
||||
store no history. This will reduce storage used. Increasing will
|
||||
increase the space used to store the history, so we do not recommend
|
||||
increasing it. Default is 10.
|
||||
format: int64
|
||||
type: integer
|
||||
source:
|
||||
@@ -1265,10 +1264,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -1597,10 +1596,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of
|
||||
Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2093,10 +2092,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2438,10 +2438,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2453,9 +2454,9 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
observedAt:
|
||||
description: |-
|
||||
ObservedAt indicates when the application state was updated without querying latest git state
|
||||
Deprecated: controller no longer updates ObservedAt field
|
||||
description: 'ObservedAt indicates when the application state was
|
||||
updated without querying latest git state Deprecated: controller
|
||||
no longer updates ObservedAt field'
|
||||
format: date-time
|
||||
type: string
|
||||
operationState:
|
||||
@@ -2568,21 +2569,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version
|
||||
(Helm) which to sync the application to If omitted,
|
||||
will use the revision specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or
|
||||
chart version (Helm) which to sync each source in sources
|
||||
field for the application to If omitted, will use the
|
||||
revision specified in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must
|
||||
@@ -2925,18 +2927,19 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required
|
||||
information about the source of an application
|
||||
@@ -3287,10 +3290,11 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision
|
||||
of the source to sync the application to. In case
|
||||
of Git, this can be commit, tag, or branch. If
|
||||
omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -3311,10 +3315,11 @@ spec:
|
||||
to perform the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -3322,10 +3327,11 @@ spec:
|
||||
to perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -3369,9 +3375,9 @@ spec:
|
||||
description: Group specifies the API group of the resource
|
||||
type: string
|
||||
hookPhase:
|
||||
description: |-
|
||||
HookPhase contains the state of any operation associated with this resource OR hook
|
||||
This can also contain values for non-hook resources.
|
||||
description: HookPhase contains the state of any operation
|
||||
associated with this resource OR hook This can also
|
||||
contain values for non-hook resources.
|
||||
type: string
|
||||
hookType:
|
||||
description: HookType specifies the type of the hook.
|
||||
@@ -3756,10 +3762,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4110,10 +4117,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4140,9 +4148,8 @@ spec:
|
||||
description: Resources is a list of Kubernetes resources managed by
|
||||
this application
|
||||
items:
|
||||
description: |-
|
||||
ResourceStatus holds the current sync and health status of a resource
|
||||
TODO: describe members of this type
|
||||
description: 'ResourceStatus holds the current sync and health status
|
||||
of a resource TODO: describe members of this type'
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -4225,9 +4232,10 @@ spec:
|
||||
if Server is not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace
|
||||
for the application's resources. The namespace will
|
||||
only be set for namespace-scoped resources that have
|
||||
not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -4256,9 +4264,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted
|
||||
managers. Fields mutated by those managers will take
|
||||
precedence over the desired state defined in the SCM
|
||||
and won't be displayed in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -4604,10 +4613,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4958,10 +4968,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -5058,7 +5069,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -5655,7 +5665,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -7418,7 +7427,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -8015,7 +8023,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -11881,7 +11888,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
template:
|
||||
@@ -12478,7 +12484,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -13075,7 +13080,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -16941,7 +16945,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
mergeKeys:
|
||||
@@ -19642,7 +19645,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
goTemplate:
|
||||
@@ -20329,37 +20331,6 @@ spec:
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
resources:
|
||||
items:
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
health:
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
status:
|
||||
type: string
|
||||
type: object
|
||||
hook:
|
||||
type: boolean
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
requiresPruning:
|
||||
type: boolean
|
||||
status:
|
||||
type: string
|
||||
syncWave:
|
||||
format: int64
|
||||
type: integer
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
@@ -20392,28 +20363,22 @@ spec:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
AppProject provides a logical grouping of applications, providing controls for:
|
||||
* where the apps may deploy to (cluster whitelist)
|
||||
* what may be deployed (repository whitelist, resource whitelist/blacklist)
|
||||
* who can access these applications (roles, OIDC group claims bindings)
|
||||
* and what they can do (RBAC policies)
|
||||
* automation access to these roles (JWT tokens)
|
||||
description: 'AppProject provides a logical grouping of applications, providing
|
||||
controls for: * where the apps may deploy to (cluster whitelist) * what
|
||||
may be deployed (repository whitelist, resource whitelist/blacklist) * who
|
||||
can access these applications (roles, OIDC group claims bindings) * and
|
||||
what they can do (RBAC policies) * automation access to these roles (JWT
|
||||
tokens)'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -20424,9 +20389,9 @@ spec:
|
||||
description: ClusterResourceBlacklist contains list of blacklisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20441,9 +20406,9 @@ spec:
|
||||
description: ClusterResourceWhitelist contains list of whitelisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20470,9 +20435,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -20485,9 +20450,9 @@ spec:
|
||||
description: NamespaceResourceBlacklist contains list of blacklisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20502,9 +20467,9 @@ spec:
|
||||
description: NamespaceResourceWhitelist contains list of whitelisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -22582,7 +22547,7 @@ spec:
|
||||
key: applicationsetcontroller.enable.scm.providers
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -22705,7 +22670,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -22787,7 +22752,7 @@ spec:
|
||||
key: notificationscontroller.selfservice.enabled
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -23142,19 +23107,13 @@ spec:
|
||||
key: reposerver.git.request.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_GRPC_MAX_SIZE_MB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.grpc.max.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -23206,7 +23165,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -23525,7 +23484,7 @@ spec:
|
||||
key: server.api.content.types
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -23819,7 +23778,7 @@ spec:
|
||||
key: controller.ignore.normalizer.jq.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -23896,7 +23855,7 @@ spec:
|
||||
- /data/conf/redis.conf
|
||||
command:
|
||||
- redis-server
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
@@ -23950,7 +23909,7 @@ spec:
|
||||
- /data/conf/sentinel.conf
|
||||
command:
|
||||
- redis-sentinel
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle: {}
|
||||
livenessProbe:
|
||||
@@ -24003,7 +23962,7 @@ spec:
|
||||
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
|
||||
- name: SENTINEL_ID_2
|
||||
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: split-brain-fix
|
||||
resources: {}
|
||||
@@ -24033,7 +23992,7 @@ spec:
|
||||
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
|
||||
- name: SENTINEL_ID_2
|
||||
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: config-init
|
||||
securityContext:
|
||||
|
||||
@@ -1668,7 +1668,7 @@ spec:
|
||||
key: applicationsetcontroller.enable.scm.providers
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -1791,7 +1791,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -1873,7 +1873,7 @@ spec:
|
||||
key: notificationscontroller.selfservice.enabled
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -2228,19 +2228,13 @@ spec:
|
||||
key: reposerver.git.request.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_GRPC_MAX_SIZE_MB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.grpc.max.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -2292,7 +2286,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -2611,7 +2605,7 @@ spec:
|
||||
key: server.api.content.types
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -2905,7 +2899,7 @@ spec:
|
||||
key: controller.ignore.normalizer.jq.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -2982,7 +2976,7 @@ spec:
|
||||
- /data/conf/redis.conf
|
||||
command:
|
||||
- redis-server
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
@@ -3036,7 +3030,7 @@ spec:
|
||||
- /data/conf/sentinel.conf
|
||||
command:
|
||||
- redis-sentinel
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle: {}
|
||||
livenessProbe:
|
||||
@@ -3089,7 +3083,7 @@ spec:
|
||||
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
|
||||
- name: SENTINEL_ID_2
|
||||
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: split-brain-fix
|
||||
resources: {}
|
||||
@@ -3119,7 +3113,7 @@ spec:
|
||||
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
|
||||
- name: SENTINEL_ID_2
|
||||
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: config-init
|
||||
securityContext:
|
||||
|
||||
@@ -35,19 +35,14 @@ spec:
|
||||
description: Application is a definition of Application resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -145,21 +140,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version (Helm)
|
||||
which to sync the application to If omitted, will use the revision
|
||||
specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or chart
|
||||
version (Helm) which to sync each source in sources field for
|
||||
the application to If omitted, will use the revision specified
|
||||
in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must be specified
|
||||
@@ -480,18 +476,18 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be
|
||||
commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set in the
|
||||
application. This is typically set in a Rollback operation and
|
||||
is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required information
|
||||
about the source of an application
|
||||
@@ -819,10 +815,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -841,10 +838,10 @@ spec:
|
||||
the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -852,10 +849,10 @@ spec:
|
||||
perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to supply
|
||||
the --force flag to `kubectl apply`. The --force flag
|
||||
deletes and re-create the resource, when PATCH encounters
|
||||
conflict and has retried for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -876,9 +873,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -907,9 +904,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted managers.
|
||||
Fields mutated by those managers will take precedence over
|
||||
the desired state defined in the SCM and won't be displayed
|
||||
in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -936,17 +934,18 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
project:
|
||||
description: |-
|
||||
Project is a reference to the project this application belongs to.
|
||||
The empty string means that application belongs to the 'default' project.
|
||||
description: Project is a reference to the project this application
|
||||
belongs to. The empty string means that application belongs to the
|
||||
'default' project.
|
||||
type: string
|
||||
revisionHistoryLimit:
|
||||
description: |-
|
||||
RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
|
||||
This should only be changed in exceptional circumstances.
|
||||
Setting to zero will store no history. This will reduce storage used.
|
||||
Increasing will increase the space used to store the history, so we do not recommend increasing it.
|
||||
Default is 10.
|
||||
description: RevisionHistoryLimit limits the number of items kept
|
||||
in the application's revision history, which is used for informational
|
||||
purposes as well as for rollbacks to previous versions. This should
|
||||
only be changed in exceptional circumstances. Setting to zero will
|
||||
store no history. This will reduce storage used. Increasing will
|
||||
increase the space used to store the history, so we do not recommend
|
||||
increasing it. Default is 10.
|
||||
format: int64
|
||||
type: integer
|
||||
source:
|
||||
@@ -1265,10 +1264,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -1597,10 +1596,10 @@ spec:
|
||||
that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the source
|
||||
to sync the application to. In case of Git, this can be commit,
|
||||
tag, or branch. If omitted, will equal to HEAD. In case of
|
||||
Helm, this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2093,10 +2092,11 @@ spec:
|
||||
Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2438,10 +2438,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -2453,9 +2454,9 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
observedAt:
|
||||
description: |-
|
||||
ObservedAt indicates when the application state was updated without querying latest git state
|
||||
Deprecated: controller no longer updates ObservedAt field
|
||||
description: 'ObservedAt indicates when the application state was
|
||||
updated without querying latest git state Deprecated: controller
|
||||
no longer updates ObservedAt field'
|
||||
format: date-time
|
||||
type: string
|
||||
operationState:
|
||||
@@ -2568,21 +2569,22 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
revision:
|
||||
description: |-
|
||||
Revision is the revision (Git) or chart version (Helm) which to sync the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revision is the revision (Git) or chart version
|
||||
(Helm) which to sync the application to If omitted,
|
||||
will use the revision specified in app spec.
|
||||
type: string
|
||||
revisions:
|
||||
description: |-
|
||||
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
|
||||
If omitted, will use the revision specified in app spec.
|
||||
description: Revisions is the list of revision (Git) or
|
||||
chart version (Helm) which to sync each source in sources
|
||||
field for the application to If omitted, will use the
|
||||
revision specified in app spec.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
source:
|
||||
description: |-
|
||||
Source overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Source overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
properties:
|
||||
chart:
|
||||
description: Chart is a Helm chart name, and must
|
||||
@@ -2925,18 +2927,19 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
type: object
|
||||
sources:
|
||||
description: |-
|
||||
Sources overrides the source definition set in the application.
|
||||
This is typically set in a Rollback operation and is nil during a Sync operation
|
||||
description: Sources overrides the source definition set
|
||||
in the application. This is typically set in a Rollback
|
||||
operation and is nil during a Sync operation
|
||||
items:
|
||||
description: ApplicationSource contains all required
|
||||
information about the source of an application
|
||||
@@ -3287,10 +3290,11 @@ spec:
|
||||
(Git or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision
|
||||
of the source to sync the application to. In case
|
||||
of Git, this can be commit, tag, or branch. If
|
||||
omitted, will equal to HEAD. In case of Helm,
|
||||
this is a semver tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -3311,10 +3315,11 @@ spec:
|
||||
to perform the sync.
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
hook:
|
||||
@@ -3322,10 +3327,11 @@ spec:
|
||||
to perform the sync. This is the default strategy
|
||||
properties:
|
||||
force:
|
||||
description: |-
|
||||
Force indicates whether or not to supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
|
||||
retried for 5 times.
|
||||
description: Force indicates whether or not to
|
||||
supply the --force flag to `kubectl apply`.
|
||||
The --force flag deletes and re-create the resource,
|
||||
when PATCH encounters conflict and has retried
|
||||
for 5 times.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
@@ -3369,9 +3375,9 @@ spec:
|
||||
description: Group specifies the API group of the resource
|
||||
type: string
|
||||
hookPhase:
|
||||
description: |-
|
||||
HookPhase contains the state of any operation associated with this resource OR hook
|
||||
This can also contain values for non-hook resources.
|
||||
description: HookPhase contains the state of any operation
|
||||
associated with this resource OR hook This can also
|
||||
contain values for non-hook resources.
|
||||
type: string
|
||||
hookType:
|
||||
description: HookType specifies the type of the hook.
|
||||
@@ -3756,10 +3762,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4110,10 +4117,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4140,9 +4148,8 @@ spec:
|
||||
description: Resources is a list of Kubernetes resources managed by
|
||||
this application
|
||||
items:
|
||||
description: |-
|
||||
ResourceStatus holds the current sync and health status of a resource
|
||||
TODO: describe members of this type
|
||||
description: 'ResourceStatus holds the current sync and health status
|
||||
of a resource TODO: describe members of this type'
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -4225,9 +4232,10 @@ spec:
|
||||
if Server is not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace
|
||||
for the application's resources. The namespace will
|
||||
only be set for namespace-scoped resources that have
|
||||
not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -4256,9 +4264,10 @@ spec:
|
||||
kind:
|
||||
type: string
|
||||
managedFieldsManagers:
|
||||
description: |-
|
||||
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
|
||||
desired state defined in the SCM and won't be displayed in diffs
|
||||
description: ManagedFieldsManagers is a list of trusted
|
||||
managers. Fields mutated by those managers will take
|
||||
precedence over the desired state defined in the SCM
|
||||
and won't be displayed in diffs
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -4604,10 +4613,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of the
|
||||
source to sync the application to. In case of Git, this
|
||||
can be commit, tag, or branch. If omitted, will equal
|
||||
to HEAD. In case of Helm, this is a semver tag for the
|
||||
Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -4958,10 +4968,11 @@ spec:
|
||||
or Helm) that contains the application manifests
|
||||
type: string
|
||||
targetRevision:
|
||||
description: |-
|
||||
TargetRevision defines the revision of the source to sync the application to.
|
||||
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
|
||||
In case of Helm, this is a semver tag for the Chart's version.
|
||||
description: TargetRevision defines the revision of
|
||||
the source to sync the application to. In case of
|
||||
Git, this can be commit, tag, or branch. If omitted,
|
||||
will equal to HEAD. In case of Helm, this is a semver
|
||||
tag for the Chart's version.
|
||||
type: string
|
||||
required:
|
||||
- repoURL
|
||||
@@ -5058,7 +5069,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -5655,7 +5665,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -7418,7 +7427,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -8015,7 +8023,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -11881,7 +11888,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
template:
|
||||
@@ -12478,7 +12484,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
name:
|
||||
type: string
|
||||
requeueAfterSeconds:
|
||||
@@ -13075,7 +13080,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
template:
|
||||
properties:
|
||||
metadata:
|
||||
@@ -16941,7 +16945,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
mergeKeys:
|
||||
@@ -19642,7 +19645,6 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
type: array
|
||||
goTemplate:
|
||||
@@ -20329,37 +20331,6 @@ spec:
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
resources:
|
||||
items:
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
health:
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
status:
|
||||
type: string
|
||||
type: object
|
||||
hook:
|
||||
type: boolean
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
requiresPruning:
|
||||
type: boolean
|
||||
status:
|
||||
type: string
|
||||
syncWave:
|
||||
format: int64
|
||||
type: integer
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
@@ -20392,28 +20363,22 @@ spec:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
AppProject provides a logical grouping of applications, providing controls for:
|
||||
* where the apps may deploy to (cluster whitelist)
|
||||
* what may be deployed (repository whitelist, resource whitelist/blacklist)
|
||||
* who can access these applications (roles, OIDC group claims bindings)
|
||||
* and what they can do (RBAC policies)
|
||||
* automation access to these roles (JWT tokens)
|
||||
description: 'AppProject provides a logical grouping of applications, providing
|
||||
controls for: * where the apps may deploy to (cluster whitelist) * what
|
||||
may be deployed (repository whitelist, resource whitelist/blacklist) * who
|
||||
can access these applications (roles, OIDC group claims bindings) * and
|
||||
what they can do (RBAC policies) * automation access to these roles (JWT
|
||||
tokens)'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -20424,9 +20389,9 @@ spec:
|
||||
description: ClusterResourceBlacklist contains list of blacklisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20441,9 +20406,9 @@ spec:
|
||||
description: ClusterResourceWhitelist contains list of whitelisted
|
||||
cluster level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20470,9 +20435,9 @@ spec:
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace specifies the target namespace for the application's resources.
|
||||
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
description: Namespace specifies the target namespace for the
|
||||
application's resources. The namespace will only be set for
|
||||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster's
|
||||
@@ -20485,9 +20450,9 @@ spec:
|
||||
description: NamespaceResourceBlacklist contains list of blacklisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -20502,9 +20467,9 @@ spec:
|
||||
description: NamespaceResourceWhitelist contains list of whitelisted
|
||||
namespace level resources
|
||||
items:
|
||||
description: |-
|
||||
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
|
||||
concepts during lookup stages without having partially valid types
|
||||
description: GroupKind specifies a Group and a Kind, but does not
|
||||
force a version. This is useful for identifying concepts during
|
||||
lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
@@ -21677,7 +21642,7 @@ spec:
|
||||
key: applicationsetcontroller.enable.scm.providers
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -21800,7 +21765,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -21882,7 +21847,7 @@ spec:
|
||||
key: notificationscontroller.selfservice.enabled
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -21959,7 +21924,7 @@ spec:
|
||||
- ""
|
||||
- --appendonly
|
||||
- "no"
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: Always
|
||||
name: redis
|
||||
ports:
|
||||
@@ -22188,19 +22153,13 @@ spec:
|
||||
key: reposerver.git.request.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_GRPC_MAX_SIZE_MB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.grpc.max.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -22252,7 +22211,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -22569,7 +22528,7 @@ spec:
|
||||
key: server.api.content.types
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -22863,7 +22822,7 @@ spec:
|
||||
key: controller.ignore.normalizer.jq.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
|
||||
@@ -763,7 +763,7 @@ spec:
|
||||
key: applicationsetcontroller.enable.scm.providers
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -886,7 +886,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -968,7 +968,7 @@ spec:
|
||||
key: notificationscontroller.selfservice.enabled
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -1045,7 +1045,7 @@ spec:
|
||||
- ""
|
||||
- --appendonly
|
||||
- "no"
|
||||
image: redis:7.0.15-alpine
|
||||
image: redis:7.0.14-alpine
|
||||
imagePullPolicy: Always
|
||||
name: redis
|
||||
ports:
|
||||
@@ -1274,19 +1274,13 @@ spec:
|
||||
key: reposerver.git.request.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_GRPC_MAX_SIZE_MB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.grpc.max.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: HELM_CACHE_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_CONFIG_HOME
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -1338,7 +1332,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -1655,7 +1649,7 @@ spec:
|
||||
key: server.api.content.types
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -1949,7 +1943,7 @@ spec:
|
||||
key: controller.ignore.normalizer.jq.timeout
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:latest
|
||||
image: quay.io/argoproj/argocd:v2.11.0-rc2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user