fix: CVE-2022-3172 by JorTurFer · Pull Request #3693 · kedacore/keda

JorTurFer · 2022-09-26T19:51:25Z

Signed-off-by: Jorge Turrado jorge_turrado@hotmail.es

This PR bumps k8s deps to 0.24.5 and adds a replacement for ensuring k8s.io/apimachinery uses a fixed version

Checklist

Commits are signed with Developer Certificate of Origin (DCO - learn more)

Fixes #3690

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>

JorTurFer · 2022-09-26T19:51:45Z

/run-e2e internal*
Update: You can check the progress here

Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com>

Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com>

* fix: CVE-2022-3172 (#3693) Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * fix: Respect optional parameter inside envs for ScaledJobs (#3694) Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * fix(prometheus scaler): Detect Inf before casting float to int (#3762) * fix(prometheus scaler): Detect Inf before casting float to int Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Improve the log message Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * fix(nats-jetstream): correctly count messages that should be redelivered (waiting for ack) towards keda value (#3809) * fix: keda now include the messages that should be retried in the count of pending messages used for scaling Signed-off-by: Antoine Laffargue <antoine.laffargue@gmail.com> * chore: update changelog Signed-off-by: Antoine Laffargue <antoine.laffargue@gmail.com> Signed-off-by: Antoine Laffargue <antoine.laffargue@gmail.com> Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> * NewRelic scaler crashes on logging (#3946) Signed-off-by: Laszlo Kishalmi <laszlo.kishalmi@partech.com> Signed-off-by: Laszlo Kishalmi <laszlo.kishalmi@partech.com> Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * Fix stackdriver client returning 0 for metric types of double (#3788) * Update stackdriver client to handle metrics of value type double Signed-off-by: Eric Takemoto <24865872+octothorped@users.noreply.github.com> * move change log note to below general Signed-off-by: Eric Takemoto <24865872+octothorped@users.noreply.github.com> * parse activation value as float64 Signed-off-by: Eric Takemoto <24865872+octothorped@users.noreply.github.com> * change target value to float64 for GCP pub/sub and stackdriver Signed-off-by: Eric Takemoto <24865872+octothorped@users.noreply.github.com> Signed-off-by: Eric Takemoto <24865872+octothorped@users.noreply.github.com> Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * Fixing conflicts after cherry-pick Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> * fix: Close is called twice on PushScaler's deletion (#3599) Signed-off-by: ytz <1020560484@qq.com> Signed-off-by: taenyang <1020560484@qq.com> Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> * fix/datadog-scaler-null-last-point (#3954) Signed-off-by: Tony Lee <dogzzdogzz@gmail.com> Signed-off-by: Tony Lee <tony.lee@shopback.com> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Tony Lee <tony.lee@shopback.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> * fix(mongodb): escape username and password (#3989) Fixes #3992 Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * Hacking generated files to version CI expects Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> * Updating aws-sdk and golang packages to fix CVEs Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * Updating golang/text package to fix CVE Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> * Using same version of aws sdk as in main Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Antoine Laffargue <antoine.laffargue@gmail.com> Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com> Signed-off-by: Laszlo Kishalmi <laszlo.kishalmi@partech.com> Signed-off-by: Eric Takemoto <24865872+octothorped@users.noreply.github.com> Signed-off-by: ytz <1020560484@qq.com> Signed-off-by: taenyang <1020560484@qq.com> Signed-off-by: Tony Lee <dogzzdogzz@gmail.com> Signed-off-by: Tony Lee <tony.lee@shopback.com> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Antoine LAFFARGUE <antoine.laffargue@gmail.com> Co-authored-by: Laszlo Kishalmi <laszlo.kishalmi@gmail.com> Co-authored-by: Eric Takemoto <eric.takemoto@gocrisp.com> Co-authored-by: taenyang <1020560484@qq.com> Co-authored-by: Tony Lee <dogzzdogzz@gmail.com> Co-authored-by: Tony Lee <tony.lee@shopback.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>

fix: CVE-2022-3172

b7f75cd

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>

JorTurFer requested a review from a team as a code owner September 26, 2022 19:51

tomkerkhove approved these changes Sep 27, 2022

View reviewed changes

tomkerkhove merged commit 4c19b38 into kedacore:main Sep 27, 2022

JorTurFer deleted the fix-CVE-2022-3172 branch September 27, 2022 06:22

JorTurFer mentioned this pull request Jan 17, 2023

Release v2.8.2 #4132

Closed

1 task

pedro-stanaka pushed a commit to pedro-stanaka/keda that referenced this pull request Jan 18, 2023

fix: CVE-2022-3172 (kedacore#3693)

bcc1641

pedro-stanaka mentioned this pull request Jan 18, 2023

Backport fixes to release 2.8 #4135

Merged

7 tasks

pedro-stanaka pushed a commit to pedro-stanaka/keda that referenced this pull request Jan 18, 2023

fix: CVE-2022-3172 (kedacore#3693)

fdf1a68

Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com>

pedro-stanaka pushed a commit to pedro-stanaka/keda that referenced this pull request Jan 19, 2023

fix: CVE-2022-3172 (kedacore#3693)

b8914b8

Signed-off-by: Pedro Tanaka <pedro.stanaka@gmail.com>

pedro-stanaka pushed a commit to pedro-stanaka/keda that referenced this pull request Jan 19, 2023

fix: CVE-2022-3172 (kedacore#3693)

2e0e2fc

Signed-off-by: Pedro Tanaka <pedro.tanaka@shopify.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: CVE-2022-3172#3693

fix: CVE-2022-3172#3693
tomkerkhove merged 1 commit into
kedacore:mainfrom
JorTurFer:fix-CVE-2022-3172

JorTurFer commented Sep 26, 2022

Uh oh!

JorTurFer commented Sep 26, 2022 •

edited by github-actions Bot

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

JorTurFer commented Sep 26, 2022

Checklist

Uh oh!

JorTurFer commented Sep 26, 2022 • edited by github-actions Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

JorTurFer commented Sep 26, 2022 •

edited by github-actions Bot

Loading