SECURITY: nginx-ingress needs to be updated to 0.26.1
Bug #1846556 reported by
Jay Kuri
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kubernetes Worker Charm |
Fix Released
|
Undecided
|
Kevin W Monroe | ||
Bug Description
nginx versions prior to 1.16 contain a number of security vulnerabilities. The version of nginx that is used in the current nginx-ingress controller for charmed k8s 1.15 and 1.16 uses a vulnerable version (nginx 1.15.x)
We are using nginx-ingress-
This has been addressed in the most recent version, 0.26.1
We should update to use the version of nginx-ingress-
Crossreference:
https:/
https:/
and
https:/
Revision history for this message
| Mike Wilson (knobby) wrote | #1 |
Revision history for this message
| Kevin W Monroe (kwmonroe) wrote | #2 |
| Changed in charm-kubernetes-worker: | |
| assignee: | nobody → Kevin W Monroe (kwmonroe) |
| status: | New → Triaged |
| Changed in charm-kubernetes-worker: | |
| milestone: | none → 1.17 |
Revision history for this message
| Kevin W Monroe (kwmonroe) wrote | #3 |
| Changed in charm-kubernetes-worker: | |
| status: | Triaged → Fix Committed |
| Changed in charm-kubernetes-worker: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
I'm not trying to derail this bug as we do need to upgrade to 0.26.1, but I'm curious about the claim to running 0.22. I see 0.25.1 in our charms for x86. Are you using a different architecture or charm revision?