StarlingX

  1. Bug #2051391
  2. Activity log

Activity log for bug #2051391

Date Who What changed Old value New value Message
2024-01-26 19:30:04 Ghada Khalil bug added bug
2024-01-26 19:30:10 Ghada Khalil starlingx: importance Undecided Medium
2024-01-26 19:32:57 Ghada Khalil description Brief Description ----------------- The following images related to ptp-notification are old and have CVEs: - docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023 - docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022 - docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use Severity -------- Major - CVE / vulnerability issues Steps to Reproduce ------------------ CVE scan using 3rd party tool Expected Behavior ------------------ Write down what was expected after taking the steps written above Actual Behavior ---------------- Many CVEs are reported Reproducibility --------------- Reproducible System Configuration -------------------- Any Branch/Pull Time/Commit ----------------------- The above images are used in all recent stx main branch builds Last Pass --------- N/A Timestamp/Logs -------------- Not Required Test Activity ------------- CVE scan Workaround ---------- None Brief Description ----------------- The following images related to ptp-notification are old and have CVEs: - docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023 - docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022 - docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use They should be updated/rebuilt to pick up CVE fixes Severity -------- Major - CVE / vulnerability issues Steps to Reproduce ------------------ CVE scan using 3rd party tool Expected Behavior ------------------ Write down what was expected after taking the steps written above Actual Behavior ---------------- Many CVEs are reported Reproducibility --------------- Reproducible System Configuration -------------------- Any Branch/Pull Time/Commit ----------------------- The above images are used in all recent stx main branch builds Last Pass --------- N/A Timestamp/Logs -------------- Not Required Test Activity ------------- CVE scan Workaround ---------- None
2024-01-26 19:33:54 Ghada Khalil starlingx: assignee Andre Mauricio Zelak (azelak)
2024-01-29 16:49:41 OpenStack Infra starlingx: status New In Progress
2024-01-30 00:57:29 Ghada Khalil tags stx.9.0 stx.networking stx.security
2024-01-30 01:02:27 Ghada Khalil description Brief Description ----------------- The following images related to ptp-notification are old and have CVEs: - docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023 - docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022 - docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use They should be updated/rebuilt to pick up CVE fixes Severity -------- Major - CVE / vulnerability issues Steps to Reproduce ------------------ CVE scan using 3rd party tool Expected Behavior ------------------ Write down what was expected after taking the steps written above Actual Behavior ---------------- Many CVEs are reported Reproducibility --------------- Reproducible System Configuration -------------------- Any Branch/Pull Time/Commit ----------------------- The above images are used in all recent stx main branch builds Last Pass --------- N/A Timestamp/Logs -------------- Not Required Test Activity ------------- CVE scan Workaround ---------- None Brief Description ----------------- The following images related to ptp-notification are old and have CVEs: - docker.io/starlingx/notificationclient-base:stx.9.0-v2.1.1 >> last built in March 2023 - docker.io/starlingx/locationservice-base:stx.8.0-v2.0.0 >> last built in Dec 2022 - docker.io/rabbitmq:3.8.11-management >> obsolete and no longer recommended for use They should be updated/rebuilt to pick up CVE fixes Severity -------- Major - CVE / vulnerability issues Steps to Reproduce ------------------ CVE scan using 3rd party tool Expected Behavior ------------------ No/limited CVEs are reported Actual Behavior ---------------- Many CVEs are reported Reproducibility --------------- Reproducible System Configuration -------------------- Any Branch/Pull Time/Commit ----------------------- The above images are used in all recent stx main branch builds Last Pass --------- N/A Timestamp/Logs -------------- Not Required Test Activity ------------- CVE scan Workaround ---------- None
2024-03-11 13:32:42 OpenStack Infra starlingx: status In Progress Fix Released
2024-03-26 12:11:58 Ghada Khalil tags stx.9.0 stx.networking stx.security stx.9.0 stx.apps stx.networking stx.security