Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update oauth2-proxy image to quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 #21876

Closed
framar89 opened this issue Dec 12, 2022 · 2 comments
Closed

Update oauth2-proxy image to quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 #21876

framar89 opened this issue Dec 12, 2022 · 2 comments
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.58

Comments

@framar89
Copy link

Summary

Currently the default image version used for oauth2-proxy is quay.io/oauth2-proxy/oauth2-proxy:v7.2.0 which has a critical vulnerability as shown in https://quay.io/repository/oauth2-proxy/oauth2-proxy?tab=tags

In quay.io there is also version 7.4.0 which is the latest version released and has no vulnerabilities (https://quay.io/repository/oauth2-proxy/oauth2-proxy?tab=tags).

There are no breaking changes from 7.2 and 7.4 (https://github.com/oauth2-proxy/oauth2-proxy/releases), I also tested it and it worked the same as v7.2.0.

Oauth-proxy is an important component for Eclipse-Che because it handles the authentication, so can it be updated?

Thanks

Relevant information

No response
@framar89 framar89 added the kind/question Questions that haven't been identified as being feature requests or bugs. label Dec 12, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Dec 12, 2022
@ibuziuk ibuziuk added severity/P1 Has a major impact to usage or development of the system. kind/task Internal things, technical debt, and to-do tasks to be performed. area/install Issues related to installation, including offline/air gap and initial setup and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. kind/question Questions that haven't been identified as being feature requests or bugs. labels Dec 12, 2022
@ibuziuk
Copy link
Member

ibuziuk commented Dec 12, 2022

@tolusha could you please take a look?

@tolusha tolusha mentioned this issue Dec 13, 2022
Closed
82 tasks
@tolusha tolusha closed this as completed Dec 21, 2022
@tolusha tolusha added this to the 7.58 milestone Dec 21, 2022
@tolusha
Copy link
Contributor

tolusha commented Dec 21, 2022

Already updated to v7.4.0
https://github.com/eclipse-che/che-operator/blob/8ef15f948908e1e11b3ba1ba020c836fbf7d894d/config/manager/manager.yaml#L86-L87

@tolusha tolusha changed the title Update Oauth2-proxy to 7.4.0 version Update oauth2-proxy image to quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 Dec 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.58
Development

No branches or pull requests
4 participants
@ibuziuk @tolusha @che-bot @framar89