Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 2304972: [release-4.17] CVE-2023-26136 odf-multicluster-console-container: tough-cookie: prototype pollution in cookie memstore #1531

Conversation

openshift-cherrypick-robot

This is an automated cherry-pick of #1515

/assign SanjalKatiyar

…otype pollution in cookie memstore

Signed-off-by: Gowtham Shanmugasundaram <[email protected]>
@GowthamShanmugam
Copy link
Contributor

/retitle Bug 2304972: [release-4.17] CVE-2023-26136 odf-multicluster-console-container: tough-cookie: prototype pollution in cookie memstore

@openshift-ci openshift-ci bot changed the title [release-4.17] CVE-2023-26136 odf-multicluster-console-container: tough-cookie: prototype pollution in cookie memstore Bug 2304972: [release-4.17] CVE-2023-26136 odf-multicluster-console-container: tough-cookie: prototype pollution in cookie memstore Aug 14, 2024
Copy link
Contributor

openshift-ci bot commented Aug 14, 2024

@openshift-cherrypick-robot: This pull request references Bugzilla bug 2304972, which is invalid:

  • expected the bug to target the "ODF 4.17.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2304972: [release-4.17] CVE-2023-26136 odf-multicluster-console-container: tough-cookie: prototype pollution in cookie memstore

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@GowthamShanmugam
Copy link
Contributor

/bugzilla refresh

Copy link
Contributor

openshift-ci bot commented Aug 16, 2024

@GowthamShanmugam: This pull request references Bugzilla bug 2304972, which is invalid:

  • expected the bug to target the "ODF 4.17.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@GowthamShanmugam
Copy link
Contributor

/bugzilla refresh

Copy link
Contributor

openshift-ci bot commented Aug 16, 2024

@GowthamShanmugam: This pull request references Bugzilla bug 2304972, which is invalid:

  • expected the bug to target the "ODF 4.17.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@GowthamShanmugam
Copy link
Contributor

/bugzilla refresh

Copy link
Contributor

openshift-ci bot commented Aug 16, 2024

@GowthamShanmugam: This pull request references Bugzilla bug 2304972, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (ODF 4.17.0) matches configured target release for branch (ODF 4.17.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @PrasadDesala

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Copy link
Contributor

openshift-ci bot commented Aug 16, 2024

@openshift-ci[bot]: GitHub didn't allow me to request PR reviews from the following users: PrasadDesala.

Note that only red-hat-storage members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

@GowthamShanmugam: This pull request references Bugzilla bug 2304972, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (ODF 4.17.0) matches configured target release for branch (ODF 4.17.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @PrasadDesala

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bipuladh
Copy link
Contributor

/approve
/lgtm

Copy link
Contributor

openshift-ci bot commented Aug 19, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bipuladh, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 3512d7e into red-hat-storage:release-4.17 Aug 19, 2024
3 checks passed
Copy link
Contributor

openshift-ci bot commented Aug 19, 2024

@openshift-cherrypick-robot: An error was encountered updating to the MODIFIED state for bug 2304972 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details.

Full error message. code 31113: Red Hat Bugzilla's database reported a query serialization error. Most likely this occurred because another user or process attempted to change the same data that you were attempting to change. Please press Back and retry the transaction.
 UPDATE bugs SET bug_status = ? WHERE bug_id = ? at /var/www/html/bugzilla/Bugzilla/Object.pm line 544. 

Please contact an administrator to resolve this issue, then request a bug refresh with /bugzilla refresh.

In response to this:

Bug 2304972: [release-4.17] CVE-2023-26136 odf-multicluster-console-container: tough-cookie: prototype pollution in cookie memstore

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants