Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update module k8s.io/kubernetes to v1.27.13 [security] #187

Closed

Conversation

renovate-rancher[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
k8s.io/kubernetes replace minor v1.24.16 -> v1.27.13

GitHub Vulnerability Alerts

CVE-2021-25743

kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

CVE-2023-3955

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

CVE-2023-3676

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.


Release Notes

kubernetes/kubernetes (k8s.io/kubernetes)

v1.27.13: Kubernetes v1.27.13

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.12: Kubernetes v1.27.12

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.11: Kubernetes v1.27.11

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.10: Kubernetes v1.27.10

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.9: Kubernetes v1.27.9

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.8: Kubernetes v1.27.8

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.7: Kubernetes v1.27.7

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.6: Kubernetes v1.27.6

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.5: Kubernetes v1.27.5

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.4: Kubernetes v1.27.4

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.3: Kubernetes v1.27.3

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.2: Kubernetes v1.27.2

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.1: Kubernetes v1.27.1

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.27.0: Kubernetes v1.27.0

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.15: Kubernetes v1.26.15

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.14: Kubernetes v1.26.14

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.13: Kubernetes v1.26.13

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.12: Kubernetes v1.26.12

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.11: Kubernetes v1.26.11

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.10: Kubernetes v1.26.10

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.9: Kubernetes v1.26.9

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.8: Kubernetes v1.26.8

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.7: Kubernetes v1.26.7

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.6: Kubernetes v1.26.6

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.5: Kubernetes v1.26.5

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.4: Kubernetes v1.26.4

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.3: Kubernetes v1.26.3

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.2: Kubernetes v1.26.2

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.1: Kubernetes v1.26.1

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.26.0: Kubernetes v1.26.0

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.16: Kubernetes v1.25.16

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.15: Kubernetes v1.25.15

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.14: Kubernetes v1.25.14

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.13: Kubernetes v1.25.13

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.12: Kubernetes v1.25.12

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.11: Kubernetes v1.25.11

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.10: Kubernetes v1.25.10

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.9: Kubernetes v1.25.9

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.8: Kubernetes v1.25.8

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.7: Kubernetes v1.25.7

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.6: Kubernetes v1.25.6

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.5: Kubernetes v1.25.5

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.4: Kubernetes v1.25.4

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.3: Kubernetes v1.25.3

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.2: Kubernetes v1.25.2

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.1: Kubernetes v1.25.1

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.25.0: Kubernetes v1.25.0

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

v1.24.17: Kubernetes v1.24.17

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copy link
Contributor Author

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -d -t ./...
go: k8s.io/[email protected] requires
	k8s.io/[email protected]: reading k8s.io/dynamic-resource-allocation/go.mod at revision v0.0.0: unknown revision v0.0.0

@HarrisonWAffel
Copy link
Contributor

Closing this out as the k8s dependencies directly relate to the version of system agent used. Currently wins uses v0.2.12 which also uses 1.24.x k8s dependencies. Instead of bumping the k8s versions, we need to evaluate if more recent versions of the system agent can be used in wins (which they likely can, but will need testing)

Copy link
Contributor Author

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.27.13). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate-rancher renovate-rancher bot deleted the renovate/go-k8s.io/kubernetes-vulnerability branch July 18, 2024 04:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant