github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 01:40:13 +00:00
Code Issues Projects Releases Wiki Activity

changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14

Browse Source
This commit is contained in:
Paco Xu 2022-11-24 13:03:44 +08:00
parent 45279654db
commit efb3f79328
4 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG/CHANGELOG-1.22.md
View File

@ -268,7 +268,7 @@
- [CPU and Memory manager are not working correctly for Guaranteed Pods with multiple containers](#cpu-and-memory-manager-are-not-working-correctly-for-guaranteed-pods-with-multiple-containers)
- [`CSIMigrationvSphere` feature gate has not migrated to new CRD APIs](#csimigrationvsphere-feature-gate-has-not-migrated-to-new-crd-apis)
- [Workloads that saturate nodes with pods may see pods that fail due to node admission](#workloads-that-saturate-nodes-with-pods-may-see-pods-that-fail-due-to-node-admission)
- [Etcd v3.5.[0-2] data corruption](#etcd-v350-2-data-corruption)
- [Etcd v3.5.\[0-2\] data corruption](#etcd-v350-2-data-corruption)
- [Urgent Upgrade Notes](#urgent-upgrade-notes)
- [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
- [Changes by Kind](#changes-by-kind-15)
@ -498,7 +498,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
@ -524,7 +524,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Yuval Avrahami of Palo Alto Networks

6
CHANGELOG/CHANGELOG-1.23.md
View File

@ -240,7 +240,7 @@
- [Urgent Upgrade Notes](#urgent-upgrade-notes)
- [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
- [Known Issues](#known-issues)
- [Etcd v3.5.[0-2] data corruption](#etcd-v350-2-data-corruption)
- [Etcd v3.5.\[0-2\] data corruption](#etcd-v350-2-data-corruption)
- [Changes by Kind](#changes-by-kind-14)
- [Deprecation](#deprecation)
- [API Change](#api-change-5)
@ -462,7 +462,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
@ -488,7 +488,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Yuval Avrahami of Palo Alto Networks

4
CHANGELOG/CHANGELOG-1.24.md
View File

@ -379,7 +379,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
@ -405,7 +405,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Yuval Avrahami of Palo Alto Networks

4
CHANGELOG/CHANGELOG-1.25.md
View File

@ -303,7 +303,7 @@ A security issue was discovered in Kubernetes where users authorized to list or
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit
@ -329,7 +329,7 @@ The merged fix enforces validation against the proxying address for a Node. In s
**Fixed Versions**:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.23.14
- kube-apiserver v1.22.16
This vulnerability was reported by Yuval Avrahami of Palo Alto Networks