Skip to content

chore(superset): Fix CVE-2024-1135 by upgrading gunicorn #919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 11, 2024
Merged

chore(superset): Fix CVE-2024-1135 by upgrading gunicorn #919

merged 5 commits into from
Nov 11, 2024

Conversation

@sbernauer
Copy link
Member

@sbernauer sbernauer commented Nov 7, 2024
edited
Loading

Description

Fixes https://github.com/stackabletech/vulnerabilities/issues/679
Bumps gunicorn from 21.2.0 to 22.0.0.

I've tested the trino-taxi-data demo with this image and it worked

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes
- [ ] Changes are OpenShift compatible
- [ ] All added packages (via microdnf or otherwise) have a comment on why they are added
- [ ] Things not downloaded from Red Hat repositories should be mirrored in the Stackable repository and downloaded from there
- [ ] All packages should have (if available) signatures/hashes verified
- [ ] Add an entry to the CHANGELOG.md file
- [ ] Integration tests ran successfully
TIP: Running integration tests with a new product image

The image can be built and uploaded to the kind cluster with the following commands:

bake --product <product> --image-version <stackable-image-version>
kind load docker-image <image-tagged-with-the-major-version> --name=<name-of-your-test-cluster>

See the output of bake to retrieve the image tag for <image-tagged-with-the-major-version>.

@sbernauer sbernauer changed the title chore(superset): Fix CVE-2024-1135 by upgrading gunicorn from 21.2.0 to 22.0.0 chore(superset): Fix CVE-2024-1135 by upgrading gunicorn Nov 7, 2024
labrenbe
labrenbe previously approved these changes Nov 7, 2024
View reviewed changes
@sbernauer sbernauer requested a review from lfrancke November 7, 2024 14:27
@sbernauer sbernauer requested a review from labrenbe November 7, 2024 14:28
@sbernauer sbernauer added this pull request to the merge queue Nov 11, 2024
Merged via the queue into main with commit 812fdcf Nov 11, 2024
2 checks passed
@sbernauer sbernauer deleted the fix/cve-2024-1135 branch November 11, 2024 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@labrenbe labrenbe labrenbe approved these changes

@lfrancke lfrancke Awaiting requested review from lfrancke

Assignees

No one assigned

Labels

release/24.11.0

Projects

Stackable Engineering
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sbernauer @labrenbe @lfrancke