Skip to content

[Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859#139

Merged
xumia merged 4 commits intosonic-net:masterfrom
xumia:fix-CVE-2023-28858
Apr 11, 2023
Merged

[Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859#139
xumia merged 4 commits intosonic-net:masterfrom
xumia:fix-CVE-2023-28858

Conversation

@xumia
Copy link
Contributor

@xumia xumia commented Apr 9, 2023
edited
Loading

[Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859

Upgrade the redis version from 2.10.5 to 4.5.4

|Alert title                             |Affected component                      |Severity                      |Due date                      |
|________________________________________|________________________________________|______________________________|______________________________|
|CVE-2023-28858                          |redis 2.10.5                            |High                          |2023-04-27T13:44:39.1802657Z  |

@xumia xumia requested a review from prsunny April 9, 2023 13:02
@xumia
Copy link
Contributor Author

xumia commented Apr 9, 2023

@prsunny , could you please help review it? Thanks.

@xumia
Copy link
Contributor Author

xumia commented Apr 9, 2023

/azp run Azure.sonic-restapi

@azure-pipelines
Copy link

azure-pipelines bot commented Apr 9, 2023

Azure Pipelines successfully started running 1 pipeline(s).

@xumia xumia force-pushed the fix-CVE-2023-28858 branch from e72ef5f to 8af41a7 Compare April 9, 2023 14:09
@xumia xumia changed the title [Security] Fix the redis security issue CVE-2023-28858 [Security] Fix the redis security issue CVE-2023-28858 and CVE-2023-28859 Apr 11, 2023
@xumia xumia merged commit 4f6f979 into sonic-net:master Apr 11, 2023
@xumia xumia deleted the fix-CVE-2023-28858 branch April 11, 2023 23:39
@liushilongbuaa
Copy link
Contributor

liushilongbuaa commented Apr 13, 2023

Hi @xumia , @prsunny , This security change is needed in 202012,202205,202211.
Can we update submodule's HEAD to this commit in these branches?

@xumia
Copy link
Contributor Author

xumia commented Apr 13, 2023
edited
Loading

Hi @xumia , @prsunny , This security change is needed in 202012,202205,202211. Can we update submodule's HEAD to this commit in these branches?

All releases 202012/202205/202211 use the master branch sonic-restapi, the 202012 has being used recent commit of master branch.

sonic-net/sonic-buildimage#14625
sonic-net/sonic-buildimage#14626
sonic-net/sonic-buildimage#14627

@maipbui maipbui mentioned this pull request Jun 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prsunny prsunny prsunny approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xumia @liushilongbuaa @prsunny