Skip to content

OCPTOOLS-539,OCPTOOLS-547,OCPTOOLS-604,OCPTOOLS-626: Bump podman to v5.5.0 that fixes vulnerability in golang.org/x/crypto package. #1969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kunalmemane wants to merge 2 commits into
base: release-4.15
Choose a base branch
from
Open

OCPTOOLS-539,OCPTOOLS-547,OCPTOOLS-604,OCPTOOLS-626: Bump podman to v5.5.0 that fixes vulnerability in golang.org/x/crypto package. #1969

kunalmemane wants to merge 2 commits into from

Conversation

@kunalmemane
Copy link
Contributor

@kunalmemane kunalmemane commented Jul 2, 2025

CVE-2024-45337, CVE-2025-22869: Bump podman to v5.5.0 that fixes vulnerability in golang.org/x/crypto package.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 2, 2025
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jul 2, 2025
edited by openshift-ci bot
Loading

@kunalmemane: This pull request references OCPTOOLS-539 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the vulnerability to target the "4.15.z" version, but no target version was set.

This pull request references OCPTOOLS-547 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the vulnerability to target the "4.15.z" version, but no target version was set.

This pull request references OCPTOOLS-604 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the vulnerability to target the "4.15.z" version, but no target version was set.

This pull request references OCPTOOLS-626 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the vulnerability to target the "4.15.z" version, but no target version was set.

Details

In response to this:

CVE-2024-45337, CVE-2025-22869: Bump podman to v5.5.0 that fixes vulnerability in golang.org/x/crypto package.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from avinal and sayan-biswas July 2, 2025 10:59
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 2, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kunalmemane
Once this PR has been reviewed and has the lgtm label, please assign k37y for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kunalmemane
Copy link
Contributor Author

kunalmemane commented Jul 2, 2025

/test e2e-aws-jenkins-client-plugin

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 28, 2025

@kunalmemane: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security e83e1a6 link false /test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-bot
Copy link
Contributor

openshift-bot commented Nov 27, 2025

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 27, 2025
@kunalmemane
Copy link
Contributor Author

kunalmemane commented Nov 27, 2025

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 27, 2025
@kunalmemane
Copy link
Contributor Author

kunalmemane commented Nov 27, 2025

/lifecycle frozen

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 27, 2025

@kunalmemane: The lifecycle/frozen label cannot be applied to Pull Requests.

Details

In response to this:

/lifecycle frozen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avinal avinal Awaiting requested review from avinal

@sayan-biswas sayan-biswas Awaiting requested review from sayan-biswas

Assignees

No one assigned

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kunalmemane @openshift-ci-robot @openshift-bot