Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changelog: add note from CVE-2025-22869 #19479

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

changelog: add note from CVE-2025-22869 #19479

wants to merge 2 commits into from
+17 −1

Conversation

ivanvc
Copy link
Member

@ivanvc ivanvc commented Feb 25, 2025

Adds entries regarding the golang.org/x/crypto upgrade to 0.35.0, to address CVE-2025-22869.

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

@k8s-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ivanvc
Once this PR has been reviewed and has the lgtm label, please assign ahrtr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov Codecov
Copy link

codecov bot commented Feb 25, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.86%. Comparing base (d52bd90) to head (23a560f).
Report is 8 commits behind head on main.

Additional details and impacted files

see 21 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #19479      +/-   ##
==========================================
+ Coverage   68.85%   68.86%   +0.01%     
==========================================
  Files         420      420              
  Lines       35762    35762              
==========================================
+ Hits        24624    24629       +5     
+ Misses       9714     9707       -7     
- Partials     1424     1426       +2

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d52bd90...23a560f. Read the comment docs.

@ivanvc ivanvc force-pushed the release-note-CVE-2025-22869 branch from 7a241dc to 946f08b Compare February 25, 2025 07:31
@ivanvc ivanvc force-pushed the release-note-CVE-2025-22869 branch from 946f08b to 50bd12d Compare February 25, 2025 07:32
@ivanvc ivanvc force-pushed the release-note-CVE-2025-22869 branch from 50bd12d to 23a560f Compare February 25, 2025 07:34
@ivanvc
Copy link
Member Author

ivanvc commented Feb 25, 2025

Note: I need @fuweid's changes in the v3.6 CHANGELOG from #19474. I rebased his branch to avoid conflicts, but because other commits were already in the main, it brought more commits. While removing them, it made me co-author Fu's commit.

I think the best would be if I manually rebase my branch once his pull request is merged.

@k8s-ci-robot
Copy link

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ahrtr
Copy link
Member

ahrtr commented Feb 25, 2025

Please rebase this PR, thx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/documentation needs-rebase size/S
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ivanvc @k8s-ci-robot @ahrtr @fuweid