istio-coredns-plugin icon indicating copy to clipboard operation
istio-coredns-plugin copied to clipboard

Published 20 hours ago verified publisher icon istio-ecosystem

Latest Released Image Contains Shellshock Vulnerability

Open isugimpy opened this issue 5 years ago • 2 comments
trafficstars

As per title, https://hub.docker.com/layers/istio/coredns-plugin/0.2-istio-1.1/images/sha256-964eca01e487bcedcc769dd22644a4272daebf079b64170dd6bab16662651b99?context=explore contains the Shellshock vulnerability and hasn't been built in 2 years. Would it be possible for an updated version of the image to be built and released officially with the exploit patched?

isugimpy avatar Sep 18 '20 19:09 isugimpy

Hi. Sorry for the delay. This plugin is no longer maintained nor necessary as of Istio 1.8, as the DNS functionality is built into Istio sidecars. The functionality in 1.8 is far more richer and automatically configured than the current coredns plugin. I encourage you to take that for a spin.

Sidecar DNs is enabled by default in the preview profile. You can also enable it manually by setting the following config in the istio operator (Istio 1.8 onwards)

  meshConfig:
    defaultConfig:
      proxyMetadata:
        ISTIO_META_DNS_CAPTURE: "true"
        ISTIO_META_PROXY_XDS_VIA_AGENT: "true"

rshriram avatar Sep 23 '20 14:09 rshriram

I appreciate the response on this, but 1.8 isn't a viable option for us yet, because we're still working on getting upgraded from k8s 1.14. Thank you for the information, though! I'll keep that in mind for when we're able to upgrade.

isugimpy avatar Sep 23 '20 15:09 isugimpy