odo icon indicating copy to clipboard operation
odo copied to clipboard
verified publisher icon redhat-developer

Security: Request new release to fix critical CVEs in odo 3.16.1 dependencies

Open p13rr0m opened this issue 3 months ago • 0 comments

Hello,

Our ACS scan reports critical CVEs in odo v3.16.1:

  • CVE-2024-41110github.com/docker/docker v20.10.24, fixed in 23.0.15
  • CVE-2025-21613 / 21614github.com/go-git/go-git/v5 v5.11.0, fixed in 5.13.0

Binary source:
https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/v3.16.1/odo-linux-amd64

Could you please update these dependencies and publish a new odo release that includes the security fixes?

Thanks!

p13rr0m avatar Oct 14 '25 05:10 p13rr0m

@vashirova: This pull request references OADP-7028 which is a valid jira issue.

In response to this:

Cherry Picked from commit f3301bc xref:https://github.com/openshift/openshift-docs/pull/103629

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot avatar Dec 17 '25 09:12 openshift-ci-robot

/label OADP

vashirova avatar Dec 17 '25 09:12 vashirova

🤖 Wed Dec 17 15:36:14 - Prow CI generated the docs preview:

https://104055--ocpdocs-pr.netlify.app/ https://104055--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-5-release-notes.html https://104055--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/release-notes/oadp-upgrade-notes-1-5.html https://104055--ocpdocs-pr.netlify.app/openshift-enterprise/latest/release_notes/addtl-release-notes.html

ocpdocs-previewbot avatar Dec 17 '25 10:12 ocpdocs-previewbot

@vashirova: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/validate-portal ec922f80280f66023a7883bf3d23893f29192904 link true /test validate-portal

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Dec 17 '25 15:12 openshift-ci[bot]