Skip to content

Commit 3e5b44c

Browse files
priteaupriteau
authored
Merge pull request #2173 from stackhpc/ft/bump-grafana-etcd
Dependencies updated or ignored for CVE vulnerabilities
2 parents 9f499d7 + dcce449 commit 3e5b44c

File tree

4 files changed

+57
-6
lines changed

4 files changed

+57
-6
lines changed

etc/kayobe/kolla-image-tags.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,10 @@ kolla_image_tags:
66
openstack:
77
rocky-9: 2025.1-rocky-9-20260205T152450
88
ubuntu-noble: 2025.1-ubuntu-noble-20260205T152450
9+
etcd:
10+
rocky-9: 2025.1-rocky-9-20260303T104901
911
grafana:
10-
rocky-9: 2025.1-rocky-9-20260223T134735
12+
rocky-9: 2025.1-rocky-9-20260303T104901
1113
ubuntu-noble: 2025.1-ubuntu-noble-20260223T134735
1214
ironic:
1315
rocky-9: 2025.1-rocky-9-20260303T104021
@@ -24,3 +26,5 @@ kolla_image_tags:
2426
octavia:
2527
rocky-9: 2025.1-rocky-9-20260226T091552
2628
ubuntu-noble: 2025.1-ubuntu-noble-20260226T091552
29+
prometheus_cadvisor:
30+
rocky-9: 2025.1-rocky-9-20260303T104901

etc/kayobe/kolla/kolla-build.conf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ location = https://github.com/stackhpc/requirements
1919
reference = stackhpc/{{ openstack_release }}
2020

2121
[etcd]
22-
version = 3.5.21
23-
sha256 = amd64:adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c,arm64:95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f
22+
version = 3.5.27
23+
sha256 = amd64:0aad9a9e4e0817a021e933f9806a2b2960a62f949ad5a3d6436d8886945cb1bc,arm64:1277309f540c5a0329c428f95455c9f76d24f768c8d28fd2753e891c379053fa
2424

2525
[letsencrypt-lego]
2626
version = v4.23.1
@@ -32,5 +32,5 @@ sha256 = amd64:c5deada86fe609deefdf40e9cbbe3da2f8cf3f6a4551a0ebe7886dc8fcf98bce,
3232

3333
# TODO: move to kolla_sources in kolla.yml once https://review.opendev.org/c/openstack/kayobe/+/970268 is available
3434
[prometheus-cadvisor]
35-
version = 0.54.1
36-
sha256 = amd64:21be8d2797433048474e676d37c215c28fb171509448ef9b1c4648a564e39595,arm64:21f7bac786f6c53a8091964b4d3ff2486a0c460e5a410000b59a9a565b4183a9
35+
version = 0.56.2
36+
sha256 = amd64:ad92930f16a2f9da15190675e09eeaceb8fd38637d07a686bb0dd68695f692af,arm64:b7a707379496fd7a7b5d2768c5c494427112f534ba5069f889af28ffe6ad11bb

etc/kayobe/pulp-repo-versions.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ stackhpc_pulp_repo_elrepo_9_aarch64_version: 20250408T030629
2525
stackhpc_pulp_repo_elrepo_9_version: 20260127T212055
2626
stackhpc_pulp_repo_epel_9_aarch64_version: 20260204T223146
2727
stackhpc_pulp_repo_epel_9_version: 20260204T220346
28-
stackhpc_pulp_repo_grafana_version: 20260204T212232
28+
stackhpc_pulp_repo_grafana_version: 20260214T213531
2929
stackhpc_pulp_repo_opensearch_2_x_version: 20251106T202313
3030
stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20251106T202313
3131
stackhpc_pulp_repo_rhel9_rabbitmq_erlang_26_aarch64_version: 20260112T224827

etc/kayobe/trivy/allowed-vulnerabilities.yml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,33 +16,80 @@ fluentd_allowed_vulnerabilities:
1616
- CVE-2024-27280
1717
grafana_allowed_vulnerabilities:
1818
- CVE-2024-8986
19+
- CVE-2025-68121 # the opensearch datasource plugin is still vulnerable
1920
influxdb_allowed_vulnerabilities:
2021
- CVE-2024-45337
22+
- CVE-2025-68121
23+
ironic_neutron_agent_allowed_vulnerabilities:
24+
- CVE-2025-68121
25+
letsencrypt_lego_allowed_vulnerabilities:
26+
- CVE-2025-68121
2127
magnum_conductor_allowed_vulnerabilities:
2228
- CVE-2024-45337
29+
- CVE-2025-68121
30+
neutron_base_allowed_vulnerabilities:
31+
- CVE-2025-68121
32+
neutron_bgp_dragent_allowed_vulnerabilities:
33+
- CVE-2025-68121
34+
neutron_dhcp_agent_allowed_vulnerabilities:
35+
- CVE-2025-68121
36+
neutron_l3_agent_allowed_vulnerabilities:
37+
- CVE-2025-68121
38+
neutron_linuxbridge_agent_allowed_vulnerabilities:
39+
- CVE-2025-68121
40+
neutron_metadata_agent_allowed_vulnerabilities:
41+
- CVE-2025-68121
42+
neutron_mlnx_agent_allowed_vulnerabilities:
43+
- CVE-2025-68121
44+
neutron_openvswitch_agent_allowed_vulnerabilities:
45+
- CVE-2025-68121
46+
neutron_ovn_agent_allowed_vulnerabilities:
47+
- CVE-2025-68121
48+
neutron_server_allowed_vulnerabilities:
49+
- CVE-2025-68121
50+
neutron_sriov_agent_allowed_vulnerabilities:
51+
- CVE-2025-68121
2352
opensearch_dashboards_allowed_vulnerabilities:
2453
- CVE-2025-68428
54+
- CVE-2026-27699
55+
prometheus_alertmanager_allowed_vulnerabilities:
56+
- CVE-2025-68121
2557
prometheus_blackbox_exporter_allowed_vulnerabilities:
2658
- CVE-2024-24790
2759
- CVE-2024-45337
60+
- CVE-2025-68121
2861
prometheus_memcached_exporter_allowed_vulnerabilities:
2962
- CVE-2024-45337
63+
- CVE-2025-68121
3064
prometheus_mysqld_exporter_allowed_vulnerabilities:
3165
- CVE-2024-45337
66+
- CVE-2025-68121
3267
prometheus_elasticsearch_exporter_allowed_vulnerabilities:
3368
- CVE-2024-45337
69+
- CVE-2025-68121
3470
prometheus_node_exporter_allowed_vulnerabilities:
3571
- CVE-2024-45337
72+
- CVE-2025-68121
3673
prometheus_openstack_exporter_allowed_vulnerabilities:
3774
- CVE-2024-24790
3875
- CVE-2024-45337
76+
- CVE-2025-68121
3977
prometheus_ovn_exporter_allowed_vulnerabilities:
4078
- CVE-2024-24790
79+
- CVE-2025-68121
4180
prometheus_libvirt_exporter_allowed_vulnerabilities:
4281
- CVE-2024-45337
82+
- CVE-2025-68121
4383
prometheus_cadvisor_allowed_vulnerabilities:
4484
- CVE-2024-41110
4585
- CVE-2024-45337
86+
- CVE-2025-68121
87+
prometheus_mtail_allowed_vulnerabilities:
88+
- CVE-2024-24790
89+
- CVE-2025-68121
90+
prometheus_server_allowed_vulnerabilities:
91+
- CVE-2024-45337
92+
- CVE-2025-68121
4693

4794
###############################################################################
4895
# Dummy variable to allow Ansible to accept this file.

0 commit comments

Comments
 (0)