SECURITY: nginx-ingress needs to be updated to 0.26.1
Bug #1846556 reported by
Jay Kuri
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Worker Charm |
Fix Released
|
Undecided
|
Kevin W Monroe |
Bug Description
nginx versions prior to 1.16 contain a number of security vulnerabilities. The version of nginx that is used in the current nginx-ingress controller for charmed k8s 1.15 and 1.16 uses a vulnerable version (nginx 1.15.x)
We are using nginx-ingress-
This has been addressed in the most recent version, 0.26.1
We should update to use the version of nginx-ingress-
Crossreference:
https:/
https:/
and
https:/
Changed in charm-kubernetes-worker: | |
milestone: | none → 1.17 |
Changed in charm-kubernetes-worker: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I'm not trying to derail this bug as we do need to upgrade to 0.26.1, but I'm curious about the claim to running 0.22. I see 0.25.1 in our charms for x86. Are you using a different architecture or charm revision?