Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.5] add tls min/max version to grpc proxy #18829

Merged
merged 1 commit into from
Nov 18, 2024

Conversation

tjungblu
Copy link
Contributor

@tjungblu tjungblu commented Nov 4, 2024

This adds the min and max TLS version support from #13506 and #15156 to the grpc proxy.

Fixes #13506
Backport of #18816

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

@ivanvc ivanvc mentioned this pull request Nov 10, 2024
2 tasks
@tjungblu
Copy link
Contributor Author

note to myself, I need to update the CHANGELOG

Copy link
Member

@ahrtr ahrtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase this PR resolve the workflow failure.

@tjungblu
Copy link
Contributor Author

@ahrtr I have rebased, but I don't think this workflow failure is related to this PR nor main.

@ahrtr
Copy link
Member

ahrtr commented Nov 15, 2024

new CVE? @ivanvc @jmhbnz @ArkaSaha30

Vulnerability #1: GO-2024-3250
    Improper error handling in ParseWithClaims and bad documentation may cause
    dangerous situations in github.com/golang-jwt/jwt
  More info: https://pkg.go.dev/vuln/GO-2024-3250
  Module: github.com/golang-jwt/jwt/v4
    Found in: github.com/golang-jwt/jwt/[email protected]
    Fixed in: github.com/golang-jwt/jwt/[email protected]
    Example traces found:
Error:       #1: auth/jwt.go:48:26: auth.tokenJWT.info calls jwt.Parse

@ahrtr
Copy link
Member

ahrtr commented Nov 15, 2024

Raised #18898

Copy link
Member

@jmhbnz jmhbnz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Thanks @tjungblu

@k8s-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, jmhbnz, tjungblu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ivanvc
Copy link
Member

ivanvc commented Nov 17, 2024

/retest

Edit: ah, we need a rebase to have green tests

Copy link
Member

@ivanvc ivanvc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The backport LGTM. Should we rebase this branch before merging (to have green CI status)? Or should we just merge?

@ahrtr
Copy link
Member

ahrtr commented Nov 18, 2024

@tjungblu would you mind rebasing this PR before we merge it? thx

This adds the min and max TLS version support from etcd-io#13506 and etcd-io#15156 to the grpc proxy.

Fixes etcd-io#13506

Signed-off-by: Thomas Jungblut <[email protected]>
@tjungblu
Copy link
Contributor Author

done

@ahrtr
Copy link
Member

ahrtr commented Nov 18, 2024

/retest

@ahrtr ahrtr merged commit 601a884 into etcd-io:release-3.5 Nov 18, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

5 participants