You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@yetus.apache.org by Allen Wittenauer <aw...@apache.org> on 2022/04/14 17:54:23 UTC

Heads up on CVE-2022-24765

	Just an FYI that the docker images for main now have the fix for CVE-2022-24765 in place. This change completely broke Github Actions and will likely break other, similar scenarios. If anyone has any ideas, I’d love to hear them. haha.  I haven’t checked yet to see what other actions are doing, but we may be forced to create a custom contanier just for GHA that hard-sets the uid inside it. :(

Re: Heads up on CVE-2022-24765

Posted by Allen Wittenauer <aw...@apache.org>.

> On Apr 14, 2022, at 10:54 AM, Allen Wittenauer <aw...@apache.org> wrote:
> 
> 
> 	Just an FYI that the docker images for main now have the fix for CVE-2022-24765 in place. This change completely broke Github Actions and will likely break other, similar scenarios. If anyone has any ideas, I’d love to hear them. haha.  I haven’t checked yet to see what other actions are doing, but we may be forced to create a custom contanier just for GHA that hard-sets the uid inside it. :(

With the help of Nick Dimiduk (thanks!), the PR to fix this issue has been merged into main. With the container push and a re-run of the action test off of main, everything appears to be working. Secondary testing is much appreciated.  Thanks!