Skip to content

fix a vulnerability in protobuf for pgbouncer_exporter #40303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
potiuk merged 1 commit into from
Jun 19, 2024
Merged

fix a vulnerability in protobuf for pgbouncer_exporter #40303

potiuk merged 1 commit into from
Jun 19, 2024

Conversation

@andrew-stein-sp
Copy link
Contributor

@andrew-stein-sp andrew-stein-sp commented Jun 18, 2024

pgbouncer_exporter 0.17.0 has been released and provides several updates to the golang dependencies.

specifically though, this version updates protobuf v1.31.0 to v1.33.0, thereby remediating CVE-2024-24786

A list of other dependency updates can be found here:
jbub/pgbouncer_exporter@fa4ec82

@boring-cyborg boring-cyborg bot added the area:helm-chart Airflow Helm Chart label Jun 18, 2024
@boring-cyborg
Copy link

boring-cyborg bot commented Jun 18, 2024

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our pre-commits will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
  • Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@andrew-stein-sp
Copy link
Contributor Author

andrew-stein-sp commented Jun 18, 2024

@potiuk can this image be built and pushed to dockerhub without requiring an update to the values.yaml's in this PR, or is that a req for merge?

@hussein-awala hussein-awala requested a review from potiuk June 19, 2024 09:04
@potiuk
Copy link
Member

potiuk commented Jun 19, 2024

Yeah. Maintainer has to push it. Let me do that now.

@potiuk
Copy link
Member

potiuk commented Jun 19, 2024

Image pushed: https://hub.docker.com/layers/apache/airflow/airflow-pgbouncer-exporter-2024.06.18-0.17.0/images/sha256-48f8442cfe19451303e718896edc45373c15157014f1327c2aed4dabc972229d?context=repo

@potiuk potiuk merged commit d7a8c19 into apache:main Jun 19, 2024
@boring-cyborg
Copy link

boring-cyborg bot commented Jun 19, 2024

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

@potiuk
Copy link
Member

potiuk commented Jun 19, 2024

Thanks @andrew-stein-sp ! I will switch to the new image in chart in a separate PR.

@potiuk potiuk mentioned this pull request Jun 19, 2024
Merged
potiuk added a commit to potiuk/airflow that referenced this pull request Jun 19, 2024
@potiuk
Switch to newer pgbouncer-exporter image as default for Helm Chart
368ea5b 
With apache#40303 we have a new pgbouncer-exporter image with newer version
of the exporter and without CVE-2024-24786.

This PR switches chart to the newer image.
@potiuk
Copy link
Member

potiuk commented Jun 19, 2024

PR to switch in the chart in #40318

potiuk added a commit that referenced this pull request Jun 19, 2024
@potiuk
Switch to newer pgbouncer-exporter image as default for Helm Chart (#…
35faaf8 
…40318)

With #40303 we have a new pgbouncer-exporter image with newer version
of the exporter and without CVE-2024-24786.

This PR switches chart to the newer image.
@eladkal eladkal added this to the Airflow Helm Chart 1.15.0 milestone Jun 21, 2024
@jedcunningham jedcunningham mentioned this pull request Jul 21, 2024
Closed
8 tasks
romsharon98 pushed a commit to romsharon98/airflow that referenced this pull request Jul 26, 2024
@andrew-stein-sp @romsharon98
fixes vulnerability in protobuf for pgbouncer_exporter (apache#40303)
6750008
romsharon98 pushed a commit to romsharon98/airflow that referenced this pull request Jul 26, 2024
@potiuk @romsharon98
Switch to newer pgbouncer-exporter image as default for Helm Chart (a…
3d9a876 
…pache#40318)

With apache#40303 we have a new pgbouncer-exporter image with newer version
of the exporter and without CVE-2024-24786.

This PR switches chart to the newer image.
@Jarvl Jarvl mentioned this pull request Mar 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

@hussein-awala hussein-awala hussein-awala approved these changes

@dstandish dstandish Awaiting requested review from dstandish

@jedcunningham jedcunningham Awaiting requested review from jedcunningham jedcunningham is a code owner

Assignees

No one assigned

Labels

area:helm-chart Airflow Helm Chart

Projects

None yet

Milestone

Airflow Helm Chart 1.15.0

Development

Successfully merging this pull request may close these issues.

4 participants

@andrew-stein-sp @potiuk @hussein-awala @eladkal