From 531e2bfaaed30885e1ab9f18bc9b7fa0357de715 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Mon, 3 Mar 2025 16:48:53 +0000 Subject: [PATCH 1/2] Bump Neutron image tags to fix CVE-2024-53916 --- etc/kayobe/kolla-image-tags.yml | 4 ++-- releasenotes/notes/neutron-cve-37a7821967a36779.yaml | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/neutron-cve-37a7821967a36779.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index eeff618d9e..859e76d770 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -37,8 +37,8 @@ kolla_image_tags: manila: rocky-9: 2023.1-rocky-9-20240809T102431 neutron: - rocky-9: 2023.1-rocky-9-20250203T090355 - ubuntu-jammy: 2023.1-ubuntu-jammy-20250203T090355 + rocky-9: 2023.1-rocky-9-20250303T162416 + ubuntu-jammy: 2023.1-ubuntu-jammy-20250303T162416 nova: rocky-9: 2023.1-rocky-9-20240926T151818 ubuntu-jammy: 2023.1-ubuntu-jammy-20240926T151818 diff --git a/releasenotes/notes/neutron-cve-37a7821967a36779.yaml b/releasenotes/notes/neutron-cve-37a7821967a36779.yaml new file mode 100644 index 0000000000..0b179c127c --- /dev/null +++ b/releasenotes/notes/neutron-cve-37a7821967a36779.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Updated Neutron container image tags to fix CVE-2024-53916. See `#2037002 + `__ for more + details. From 086c0a48476f46cb3d9b9a9da0f544e9fa1dd683 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Tue, 4 Mar 2025 14:17:59 +0000 Subject: [PATCH 2/2] Update runner image to Jammy --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- .github/workflows/stackhpc-pull-request.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 4c6fc9bc09..14503a2fe4 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -42,7 +42,7 @@ jobs: build-kayobe-image: name: Build kayobe image if: inputs.if || github.repository == 'stackhpc/stackhpc-kayobe-config' && github.event_name == 'push' - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 permissions: contents: read packages: write diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index f5cfb90de3..aba6bacb70 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -13,7 +13,7 @@ jobs: # would skip the workflow entirely, and would prevent us from making the # aio jobs required to pass (a skip counts as a pass). check-changes: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 permissions: pull-requests: read name: Check changed files