Mitigate Rapid Reset CVE-2023-44487 in devfiles org #1303
Description
/kind epic
Which area this feature is related to?
/area ci
/area api
/area library
/area registry
/area alizer
/area devworkspace
Which functionality do you think we should add?
This EPIC is created to cover all action items required to mitigate the Rapid Reset CVE-2023-44487.
In order to achieve our goal we will need to update specific repo dependencies and also golang images that we may use inside our repos.
Acceptance Criteria
- Create new version for Go stack using golang 1.19 #1300
- Update Alizer's k8s dependencies #1304
- Update API's k8s dependencies #1305
- Update Registry Support's k8s dependencies #1306
- Update Registry Operator's k8s dependencies #1307
- Update Library's k8s dependencies #1308
- Update Registry's tests dependencies #1309
- [Spike] Check if we need to explicitly disable HTTP/2 to mitigate
CVE-2023-44487(Rapid Reset) #1315 - Disable HTTP/2 protocol in
devfile/registry-supportto mitigateCVE-2023-44487(Rapid Reset) #1342
Metadata
Metadata
Assignees
Labels
Enhancement or issue related to the alizer repoEnhancement or issue related to the api/devfile specificationImprovent or additions to the DevWorkspaces CRDCommon devfile library for interacting with devfilesDevfile registry for stacks and infrastructureA high level requirement that can/should be split into smaller issues
Type
Projects
Status