Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changelog: add note from CVE-2025-22869 #19479

Merged
merged 1 commit into from
Feb 25, 2025
Merged

changelog: add note from CVE-2025-22869 #19479

merged 1 commit into from
Feb 25, 2025
+7 −1

Conversation

ivanvc
Copy link
Member

@ivanvc ivanvc commented Feb 25, 2025

Adds entries regarding the golang.org/x/crypto upgrade to 0.35.0, to address CVE-2025-22869.

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

@codecov Codecov
Copy link

codecov bot commented Feb 25, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.88%. Comparing base (8e44d3a) to head (48fcef5).
Report is 9 commits behind head on main.

Additional details and impacted files

see 26 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #19479      +/-   ##
==========================================
+ Coverage   68.87%   68.88%   +0.01%     
==========================================
  Files         420      420              
  Lines       35779    35762      -17     
==========================================
- Hits        24642    24634       -8     
+ Misses       9711     9700      -11     
- Partials     1426     1428       +2

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8e44d3a...48fcef5. Read the comment docs.

@ivanvc ivanvc force-pushed the release-note-CVE-2025-22869 branch from 7a241dc to 946f08b Compare February 25, 2025 07:31
@ivanvc ivanvc force-pushed the release-note-CVE-2025-22869 branch 2 times, most recently from 50bd12d to 23a560f Compare February 25, 2025 07:34
@ivanvc
Copy link
Member Author

ivanvc commented Feb 25, 2025

Note: I need @fuweid's changes in the v3.6 CHANGELOG from #19474. I rebased his branch to avoid conflicts, but because other commits were already in the main, it brought more commits. While removing them, it made me co-author Fu's commit.

I think the best would be if I manually rebase my branch once his pull request is merged.

@ahrtr
Copy link
Member

ahrtr commented Feb 25, 2025

Please rebase this PR, thx

@ivanvc ivanvc force-pushed the release-note-CVE-2025-22869 branch from 23a560f to 48fcef5 Compare February 25, 2025 17:29
@ivanvc
Copy link
Member Author

ivanvc commented Feb 25, 2025

/cc @ahrtr

@k8s-ci-robot k8s-ci-robot requested a review from ahrtr February 25, 2025 17:36
@k8s-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, ivanvc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ahrtr ahrtr merged commit 3763a67 into etcd-io:main Feb 25, 2025
43 checks passed
@ivanvc ivanvc deleted the release-note-CVE-2025-22869 branch February 26, 2025 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahrtr ahrtr ahrtr approved these changes

Assignees
No one assigned
Labels
approved area/documentation size/XS stage/merge-when-tests-green
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ivanvc @ahrtr @k8s-ci-robot