Skip to content

Commit 3acc116

Browse files
Avi-RobustaAvi-Robusta
authored
[ROB-2920] CVE patches enforcer (#494)
CVE-2025-66418 CVE-2025-66471 tested it works
1 parent 4c03971 commit 3acc116

File tree

3 files changed

+5
-3
lines changed

3 files changed

+5
-3
lines changed

enforcer/Dockerfile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,10 @@ ENV PYTHONDONTWRITEBYTECODE=1
44
ENV PYTHONUNBUFFERED=1
55
ENV PATH="/app/venv/bin:$PATH"
66

7-
# Patching CVE-2025-6965
7+
# Patching CVE-2025-6965 (requires sqlite >= 3.50.2)
8+
# Alpine's current version (3.51.1-r0) already includes the fix
89
RUN apk update && apk add --no-cache --upgrade \
9-
sqlite-libs=3.49.2-r1 sqlite=3.49.2-r1
10+
sqlite-libs sqlite
1011

1112
# Set the working directory
1213
WORKDIR /app/enforcer

enforcer/requirements.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ PyYAML==6.0.1
66
cachetools==5.3.3
77
prometheus-client==0.20.0
88
kubernetes==26.1.0
9+
urllib3==2.6.2

helm/krr-enforcer/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ certJob:
1111
image:
1212
repository: us-central1-docker.pkg.dev/genuine-flight-317411/devel
1313
name: krr-enforcer
14-
tag: 0.3.5
14+
tag: 0.3.6
1515
imagePullPolicy: IfNotPresent
1616
resources:
1717
requests:

0 commit comments

Comments
 (0)