kube-dns v1.17.4 image impacted by CVE-2020-29652

[rayandas]

kube-dns v1.17.4 image impacted by CVE-2020-29652

[prameshj]

Can you try newer images v1.20.0 or v1.21.0? Those were built with golang 1.16.

/assign @rayandas

[rayandas]

@prameshj I was using the image from k8s.gcr.io/dns/k8s-dns-kube-dns which has v1.17.4 as latest version. Check here.

[prameshj]

Oh, got it. The later kube-dns images were not promoted, since kube-dns is not used in OSS anymore. Do you use self-managed kube-dns?

I am promoting the latest kube-dns images in kubernetes/k8s.io#2759. Once that merges, can you try against that tag? Thanks!

[rayandas]

@prachirp yeah right. and thanks for the 1.21.1 that you promoted.

[k8s-ci-robot]

@rayandas: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.