Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release tool] security fixes #9283

Merged
merged 2 commits into from
Sep 28, 2024
Merged

[release tool] security fixes #9283

merged 2 commits into from
Sep 28, 2024

Conversation

radTuti
Copy link
Contributor

@radTuti radTuti commented Sep 26, 2024
edited
Loading

Description

  • ignore checking the certificate on ISS server which is preventing successful scans
  • remove call to ssh.InsecureIgnoreHostKey

Related issues/PRs

Todos

  • Tests
  • Documentation
  • Release note

Release Note

TBD

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

  • docs-pr-required: This change requires a change to the documentation that has not been completed yet.
  • docs-completed: This change has all necessary documentation completed.
  • docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

  • release-note-required: This PR has user-facing changes. Most PRs should have this label.
  • release-note-not-required: This PR has no user-facing changes.

Other optional labels:

  • cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
  • needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

@radTuti radTuti added docs-not-required Docs not required for this change release-note-not-required Change has no user-facing impact labels Sep 26, 2024
@radTuti radTuti requested a review from a team as a code owner September 26, 2024 06:02
@marvin-tigera marvin-tigera added this to the Calico v3.30.0 milestone Sep 26, 2024
@radTuti radTuti force-pushed the hashrelease-fixes branch 4 times, most recently from 6391b2c to cc9b41b Compare September 26, 2024 21:58
Behnam-Shobiri
Behnam-Shobiri approved these changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@Behnam-Shobiri Behnam-Shobiri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we using the SSH for doc website with static IP and hostname, we should be fine.
@radTuti can you please add that in the comments?
"This config (disabling strict verification) is only accepted for doc website with static IP and hostname"

@radTuti radTuti merged commit 4ce8dd8 into projectcalico:master Sep 28, 2024
3 checks passed
@radTuti radTuti deleted the hashrelease-fixes branch September 28, 2024 00:02
radTuti added a commit to radTuti/calico that referenced this pull request Sep 28, 2024
@radTuti
[release tool] security fixes (projectcalico#9283)
e629275 
* disable security check for ISS server

* remove using ssh.InsecureIgnoreHostKey
radTuti added a commit that referenced this pull request Oct 1, 2024
@radTuti
Merge pull request #9289 from radTuti/hashrelease-fixes-v3.29
baa6255 
[cherry pick] [release tool] security fixes (#9283)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Behnam-Shobiri Behnam-Shobiri Behnam-Shobiri approved these changes

Assignees
No one assigned
Labels
docs-not-required Docs not required for this change release-note-not-required Change has no user-facing impact
Projects
None yet
Milestone
Calico v3.30.0
Development

Successfully merging this pull request may close these issues.
3 participants
@radTuti @Behnam-Shobiri @marvin-tigera