Commit new App releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
719ca1e5a2
commit
8d57376efe
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="k8s-gateway-5.0.14"></a>
|
||||
### [k8s-gateway-5.0.14](https://github.com/truecharts/apps/compare/k8s-gateway-5.0.13...k8s-gateway-5.0.14) (2022-05-04)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#2606](https://github.com/truecharts/apps/issues/2606))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-5.0.13"></a>
|
||||
### [k8s-gateway-5.0.13](https://github.com/truecharts/apps/compare/k8s-gateway-5.0.12...k8s-gateway-5.0.13) (2022-04-26)
|
||||
|
||||
|
@ -88,12 +97,3 @@
|
|||
### [k8s-gateway-5.0.0](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.44...k8s-gateway-5.0.0) (2022-03-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* remove fixed env from questions.yaml
|
||||
* remove empty env var declaration from questions.yaml
|
||||
* update helm general major helm releases ([#2021](https://github.com/truecharts/apps/issues/2021))
|
||||
|
||||
#### Fix
|
||||
|
||||
* BREAKING CHANGE Move some env-vars outside of env section ([#2010](https://github.com/truecharts/apps/issues/2010))
|
||||
|
|
@ -3,4 +3,4 @@ dependencies:
|
|||
repository: https://library-charts.truecharts.org
|
||||
version: 9.3.2
|
||||
digest: sha256:4514044d0d416a02c0029081a25943395114bcb29df51a2ede27d4257f71d412
|
||||
generated: "2022-04-28T05:43:30.053826515Z"
|
||||
generated: "2022-05-04T21:08:46.211410624Z"
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: "0.2.4"
|
||||
appVersion: "0.3.0"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
|
@ -20,7 +20,7 @@ name: k8s-gateway
|
|||
sources:
|
||||
- https://github.com/ori-edge/k8s_gateway
|
||||
type: application
|
||||
version: 5.0.13
|
||||
version: 5.0.14
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- networking
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/k8s_gateway
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.2.4@sha256:cc621e57c73aab461b64e561d56181c9f67b59d006ab548fedfee660f08965f9
|
||||
tag: v0.3.0@sha256:035b4488071258db2f2e543c21c93f1c6ca5fbf13ae132aac9579afa5843a4b9
|
||||
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
|
@ -1313,7 +1313,7 @@ questions:
|
|||
- variable: exceptint
|
||||
label: ""
|
||||
schema:
|
||||
type: int
|
||||
type: string
|
||||
- variable: namespaceSelector
|
||||
label: "namespaceSelector"
|
||||
schema:
|
||||
|
@ -1482,7 +1482,7 @@ questions:
|
|||
- variable: exceptint
|
||||
label: ""
|
||||
schema:
|
||||
type: int
|
||||
type: string
|
||||
- variable: namespaceSelector
|
||||
label: "namespaceSelector"
|
||||
schema:
|
|
@ -45,7 +45,7 @@ hide:
|
|||
|
||||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||||
tccr.io/truecharts/k8s_gateway:v0.2.4@sha256:cc621e57c73aab461b64e561d56181c9f67b59d006ab548fedfee660f08965f9
|
||||
tccr.io/truecharts/k8s_gateway:v0.3.0@sha256:035b4488071258db2f2e543c21c93f1c6ca5fbf13ae132aac9579afa5843a4b9
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
@ -58,9 +58,17 @@ hide:
|
|||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
|
||||
|
@ -71,9 +79,17 @@ hide:
|
|||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
|
||||
|
||||
|
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="prometheus-2.0.47"></a>
|
||||
### [prometheus-2.0.47](https://github.com/truecharts/apps/compare/prometheus-2.0.46...prometheus-2.0.47) (2022-05-04)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#2606](https://github.com/truecharts/apps/issues/2606))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-2.0.46"></a>
|
||||
### [prometheus-2.0.46](https://github.com/truecharts/apps/compare/prometheus-2.0.45...prometheus-2.0.46) (2022-04-29)
|
||||
|
||||
|
@ -88,12 +97,3 @@
|
|||
#### Chore
|
||||
|
||||
* update docker general non-major
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-2.0.36"></a>
|
||||
### [prometheus-2.0.36](https://github.com/truecharts/apps/compare/prometheus-2.0.35...prometheus-2.0.36) (2022-04-12)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major
|
|
@ -9,4 +9,4 @@ dependencies:
|
|||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.2.19
|
||||
digest: sha256:943014a8c52161f167d2941e4dfaefe2a2735c17232c5986c8f3d055af951706
|
||||
generated: "2022-04-29T07:34:29.162560303Z"
|
||||
generated: "2022-05-04T21:08:59.541043798Z"
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: "0.56.0"
|
||||
appVersion: "0.56.1"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
|
@ -28,7 +28,7 @@ sources:
|
|||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
version: 2.0.46
|
||||
version: 2.0.47
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- metrics
|
|
@ -1,10 +1,10 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/prometheus-operator
|
||||
tag: v0.56.0@sha256:a01979b632b2db07cf386b9e973e2e05b3a0493f2e6bb07ce736344b9ddbe764
|
||||
tag: v0.56.1@sha256:f5cf06f0f4bcc233c6bf71b7d3b8ab01465f37e3489e772d96f12caf6c523d8e
|
||||
|
||||
prometheusImage:
|
||||
repository: tccr.io/truecharts/prometheus
|
||||
tag: v2.35.0@sha256:294db22854e8687924ca728d5003203cd48fd14ae6167a4c6a1906ce4a6938ad
|
||||
tag: v2.35.0@sha256:5faf3b077cac3e13c27f1ada8af00da19e7c3b9667b2e6c9ba5a0330605e1d62
|
||||
|
||||
thanosImage:
|
||||
repository: tccr.io/truecharts/thanos
|
||||
|
@ -12,7 +12,7 @@ thanosImage:
|
|||
|
||||
alertmanagerImage:
|
||||
repository: tccr.io/truecharts/alertmanager
|
||||
tag: v0.24.0@sha256:5fd34d7bf06225de1892f9620b7e574703214dfdedcbb05edcfefdb858435329
|
||||
tag: v0.24.0@sha256:fc8b223b7e154249dd8226423f8967d8af9cfadc496b75de2e899aefcfec092c
|
||||
|
||||
global:
|
||||
labels: {}
|
|
@ -181,7 +181,7 @@ hide:
|
|||
|
||||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||||
tccr.io/truecharts/prometheus-operator:v0.56.0@sha256:a01979b632b2db07cf386b9e973e2e05b3a0493f2e6bb07ce736344b9ddbe764
|
||||
tccr.io/truecharts/prometheus-operator:v0.56.1@sha256:f5cf06f0f4bcc233c6bf71b7d3b8ab01465f37e3489e772d96f12caf6c523d8e
|
||||
bitnami/node-exporter:1.3.1-debian-10-r129
|
||||
bitnami/kube-state-metrics:2.4.2-debian-10-r42
|
||||
|
||||
|
@ -196,7 +196,7 @@ hide:
|
|||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
|
@ -205,8 +205,8 @@ hide:
|
|||
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
|
||||
|
@ -217,7 +217,7 @@ hide:
|
|||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
|
@ -226,11 +226,11 @@ hide:
|
|||
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/prometheus-operator:v0.56.0@sha256:a01979b632b2db07cf386b9e973e2e05b3a0493f2e6bb07ce736344b9ddbe764 (debian 10.12)
|
||||
#### Container: tccr.io/truecharts/prometheus-operator:v0.56.1@sha256:f5cf06f0f4bcc233c6bf71b7d3b8ab01465f37e3489e772d96f12caf6c523d8e (debian 10.12)
|
||||
|
||||
|
||||
**debian**
|
||||
|
@ -365,6 +365,7 @@ hide:
|
|||
| libsmartcols1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0563">https://access.redhat.com/security/cve/CVE-2022-0563</a><br><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">https://nvd.nist.gov/vuln/detail/CVE-2022-0563</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0002/">https://security.netapp.com/advisory/ntap-20220331-0002/</a><br></details> |
|
||||
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-13115">https://access.redhat.com/security/cve/CVE-2019-13115</a><br><a href="https://blog.semmle.com/libssh2-integer-overflow/">https://blog.semmle.com/libssh2-integer-overflow/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115</a><br><a href="https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa">https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa</a><br><a href="https://github.com/libssh2/libssh2/pull/350">https://github.com/libssh2/libssh2/pull/350</a><br><a href="https://libssh2.org/changes.html">https://libssh2.org/changes.html</a><br><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html">https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/</a><br><a href="https://security.netapp.com/advisory/ntap-20190806-0002/">https://security.netapp.com/advisory/ntap-20190806-0002/</a><br><a href="https://support.f5.com/csp/article/K13322484">https://support.f5.com/csp/article/K13322484</a><br><a href="https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS">https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS</a><br></details> |
|
||||
| libssh2-1 | CVE-2019-17498 | LOW | 1.8.0-2.1 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html">http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-17498">https://access.redhat.com/security/cve/CVE-2019-17498</a><br><a href="https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/">https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498</a><br><a href="https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498">https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498</a><br><a href="https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480">https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480</a><br><a href="https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c">https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c</a><br><a href="https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94">https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94</a><br><a href="https://linux.oracle.com/cve/CVE-2019-17498.html">https://linux.oracle.com/cve/CVE-2019-17498.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-3915.html">https://linux.oracle.com/errata/ELSA-2020-3915.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html">https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-17498">https://nvd.nist.gov/vuln/detail/CVE-2019-17498</a><br></details> |
|
||||
| libssl1.1 | CVE-2022-1292 | MEDIUM | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a><br><a href="https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html">https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html</a><br><a href="https://www.openssl.org/news/secadv/20220503.txt">https://www.openssl.org/news/secadv/20220503.txt</a><br></details> |
|
||||
| libssl1.1 | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/">http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/</a><br><a href="http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html">http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html</a><br><a href="http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html">http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html</a><br><a href="http://rump2007.cr.yp.to/15-shumow.pdf">http://rump2007.cr.yp.to/15-shumow.pdf</a><br><a href="http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/">http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/</a><br><a href="http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect">http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect</a><br><a href="http://www.securityfocus.com/bid/63657">http://www.securityfocus.com/bid/63657</a><br><a href="https://access.redhat.com/security/cve/CVE-2007-6755">https://access.redhat.com/security/cve/CVE-2007-6755</a><br><a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html">https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</a><br></details> |
|
||||
| libssl1.1 | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/">http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/</a><br><a href="http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf">http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf</a><br><a href="http://www.networkworld.com/news/2010/030410-rsa-security-attack.html">http://www.networkworld.com/news/2010/030410-rsa-security-attack.html</a><br><a href="http://www.osvdb.org/62808">http://www.osvdb.org/62808</a><br><a href="http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/">http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/</a><br><a href="https://access.redhat.com/security/cve/CVE-2010-0928">https://access.redhat.com/security/cve/CVE-2010-0928</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/56750">https://exchange.xforce.ibmcloud.com/vulnerabilities/56750</a><br></details> |
|
||||
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-12886">https://access.redhat.com/security/cve/CVE-2018-12886</a><br><a href="https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup">https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup</a><br><a href="https://www.gnu.org/software/gcc/gcc-8/changes.html">https://www.gnu.org/software/gcc/gcc-8/changes.html</a><br></details> |
|
||||
|
@ -396,6 +397,7 @@ hide:
|
|||
| mount | CVE-2022-0563 | LOW | 2.33.1-0.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0563">https://access.redhat.com/security/cve/CVE-2022-0563</a><br><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">https://nvd.nist.gov/vuln/detail/CVE-2022-0563</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0002/">https://security.netapp.com/advisory/ntap-20220331-0002/</a><br></details> |
|
||||
| ncurses-base | CVE-2022-29458 | HIGH | 6.1+20181013-2+deb10u2 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-29458">https://access.redhat.com/security/cve/CVE-2022-29458</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-29458">https://nvd.nist.gov/vuln/detail/CVE-2022-29458</a><br></details> |
|
||||
| ncurses-base | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | | <details><summary>Expand...</summary><a href="http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup">http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-39537">https://access.redhat.com/security/cve/CVE-2021-39537</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html">https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html">https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39537">https://nvd.nist.gov/vuln/detail/CVE-2021-39537</a><br></details> |
|
||||
| openssl | CVE-2022-1292 | MEDIUM | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a><br><a href="https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html">https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html</a><br><a href="https://www.openssl.org/news/secadv/20220503.txt">https://www.openssl.org/news/secadv/20220503.txt</a><br></details> |
|
||||
| openssl | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/">http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/</a><br><a href="http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html">http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html</a><br><a href="http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html">http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html</a><br><a href="http://rump2007.cr.yp.to/15-shumow.pdf">http://rump2007.cr.yp.to/15-shumow.pdf</a><br><a href="http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/">http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/</a><br><a href="http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect">http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect</a><br><a href="http://www.securityfocus.com/bid/63657">http://www.securityfocus.com/bid/63657</a><br><a href="https://access.redhat.com/security/cve/CVE-2007-6755">https://access.redhat.com/security/cve/CVE-2007-6755</a><br><a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html">https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</a><br></details> |
|
||||
| openssl | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/">http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/</a><br><a href="http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf">http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf</a><br><a href="http://www.networkworld.com/news/2010/030410-rsa-security-attack.html">http://www.networkworld.com/news/2010/030410-rsa-security-attack.html</a><br><a href="http://www.osvdb.org/62808">http://www.osvdb.org/62808</a><br><a href="http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/">http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/</a><br><a href="https://access.redhat.com/security/cve/CVE-2010-0928">https://access.redhat.com/security/cve/CVE-2010-0928</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/56750">https://exchange.xforce.ibmcloud.com/vulnerabilities/56750</a><br></details> |
|
||||
| passwd | CVE-2007-5686 | LOW | 1:4.5-1.1 | | <details><summary>Expand...</summary><a href="http://secunia.com/advisories/27215">http://secunia.com/advisories/27215</a><br><a href="http://www.securityfocus.com/archive/1/482129/100/100/threaded">http://www.securityfocus.com/archive/1/482129/100/100/threaded</a><br><a href="http://www.securityfocus.com/archive/1/482857/100/0/threaded">http://www.securityfocus.com/archive/1/482857/100/0/threaded</a><br><a href="http://www.securityfocus.com/bid/26048">http://www.securityfocus.com/bid/26048</a><br><a href="http://www.vupen.com/english/advisories/2007/3474">http://www.vupen.com/english/advisories/2007/3474</a><br><a href="https://issues.rpath.com/browse/RPL-1825">https://issues.rpath.com/browse/RPL-1825</a><br></details> |
|
||||
|
@ -547,6 +549,7 @@ hide:
|
|||
| libsmartcols1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0563">https://access.redhat.com/security/cve/CVE-2022-0563</a><br><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">https://nvd.nist.gov/vuln/detail/CVE-2022-0563</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0002/">https://security.netapp.com/advisory/ntap-20220331-0002/</a><br></details> |
|
||||
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-13115">https://access.redhat.com/security/cve/CVE-2019-13115</a><br><a href="https://blog.semmle.com/libssh2-integer-overflow/">https://blog.semmle.com/libssh2-integer-overflow/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115</a><br><a href="https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa">https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa</a><br><a href="https://github.com/libssh2/libssh2/pull/350">https://github.com/libssh2/libssh2/pull/350</a><br><a href="https://libssh2.org/changes.html">https://libssh2.org/changes.html</a><br><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html">https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/</a><br><a href="https://security.netapp.com/advisory/ntap-20190806-0002/">https://security.netapp.com/advisory/ntap-20190806-0002/</a><br><a href="https://support.f5.com/csp/article/K13322484">https://support.f5.com/csp/article/K13322484</a><br><a href="https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS">https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS</a><br></details> |
|
||||
| libssh2-1 | CVE-2019-17498 | LOW | 1.8.0-2.1 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html">http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-17498">https://access.redhat.com/security/cve/CVE-2019-17498</a><br><a href="https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/">https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498</a><br><a href="https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498">https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498</a><br><a href="https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480">https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480</a><br><a href="https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c">https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c</a><br><a href="https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94">https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94</a><br><a href="https://linux.oracle.com/cve/CVE-2019-17498.html">https://linux.oracle.com/cve/CVE-2019-17498.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-3915.html">https://linux.oracle.com/errata/ELSA-2020-3915.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html">https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-17498">https://nvd.nist.gov/vuln/detail/CVE-2019-17498</a><br></details> |
|
||||
| libssl1.1 | CVE-2022-1292 | MEDIUM | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a><br><a href="https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html">https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html</a><br><a href="https://www.openssl.org/news/secadv/20220503.txt">https://www.openssl.org/news/secadv/20220503.txt</a><br></details> |
|
||||
| libssl1.1 | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/">http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/</a><br><a href="http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html">http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html</a><br><a href="http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html">http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html</a><br><a href="http://rump2007.cr.yp.to/15-shumow.pdf">http://rump2007.cr.yp.to/15-shumow.pdf</a><br><a href="http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/">http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/</a><br><a href="http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect">http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect</a><br><a href="http://www.securityfocus.com/bid/63657">http://www.securityfocus.com/bid/63657</a><br><a href="https://access.redhat.com/security/cve/CVE-2007-6755">https://access.redhat.com/security/cve/CVE-2007-6755</a><br><a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html">https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</a><br></details> |
|
||||
| libssl1.1 | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/">http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/</a><br><a href="http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf">http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf</a><br><a href="http://www.networkworld.com/news/2010/030410-rsa-security-attack.html">http://www.networkworld.com/news/2010/030410-rsa-security-attack.html</a><br><a href="http://www.osvdb.org/62808">http://www.osvdb.org/62808</a><br><a href="http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/">http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/</a><br><a href="https://access.redhat.com/security/cve/CVE-2010-0928">https://access.redhat.com/security/cve/CVE-2010-0928</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/56750">https://exchange.xforce.ibmcloud.com/vulnerabilities/56750</a><br></details> |
|
||||
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-12886">https://access.redhat.com/security/cve/CVE-2018-12886</a><br><a href="https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup">https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup</a><br><a href="https://www.gnu.org/software/gcc/gcc-8/changes.html">https://www.gnu.org/software/gcc/gcc-8/changes.html</a><br></details> |
|
||||
|
@ -578,6 +581,7 @@ hide:
|
|||
| mount | CVE-2022-0563 | LOW | 2.33.1-0.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0563">https://access.redhat.com/security/cve/CVE-2022-0563</a><br><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">https://nvd.nist.gov/vuln/detail/CVE-2022-0563</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0002/">https://security.netapp.com/advisory/ntap-20220331-0002/</a><br></details> |
|
||||
| ncurses-base | CVE-2022-29458 | HIGH | 6.1+20181013-2+deb10u2 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-29458">https://access.redhat.com/security/cve/CVE-2022-29458</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-29458">https://nvd.nist.gov/vuln/detail/CVE-2022-29458</a><br></details> |
|
||||
| ncurses-base | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | | <details><summary>Expand...</summary><a href="http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup">http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-39537">https://access.redhat.com/security/cve/CVE-2021-39537</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html">https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html">https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39537">https://nvd.nist.gov/vuln/detail/CVE-2021-39537</a><br></details> |
|
||||
| openssl | CVE-2022-1292 | MEDIUM | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a><br><a href="https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html">https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html</a><br><a href="https://www.openssl.org/news/secadv/20220503.txt">https://www.openssl.org/news/secadv/20220503.txt</a><br></details> |
|
||||
| openssl | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/">http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/</a><br><a href="http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html">http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html</a><br><a href="http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html">http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html</a><br><a href="http://rump2007.cr.yp.to/15-shumow.pdf">http://rump2007.cr.yp.to/15-shumow.pdf</a><br><a href="http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/">http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/</a><br><a href="http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect">http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect</a><br><a href="http://www.securityfocus.com/bid/63657">http://www.securityfocus.com/bid/63657</a><br><a href="https://access.redhat.com/security/cve/CVE-2007-6755">https://access.redhat.com/security/cve/CVE-2007-6755</a><br><a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html">https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</a><br></details> |
|
||||
| openssl | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/">http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/</a><br><a href="http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf">http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf</a><br><a href="http://www.networkworld.com/news/2010/030410-rsa-security-attack.html">http://www.networkworld.com/news/2010/030410-rsa-security-attack.html</a><br><a href="http://www.osvdb.org/62808">http://www.osvdb.org/62808</a><br><a href="http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/">http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/</a><br><a href="https://access.redhat.com/security/cve/CVE-2010-0928">https://access.redhat.com/security/cve/CVE-2010-0928</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/56750">https://exchange.xforce.ibmcloud.com/vulnerabilities/56750</a><br></details> |
|
||||
| passwd | CVE-2007-5686 | LOW | 1:4.5-1.1 | | <details><summary>Expand...</summary><a href="http://secunia.com/advisories/27215">http://secunia.com/advisories/27215</a><br><a href="http://www.securityfocus.com/archive/1/482129/100/100/threaded">http://www.securityfocus.com/archive/1/482129/100/100/threaded</a><br><a href="http://www.securityfocus.com/archive/1/482857/100/0/threaded">http://www.securityfocus.com/archive/1/482857/100/0/threaded</a><br><a href="http://www.securityfocus.com/bid/26048">http://www.securityfocus.com/bid/26048</a><br><a href="http://www.vupen.com/english/advisories/2007/3474">http://www.vupen.com/english/advisories/2007/3474</a><br><a href="https://issues.rpath.com/browse/RPL-1825">https://issues.rpath.com/browse/RPL-1825</a><br></details> |
|
||||
|
@ -598,7 +602,7 @@ hide:
|
|||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210616213533-5ff15b29337e | 0.0.0-20220315160706-3147a52a75dd | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27191">https://access.redhat.com/security/cve/CVE-2022-27191</a><br><a href="https://github.com/advisories/GHSA-8c26-wmh5-6g9v">https://github.com/advisories/GHSA-8c26-wmh5-6g9v</a><br><a href="https://groups.google.com/g/golang-announce">https://groups.google.com/g/golang-announce</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27191">https://nvd.nist.gov/vuln/detail/CVE-2022-27191</a><br></details> |
|
||||
| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210616213533-5ff15b29337e | 0.0.0-20220315160706-3147a52a75dd | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27191">https://access.redhat.com/security/cve/CVE-2022-27191</a><br><a href="https://github.com/advisories/GHSA-8c26-wmh5-6g9v">https://github.com/advisories/GHSA-8c26-wmh5-6g9v</a><br><a href="https://groups.google.com/g/golang-announce">https://groups.google.com/g/golang-announce</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27191">https://nvd.nist.gov/vuln/detail/CVE-2022-27191</a><br><a href="https://security.netapp.com/advisory/ntap-20220429-0002/">https://security.netapp.com/advisory/ntap-20220429-0002/</a><br></details> |
|
||||
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary><a href="https://go-review.googlesource.com/c/text/+/340830">https://go-review.googlesource.com/c/text/+/340830</a><br><a href="https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f">https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f</a><br><a href="https://pkg.go.dev/vuln/GO-2021-0113">https://pkg.go.dev/vuln/GO-2021-0113</a><br></details> |
|
||||
|
||||
**gobinary**
|
||||
|
@ -606,7 +610,7 @@ hide:
|
|||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210616213533-5ff15b29337e | 0.0.0-20220315160706-3147a52a75dd | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27191">https://access.redhat.com/security/cve/CVE-2022-27191</a><br><a href="https://github.com/advisories/GHSA-8c26-wmh5-6g9v">https://github.com/advisories/GHSA-8c26-wmh5-6g9v</a><br><a href="https://groups.google.com/g/golang-announce">https://groups.google.com/g/golang-announce</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27191">https://nvd.nist.gov/vuln/detail/CVE-2022-27191</a><br></details> |
|
||||
| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210616213533-5ff15b29337e | 0.0.0-20220315160706-3147a52a75dd | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27191">https://access.redhat.com/security/cve/CVE-2022-27191</a><br><a href="https://github.com/advisories/GHSA-8c26-wmh5-6g9v">https://github.com/advisories/GHSA-8c26-wmh5-6g9v</a><br><a href="https://groups.google.com/g/golang-announce">https://groups.google.com/g/golang-announce</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27191">https://nvd.nist.gov/vuln/detail/CVE-2022-27191</a><br><a href="https://security.netapp.com/advisory/ntap-20220429-0002/">https://security.netapp.com/advisory/ntap-20220429-0002/</a><br></details> |
|
||||
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary><a href="https://go-review.googlesource.com/c/text/+/340830">https://go-review.googlesource.com/c/text/+/340830</a><br><a href="https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f">https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f</a><br><a href="https://pkg.go.dev/vuln/GO-2021-0113">https://pkg.go.dev/vuln/GO-2021-0113</a><br></details> |
|
||||
|
||||
|
||||
|
@ -745,6 +749,7 @@ hide:
|
|||
| libsmartcols1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0563">https://access.redhat.com/security/cve/CVE-2022-0563</a><br><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">https://nvd.nist.gov/vuln/detail/CVE-2022-0563</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0002/">https://security.netapp.com/advisory/ntap-20220331-0002/</a><br></details> |
|
||||
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-13115">https://access.redhat.com/security/cve/CVE-2019-13115</a><br><a href="https://blog.semmle.com/libssh2-integer-overflow/">https://blog.semmle.com/libssh2-integer-overflow/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115</a><br><a href="https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa">https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa</a><br><a href="https://github.com/libssh2/libssh2/pull/350">https://github.com/libssh2/libssh2/pull/350</a><br><a href="https://libssh2.org/changes.html">https://libssh2.org/changes.html</a><br><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html">https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/</a><br><a href="https://security.netapp.com/advisory/ntap-20190806-0002/">https://security.netapp.com/advisory/ntap-20190806-0002/</a><br><a href="https://support.f5.com/csp/article/K13322484">https://support.f5.com/csp/article/K13322484</a><br><a href="https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS">https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS</a><br></details> |
|
||||
| libssh2-1 | CVE-2019-17498 | LOW | 1.8.0-2.1 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html">http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-17498">https://access.redhat.com/security/cve/CVE-2019-17498</a><br><a href="https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/">https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498</a><br><a href="https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498">https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498</a><br><a href="https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480">https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480</a><br><a href="https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c">https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c</a><br><a href="https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94">https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94</a><br><a href="https://linux.oracle.com/cve/CVE-2019-17498.html">https://linux.oracle.com/cve/CVE-2019-17498.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-3915.html">https://linux.oracle.com/errata/ELSA-2020-3915.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html">https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-17498">https://nvd.nist.gov/vuln/detail/CVE-2019-17498</a><br></details> |
|
||||
| libssl1.1 | CVE-2022-1292 | MEDIUM | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a><br><a href="https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html">https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html</a><br><a href="https://www.openssl.org/news/secadv/20220503.txt">https://www.openssl.org/news/secadv/20220503.txt</a><br></details> |
|
||||
| libssl1.1 | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/">http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/</a><br><a href="http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html">http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html</a><br><a href="http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html">http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html</a><br><a href="http://rump2007.cr.yp.to/15-shumow.pdf">http://rump2007.cr.yp.to/15-shumow.pdf</a><br><a href="http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/">http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/</a><br><a href="http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect">http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect</a><br><a href="http://www.securityfocus.com/bid/63657">http://www.securityfocus.com/bid/63657</a><br><a href="https://access.redhat.com/security/cve/CVE-2007-6755">https://access.redhat.com/security/cve/CVE-2007-6755</a><br><a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html">https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</a><br></details> |
|
||||
| libssl1.1 | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/">http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/</a><br><a href="http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf">http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf</a><br><a href="http://www.networkworld.com/news/2010/030410-rsa-security-attack.html">http://www.networkworld.com/news/2010/030410-rsa-security-attack.html</a><br><a href="http://www.osvdb.org/62808">http://www.osvdb.org/62808</a><br><a href="http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/">http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/</a><br><a href="https://access.redhat.com/security/cve/CVE-2010-0928">https://access.redhat.com/security/cve/CVE-2010-0928</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/56750">https://exchange.xforce.ibmcloud.com/vulnerabilities/56750</a><br></details> |
|
||||
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-12886">https://access.redhat.com/security/cve/CVE-2018-12886</a><br><a href="https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup">https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup</a><br><a href="https://www.gnu.org/software/gcc/gcc-8/changes.html">https://www.gnu.org/software/gcc/gcc-8/changes.html</a><br></details> |
|
||||
|
@ -776,6 +781,7 @@ hide:
|
|||
| mount | CVE-2022-0563 | LOW | 2.33.1-0.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0563">https://access.redhat.com/security/cve/CVE-2022-0563</a><br><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">https://nvd.nist.gov/vuln/detail/CVE-2022-0563</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0002/">https://security.netapp.com/advisory/ntap-20220331-0002/</a><br></details> |
|
||||
| ncurses-base | CVE-2022-29458 | HIGH | 6.1+20181013-2+deb10u2 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-29458">https://access.redhat.com/security/cve/CVE-2022-29458</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-29458">https://nvd.nist.gov/vuln/detail/CVE-2022-29458</a><br></details> |
|
||||
| ncurses-base | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | | <details><summary>Expand...</summary><a href="http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup">http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-39537">https://access.redhat.com/security/cve/CVE-2021-39537</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html">https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html</a><br><a href="https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html">https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39537">https://nvd.nist.gov/vuln/detail/CVE-2021-39537</a><br></details> |
|
||||
| openssl | CVE-2022-1292 | MEDIUM | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a><br><a href="https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html">https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html</a><br><a href="https://www.openssl.org/news/secadv/20220503.txt">https://www.openssl.org/news/secadv/20220503.txt</a><br></details> |
|
||||
| openssl | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/">http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/</a><br><a href="http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html">http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html</a><br><a href="http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html">http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html</a><br><a href="http://rump2007.cr.yp.to/15-shumow.pdf">http://rump2007.cr.yp.to/15-shumow.pdf</a><br><a href="http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/">http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/</a><br><a href="http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect">http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect</a><br><a href="http://www.securityfocus.com/bid/63657">http://www.securityfocus.com/bid/63657</a><br><a href="https://access.redhat.com/security/cve/CVE-2007-6755">https://access.redhat.com/security/cve/CVE-2007-6755</a><br><a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html">https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</a><br></details> |
|
||||
| openssl | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | | <details><summary>Expand...</summary><a href="http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/">http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/</a><br><a href="http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf">http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf</a><br><a href="http://www.networkworld.com/news/2010/030410-rsa-security-attack.html">http://www.networkworld.com/news/2010/030410-rsa-security-attack.html</a><br><a href="http://www.osvdb.org/62808">http://www.osvdb.org/62808</a><br><a href="http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/">http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/</a><br><a href="https://access.redhat.com/security/cve/CVE-2010-0928">https://access.redhat.com/security/cve/CVE-2010-0928</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/56750">https://exchange.xforce.ibmcloud.com/vulnerabilities/56750</a><br></details> |
|
||||
| passwd | CVE-2007-5686 | LOW | 1:4.5-1.1 | | <details><summary>Expand...</summary><a href="http://secunia.com/advisories/27215">http://secunia.com/advisories/27215</a><br><a href="http://www.securityfocus.com/archive/1/482129/100/100/threaded">http://www.securityfocus.com/archive/1/482129/100/100/threaded</a><br><a href="http://www.securityfocus.com/archive/1/482857/100/0/threaded">http://www.securityfocus.com/archive/1/482857/100/0/threaded</a><br><a href="http://www.securityfocus.com/bid/26048">http://www.securityfocus.com/bid/26048</a><br><a href="http://www.vupen.com/english/advisories/2007/3474">http://www.vupen.com/english/advisories/2007/3474</a><br><a href="https://issues.rpath.com/browse/RPL-1825">https://issues.rpath.com/browse/RPL-1825</a><br></details> |
|
|
@ -0,0 +1,99 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="traefik-11.2.1"></a>
|
||||
### [traefik-11.2.1](https://github.com/truecharts/apps/compare/traefik-11.2.0...traefik-11.2.1) (2022-05-04)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#2606](https://github.com/truecharts/apps/issues/2606))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.2.0"></a>
|
||||
### [traefik-11.2.0](https://github.com/truecharts/apps/compare/traefik-11.1.8...traefik-11.2.0) (2022-05-04)
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.8"></a>
|
||||
### [traefik-11.1.8](https://github.com/truecharts/apps/compare/traefik-11.1.7...traefik-11.1.8) (2022-04-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#2573](https://github.com/truecharts/apps/issues/2573))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.7"></a>
|
||||
### [traefik-11.1.7](https://github.com/truecharts/apps/compare/traefik-11.1.6...traefik-11.1.7) (2022-04-20)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#2524](https://github.com/truecharts/apps/issues/2524))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.6"></a>
|
||||
### [traefik-11.1.6](https://github.com/truecharts/apps/compare/traefik-11.1.5...traefik-11.1.6) (2022-04-20)
|
||||
|
||||
#### Chore
|
||||
|
||||
* add missing quote on description ([#2515](https://github.com/truecharts/apps/issues/2515))
|
||||
|
||||
#### Fix
|
||||
|
||||
* Fix custom chain middleware settings ([#2513](https://github.com/truecharts/apps/issues/2513))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.5"></a>
|
||||
### [traefik-11.1.5](https://github.com/truecharts/apps/compare/traefik-11.1.4...traefik-11.1.5) (2022-04-12)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#2480](https://github.com/truecharts/apps/issues/2480))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.4"></a>
|
||||
### [traefik-11.1.4](https://github.com/truecharts/apps/compare/traefik-11.1.3...traefik-11.1.4) (2022-04-09)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#2460](https://github.com/truecharts/apps/issues/2460))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.3"></a>
|
||||
### [traefik-11.1.3](https://github.com/truecharts/apps/compare/traefik-11.1.2...traefik-11.1.3) (2022-04-08)
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.2"></a>
|
||||
### [traefik-11.1.2](https://github.com/truecharts/apps/compare/traefik-11.1.1...traefik-11.1.2) (2022-04-06)
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.1"></a>
|
||||
### [traefik-11.1.1](https://github.com/truecharts/apps/compare/traefik-11.1.0...traefik-11.1.1) (2022-04-04)
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.1.0"></a>
|
||||
### [traefik-11.1.0](https://github.com/truecharts/apps/compare/traefik-11.0.13...traefik-11.1.0) (2022-04-04)
|
||||
|
||||
#### Feat
|
||||
|
||||
* Add stripPrefixRegex ([#2422](https://github.com/truecharts/apps/issues/2422))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-11.0.13"></a>
|
||||
### [traefik-11.0.13](https://github.com/truecharts/apps/compare/traefik-11.0.12...traefik-11.0.13) (2022-04-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#2410](https://github.com/truecharts/apps/issues/2410))
|
||||
|
||||
|
||||
|
|
@ -3,4 +3,4 @@ dependencies:
|
|||
repository: https://library-charts.truecharts.org
|
||||
version: 9.3.2
|
||||
digest: sha256:4514044d0d416a02c0029081a25943395114bcb29df51a2ede27d4257f71d412
|
||||
generated: "2022-04-26T19:12:49.500831864Z"
|
||||
generated: "2022-05-04T21:08:46.412361435Z"
|
|
@ -0,0 +1,30 @@
|
|||
apiVersion: v2
|
||||
appVersion: "2.6.6"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 9.3.2
|
||||
deprecated: false
|
||||
description: Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/traefik
|
||||
icon: https://truecharts.org/_static/img/appicons/traefik.png
|
||||
keywords:
|
||||
- traefik
|
||||
- ingress
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: traefik
|
||||
sources:
|
||||
- https://github.com/traefik/traefik
|
||||
- https://github.com/traefik/traefik-helm-chart
|
||||
- https://traefik.io/
|
||||
type: application
|
||||
version: 11.2.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1,39 @@
|
|||
# Introduction
|
||||
|
||||
Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/traefik/traefik>
|
||||
* <https://github.com/traefik/traefik-helm-chart>
|
||||
* <https://traefik.io/>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://library-charts.truecharts.org | common | 9.3.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/02-Installing-an-App/).
|
||||
|
||||
## Upgrading, Rolling Back and Uninstalling the Chart
|
||||
|
||||
To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Adding-TrueCharts/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -0,0 +1,3 @@
|
|||
Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
|
@ -0,0 +1,198 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRoute
|
||||
listKind: IngressRouteList
|
||||
plural: ingressroutes
|
||||
singular: ingressroute
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRoute is an Ingress CRD specification.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteSpec is a specification for a IngressRouteSpec
|
||||
resource.
|
||||
properties:
|
||||
entryPoints:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
items:
|
||||
description: Route contains the set of routes.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Rule
|
||||
type: string
|
||||
match:
|
||||
type: string
|
||||
middlewares:
|
||||
items:
|
||||
description: MiddlewareRef is a ref to the Middleware resources.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
priority:
|
||||
type: integer
|
||||
services:
|
||||
items:
|
||||
description: Service defines an upstream to proxy traffic.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service
|
||||
object (for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The
|
||||
differentiation between the two is specified in the
|
||||
Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for
|
||||
the forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration
|
||||
based on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name
|
||||
references a TraefikService object (and to be precise,
|
||||
one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- kind
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: "TLS contains the TLS certificates configuration of the
|
||||
routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
|
||||
YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
|
||||
# block format"
|
||||
properties:
|
||||
certResolver:
|
||||
type: string
|
||||
domains:
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
type: string
|
||||
sans:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: Options is a reference to a TLSOption, that specifies
|
||||
the parameters of the TLS connection.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store is a reference to a TLSStore, that specifies
|
||||
the parameters of the TLS store.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,160 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRouteTCP
|
||||
listKind: IngressRouteTCPList
|
||||
plural: ingressroutetcps
|
||||
singular: ingressroutetcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteTCP is an Ingress CRD specification.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
|
||||
resource.
|
||||
properties:
|
||||
entryPoints:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
items:
|
||||
description: RouteTCP contains the set of routes.
|
||||
properties:
|
||||
match:
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares contains references to MiddlewareTCP
|
||||
resources.
|
||||
items:
|
||||
description: ObjectReference is a generic reference to a Traefik
|
||||
resource.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
services:
|
||||
items:
|
||||
description: ServiceTCP defines an upstream to proxy traffic.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
proxyProtocol:
|
||||
description: ProxyProtocol holds the ProxyProtocol configuration.
|
||||
properties:
|
||||
version:
|
||||
type: integer
|
||||
type: object
|
||||
terminationDelay:
|
||||
type: integer
|
||||
weight:
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: "TLSTCP contains the TLS certificates configuration of
|
||||
the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
|
||||
in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
|
||||
# block format"
|
||||
properties:
|
||||
certResolver:
|
||||
type: string
|
||||
domains:
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
type: string
|
||||
sans:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: Options is a reference to a TLSOption, that specifies
|
||||
the parameters of the TLS connection.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
passthrough:
|
||||
type: boolean
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store is a reference to a TLSStore, that specifies
|
||||
the parameters of the TLS store.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,84 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRouteUDP
|
||||
listKind: IngressRouteUDPList
|
||||
plural: ingressrouteudps
|
||||
singular: ingressrouteudp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteUDP is an Ingress CRD specification.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
|
||||
resource.
|
||||
properties:
|
||||
entryPoints:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
items:
|
||||
description: RouteUDP contains the set of routes.
|
||||
properties:
|
||||
services:
|
||||
items:
|
||||
description: ServiceUDP defines an upstream to proxy traffic.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
weight:
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,563 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: Middleware
|
||||
listKind: MiddlewareList
|
||||
plural: middlewares
|
||||
singular: middleware
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Middleware is a specification for a Middleware resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareSpec holds the Middleware configuration.
|
||||
properties:
|
||||
addPrefix:
|
||||
description: AddPrefix holds the AddPrefix configuration.
|
||||
properties:
|
||||
prefix:
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: BasicAuth holds the HTTP basic authentication configuration.
|
||||
properties:
|
||||
headerField:
|
||||
type: string
|
||||
realm:
|
||||
type: string
|
||||
removeHeader:
|
||||
type: boolean
|
||||
secret:
|
||||
type: string
|
||||
type: object
|
||||
buffering:
|
||||
description: Buffering holds the request/response buffering configuration.
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
maxResponseBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
memRequestBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
memResponseBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
retryExpression:
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: Chain holds a chain of middlewares.
|
||||
properties:
|
||||
middlewares:
|
||||
items:
|
||||
description: MiddlewareRef is a ref to the Middleware resources.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
circuitBreaker:
|
||||
description: CircuitBreaker holds the circuit breaker configuration.
|
||||
properties:
|
||||
expression:
|
||||
type: string
|
||||
type: object
|
||||
compress:
|
||||
description: Compress holds the compress configuration.
|
||||
properties:
|
||||
excludedContentTypes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
contentType:
|
||||
description: ContentType middleware - or rather its unique `autoDetect`
|
||||
option - specifies whether to let the `Content-Type` header, if
|
||||
it has not been set by the backend, be automatically set to a value
|
||||
derived from the contents of the response. As a proxy, the default
|
||||
behavior should be to leave the header alone, regardless of what
|
||||
the backend did with it. However, the historic default was to always
|
||||
auto-detect and set the header if it was nil, and it is going to
|
||||
be kept that way in order to support users currently relying on
|
||||
it. This middleware exists to enable the correct behavior until
|
||||
at least the default one can be changed in a future version.
|
||||
properties:
|
||||
autoDetect:
|
||||
type: boolean
|
||||
type: object
|
||||
digestAuth:
|
||||
description: DigestAuth holds the Digest HTTP authentication configuration.
|
||||
properties:
|
||||
headerField:
|
||||
type: string
|
||||
realm:
|
||||
type: string
|
||||
removeHeader:
|
||||
type: boolean
|
||||
secret:
|
||||
type: string
|
||||
type: object
|
||||
errors:
|
||||
description: ErrorPage holds the custom error page configuration.
|
||||
properties:
|
||||
query:
|
||||
type: string
|
||||
service:
|
||||
description: Service defines an upstream to proxy traffic.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service object
|
||||
(for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for the
|
||||
forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based
|
||||
on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
status:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
forwardAuth:
|
||||
description: ForwardAuth holds the http forward authentication configuration.
|
||||
properties:
|
||||
address:
|
||||
type: string
|
||||
authRequestHeaders:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeaders:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeadersRegex:
|
||||
type: string
|
||||
tls:
|
||||
description: ClientTLS holds TLS specific configurations as client.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
type: string
|
||||
certSecret:
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
type: boolean
|
||||
type: object
|
||||
trustForwardHeader:
|
||||
type: boolean
|
||||
type: object
|
||||
headers:
|
||||
description: Headers holds the custom header configuration.
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials is only valid if true.
|
||||
false is ignored.
|
||||
type: boolean
|
||||
accessControlAllowHeaders:
|
||||
description: AccessControlAllowHeaders must be used in response
|
||||
to a preflight request with Access-Control-Request-Headers set.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowMethods:
|
||||
description: AccessControlAllowMethods must be used in response
|
||||
to a preflight request with Access-Control-Request-Method set.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginList:
|
||||
description: AccessControlAllowOriginList is a list of allowable
|
||||
origins. Can also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginListRegex:
|
||||
description: AccessControlAllowOriginListRegex is a list of allowable
|
||||
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlExposeHeaders:
|
||||
description: AccessControlExposeHeaders sets valid headers for
|
||||
the response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlMaxAge:
|
||||
description: AccessControlMaxAge sets the time that a preflight
|
||||
request may be cached.
|
||||
format: int64
|
||||
type: integer
|
||||
addVaryHeader:
|
||||
description: AddVaryHeader controls if the Vary header is automatically
|
||||
added/updated when the AccessControlAllowOriginList is set.
|
||||
type: boolean
|
||||
allowedHosts:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
browserXssFilter:
|
||||
type: boolean
|
||||
contentSecurityPolicy:
|
||||
type: string
|
||||
contentTypeNosniff:
|
||||
type: boolean
|
||||
customBrowserXSSValue:
|
||||
type: string
|
||||
customFrameOptionsValue:
|
||||
type: string
|
||||
customRequestHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
customResponseHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
featurePolicy:
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
type: boolean
|
||||
frameDeny:
|
||||
type: boolean
|
||||
hostsProxyHeaders:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
isDevelopment:
|
||||
type: boolean
|
||||
publicKey:
|
||||
type: string
|
||||
referrerPolicy:
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
type: boolean
|
||||
stsPreload:
|
||||
type: boolean
|
||||
stsSeconds:
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
inFlightReq:
|
||||
description: InFlightReq limits the number of requests being processed
|
||||
and served concurrently.
|
||||
properties:
|
||||
amount:
|
||||
format: int64
|
||||
type: integer
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If none
|
||||
are set, the default is to use the request's remote address
|
||||
field. All fields are mutually exclusive.
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: IPStrategy holds the ip strategy configuration.
|
||||
properties:
|
||||
depth:
|
||||
type: integer
|
||||
excludedIPs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
type: string
|
||||
requestHost:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList holds the ip white list configuration.
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: IPStrategy holds the ip strategy configuration.
|
||||
properties:
|
||||
depth:
|
||||
type: integer
|
||||
excludedIPs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
sourceRange:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
passTLSClientCert:
|
||||
description: PassTLSClientCert holds the TLS client cert headers configuration.
|
||||
properties:
|
||||
info:
|
||||
description: TLSClientCertificateInfo holds the client TLS certificate
|
||||
info configuration.
|
||||
properties:
|
||||
issuer:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
type: boolean
|
||||
country:
|
||||
type: boolean
|
||||
domainComponent:
|
||||
type: boolean
|
||||
locality:
|
||||
type: boolean
|
||||
organization:
|
||||
type: boolean
|
||||
province:
|
||||
type: boolean
|
||||
serialNumber:
|
||||
type: boolean
|
||||
type: object
|
||||
notAfter:
|
||||
type: boolean
|
||||
notBefore:
|
||||
type: boolean
|
||||
sans:
|
||||
type: boolean
|
||||
serialNumber:
|
||||
type: boolean
|
||||
subject:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
type: boolean
|
||||
country:
|
||||
type: boolean
|
||||
domainComponent:
|
||||
type: boolean
|
||||
locality:
|
||||
type: boolean
|
||||
organization:
|
||||
type: boolean
|
||||
province:
|
||||
type: boolean
|
||||
serialNumber:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
pem:
|
||||
type: boolean
|
||||
type: object
|
||||
plugin:
|
||||
additionalProperties:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
rateLimit:
|
||||
description: RateLimit holds the rate limiting configuration for a
|
||||
given router.
|
||||
properties:
|
||||
average:
|
||||
format: int64
|
||||
type: integer
|
||||
burst:
|
||||
format: int64
|
||||
type: integer
|
||||
period:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If none
|
||||
are set, the default is to use the request's remote address
|
||||
field. All fields are mutually exclusive.
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: IPStrategy holds the ip strategy configuration.
|
||||
properties:
|
||||
depth:
|
||||
type: integer
|
||||
excludedIPs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
type: string
|
||||
requestHost:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
redirectRegex:
|
||||
description: RedirectRegex holds the redirection configuration.
|
||||
properties:
|
||||
permanent:
|
||||
type: boolean
|
||||
regex:
|
||||
type: string
|
||||
replacement:
|
||||
type: string
|
||||
type: object
|
||||
redirectScheme:
|
||||
description: RedirectScheme holds the scheme redirection configuration.
|
||||
properties:
|
||||
permanent:
|
||||
type: boolean
|
||||
port:
|
||||
type: string
|
||||
scheme:
|
||||
type: string
|
||||
type: object
|
||||
replacePath:
|
||||
description: ReplacePath holds the ReplacePath configuration.
|
||||
properties:
|
||||
path:
|
||||
type: string
|
||||
type: object
|
||||
replacePathRegex:
|
||||
description: ReplacePathRegex holds the ReplacePathRegex configuration.
|
||||
properties:
|
||||
regex:
|
||||
type: string
|
||||
replacement:
|
||||
type: string
|
||||
type: object
|
||||
retry:
|
||||
description: Retry holds the retry configuration.
|
||||
properties:
|
||||
attempts:
|
||||
type: integer
|
||||
initialInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
stripPrefix:
|
||||
description: StripPrefix holds the StripPrefix configuration.
|
||||
properties:
|
||||
forceSlash:
|
||||
type: boolean
|
||||
prefixes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
stripPrefixRegex:
|
||||
description: StripPrefixRegex holds the StripPrefixRegex configuration.
|
||||
properties:
|
||||
regex:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,59 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: MiddlewareTCP
|
||||
listKind: MiddlewareTCPList
|
||||
plural: middlewaretcps
|
||||
singular: middlewaretcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
|
||||
properties:
|
||||
ipWhiteList:
|
||||
description: TCPIPWhiteList holds the TCP ip white list configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,101 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: ServersTransport
|
||||
listKind: ServersTransportList
|
||||
plural: serverstransports
|
||||
singular: serverstransport
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: ServersTransport is a specification for a ServersTransport resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ServersTransportSpec options to configure communication between
|
||||
Traefik and the servers.
|
||||
properties:
|
||||
certificatesSecrets:
|
||||
description: Certificates for mTLS.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: Disable HTTP/2 for connections with backend servers.
|
||||
type: boolean
|
||||
forwardingTimeouts:
|
||||
description: Timeouts for requests forwarded to the backend servers.
|
||||
properties:
|
||||
dialTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: The amount of time to wait until a connection to
|
||||
a backend server can be established. If zero, no timeout exists.
|
||||
x-kubernetes-int-or-string: true
|
||||
idleConnTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: The maximum period for which an idle HTTP keep-alive
|
||||
connection will remain open before closing itself.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseHeaderTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: The amount of time to wait for a server's response
|
||||
headers after fully writing the request (including its body,
|
||||
if any). If zero, no timeout exists.
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: Disable SSL certificate verification.
|
||||
type: boolean
|
||||
maxIdleConnsPerHost:
|
||||
description: If non-zero, controls the maximum idle (keep-alive) to
|
||||
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
|
||||
type: integer
|
||||
rootCAsSecrets:
|
||||
description: Add cert file for self-signed certificate.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
serverName:
|
||||
description: ServerName used to contact the server.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,87 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSOption
|
||||
listKind: TLSOptionList
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TLSOption is a specification for a TLSOption resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSOptionSpec configures TLS for an entry point.
|
||||
properties:
|
||||
cipherSuites:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clientAuth:
|
||||
description: ClientAuth defines the parameters of the client authentication
|
||||
part of the TLS connection, if any.
|
||||
properties:
|
||||
clientAuthType:
|
||||
description: ClientAuthType defines the client authentication
|
||||
type to apply.
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
secretNames:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
curvePreferences:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
maxVersion:
|
||||
type: string
|
||||
minVersion:
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
type: boolean
|
||||
sniStrict:
|
||||
type: boolean
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,64 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSStore
|
||||
listKind: TLSStoreList
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TLSStore is a specification for a TLSStore resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSStoreSpec configures a TLSStore resource.
|
||||
properties:
|
||||
defaultCertificate:
|
||||
description: DefaultCertificate holds a secret name for the TLSOption
|
||||
resource.
|
||||
properties:
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
type: object
|
||||
required:
|
||||
- defaultCertificate
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,270 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TraefikService
|
||||
listKind: TraefikServiceList
|
||||
plural: traefikservices
|
||||
singular: traefikservice
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TraefikService is the specification for a service (that an IngressRoute
|
||||
refers to) that is usually not a terminal service (i.e. not a pod of servers),
|
||||
as opposed to a Kubernetes Service. That is to say, it usually refers to
|
||||
other (children) services, which themselves can be TraefikServices or Services.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ServiceSpec defines whether a TraefikService is a load-balancer
|
||||
of services or a mirroring service.
|
||||
properties:
|
||||
mirroring:
|
||||
description: Mirroring defines a mirroring service, which is composed
|
||||
of a main load-balancer, and a list of mirrors.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
maxBodySize:
|
||||
format: int64
|
||||
type: integer
|
||||
mirrors:
|
||||
items:
|
||||
description: MirrorService defines one of the mirrors of a Mirroring
|
||||
service.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service
|
||||
object (for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
percent:
|
||||
type: integer
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for
|
||||
the forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based
|
||||
on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service object
|
||||
(for a load-balancer of servers), or to a TraefikService object
|
||||
(service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for the forward
|
||||
of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based on
|
||||
cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
weighted:
|
||||
description: WeightedRoundRobin defines a load-balancer of services.
|
||||
properties:
|
||||
services:
|
||||
items:
|
||||
description: Service defines an upstream to proxy traffic.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service
|
||||
object (for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for
|
||||
the forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based
|
||||
on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based on
|
||||
cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,55 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| additionalArguments | list | `["--metrics.prometheus","--ping","--serverstransport.insecureskipverify=true","--providers.kubernetesingress.allowexternalnameservices=true"]` | Additional arguments to be passed at Traefik's binary All available options available on https://docs.traefik.io/reference/static-configuration/cli/ |
|
||||
| globalArguments[0] | string | `"--global.checknewversion"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"tccr.io/truecharts/traefik"` | |
|
||||
| image.tag | string | `"v2.6.3@sha256:fab794392ae3e63eef4009b97dfbd57fda9806b70b36333bc502a0ef72838852"` | |
|
||||
| ingressClass | object | `{"enabled":false,"fallbackApiVersion":"","isDefaultClass":false}` | Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x |
|
||||
| ingressRoute | object | `{"dashboard":{"annotations":{},"enabled":true,"labels":{}}}` | Create an IngressRoute for the dashboard |
|
||||
| logs | object | `{"access":{"enabled":false,"fields":{"general":{"defaultmode":"keep","names":{}},"headers":{"defaultmode":"drop","names":{}}},"filters":{}},"general":{"level":"ERROR"}}` | Logs https://docs.traefik.io/observability/logs/ |
|
||||
| logs.access.fields | object | `{"general":{"defaultmode":"keep","names":{}},"headers":{"defaultmode":"drop","names":{}}}` | retryattempts: true minduration: 10ms Fields https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers |
|
||||
| logs.access.filters | object | `{}` | To write logs in JSON, use json in the format option. If the given format is unsupported, the default (CLF) is used instead. format: json To write the logs in an asynchronous fashion, specify a bufferingSize option. This option represents the number of log lines Traefik will keep in memory before writing them to the selected output. In some cases, this option can greatly help performances. bufferingSize: 100 Filtering https://docs.traefik.io/observability/access-logs/#filtering |
|
||||
| logs.general.level | string | `"ERROR"` | also ask for the json format in the format option format: json By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. |
|
||||
| metrics.prometheus | object | `{"entryPoint":"metrics"}` | address: 127.0.0.1:8125 influxdb: address: localhost:8089 protocol: udp |
|
||||
| middlewares | object | `{"basicAuth":[],"chain":[],"forwardAuth":[],"ipWhiteList":[],"rateLimit":[],"redirectRegex":[],"redirectScheme":[],"stripPrefixRegex":[]}` | SCALE Middleware Handlers |
|
||||
| middlewares.chain | list | `[]` | address: https://auth.example.com/ authResponseHeaders: - X-Secret - X-Auth-User authRequestHeaders: - "Accept" - "X-CustomHeader" authResponseHeadersRegex: "^X-" trustForwardHeader: true |
|
||||
| middlewares.forwardAuth | list | `[]` | users: - username: testuser password: testpassword |
|
||||
| middlewares.ipWhiteList | list | `[]` | regex: [] |
|
||||
| middlewares.rateLimit | list | `[]` | scheme: https permanent: true |
|
||||
| middlewares.redirectRegex | list | `[]` | average: 300 burst: 200 |
|
||||
| middlewares.redirectScheme | list | `[]` | middlewares: - name: compress |
|
||||
| middlewares.stripPrefixRegex | list | `[]` | regex: putregexhere replacement: replacementurlhere permanent: false |
|
||||
| pilot | object | `{"enabled":false,"token":""}` | Activate Pilot integration |
|
||||
| podAnnotations."prometheus.io/path" | string | `"/metrics"` | |
|
||||
| podAnnotations."prometheus.io/port" | string | `"9180"` | |
|
||||
| podAnnotations."prometheus.io/scrape" | string | `"true"` | |
|
||||
| portalhook.enabled | bool | `true` | |
|
||||
| probes.liveness | object | See below | Liveness probe configuration |
|
||||
| probes.liveness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
|
||||
| probes.liveness.type | string | "TCP" | sets the probe type when not using a custom probe |
|
||||
| probes.readiness | object | See below | Redainess probe configuration |
|
||||
| probes.readiness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
|
||||
| probes.readiness.type | string | "TCP" | sets the probe type when not using a custom probe |
|
||||
| probes.startup | object | See below | Startup probe configuration |
|
||||
| probes.startup.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
|
||||
| probes.startup.type | string | "TCP" | sets the probe type when not using a custom probe |
|
||||
| providers | object | `{"kubernetesCRD":{"enabled":true,"namespaces":[]},"kubernetesIngress":{"enabled":true,"namespaces":[],"publishedService":{"enabled":true}}}` | Configure providers |
|
||||
| providers.kubernetesIngress.publishedService | object | `{"enabled":true}` | IP used for Kubernetes Ingress endpoints |
|
||||
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":[""],"resources":["services","endpoints","secrets"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses","ingressclasses"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses/status"],"verbs":["update"]},{"apiGroups":["traefik.containo.us"],"resources":["ingressroutes","ingressroutetcps","ingressrouteudps","middlewares","middlewaretcps","tlsoptions","tlsstores","traefikservices","serverstransports"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
|
||||
| service | object | `{"main":{"ports":{"main":{"port":9000,"protocol":"HTTP","targetPort":9000}},"type":"LoadBalancer"},"metrics":{"enabled":true,"ports":{"metrics":{"enabled":true,"port":9180,"protocol":"HTTP","targetPort":9180}},"type":"ClusterIP"},"tcp":{"enabled":true,"ports":{"web":{"enabled":true,"port":9080,"protocol":"HTTP","redirectTo":"websecure"},"websecure":{"enabled":true,"port":9443,"protocol":"HTTPS"}},"type":"LoadBalancer"},"udp":{"enabled":false}}` | Options for the main traefik service, where the entrypoints traffic comes from from. |
|
||||
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
|
||||
| tlsOptions | object | `{"default":{"cipherSuites":["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305","TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256"],"curvePreferences":["CurveP521","CurveP384"],"minVersion":"VersionTLS12","sniStrict":false}}` | TLS Options to be created as TLSOption CRDs https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options Example: |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -0,0 +1,339 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/traefik
|
||||
# defaults to appVersion
|
||||
tag: v2.6.6@sha256:8772fcd592d130f68e61778553554c99a791bcf1ab609fdc276e978706048acd
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||
ingressClass:
|
||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||
enabled: false
|
||||
isDefaultClass: false
|
||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||
fallbackApiVersion: ""
|
||||
|
||||
# -- Activate Pilot integration
|
||||
pilot:
|
||||
enabled: false
|
||||
token: ""
|
||||
# Toggle Pilot Dashboard
|
||||
# dashboard: false
|
||||
|
||||
# -- Create an IngressRoute for the dashboard
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||
annotations: {}
|
||||
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||
labels: {}
|
||||
|
||||
podAnnotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: "/metrics"
|
||||
prometheus.io/port: "9180"
|
||||
|
||||
#
|
||||
# -- Configure providers
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
namespaces: []
|
||||
# - "default"
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces: []
|
||||
# - "default"
|
||||
# IP used for Kubernetes Ingress endpoints
|
||||
publishedService:
|
||||
enabled: true
|
||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||
# By default this Traefik service
|
||||
# pathOverride: ""
|
||||
|
||||
# -- Logs
|
||||
# https://docs.traefik.io/observability/logs/
|
||||
logs:
|
||||
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||
general:
|
||||
# By default, the logs use a text format (common), but you can
|
||||
# also ask for the json format in the format option
|
||||
# format: json
|
||||
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
||||
level: ERROR
|
||||
access:
|
||||
# To enable access logs
|
||||
enabled: false
|
||||
# By default, logs are written using the Common Log Format (CLF).
|
||||
# To write logs in JSON, use json in the format option.
|
||||
# If the given format is unsupported, the default (CLF) is used instead.
|
||||
# format: json
|
||||
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
||||
# This option represents the number of log lines Traefik will keep in memory before writing
|
||||
# them to the selected output. In some cases, this option can greatly help performances.
|
||||
# bufferingSize: 100
|
||||
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||
filters: {}
|
||||
# statuscodes: "200,300-302"
|
||||
# retryattempts: true
|
||||
# minduration: 10ms
|
||||
# Fields
|
||||
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||
fields:
|
||||
general:
|
||||
defaultmode: keep
|
||||
names: {}
|
||||
# Examples:
|
||||
# ClientUsername: drop
|
||||
headers:
|
||||
defaultmode: drop
|
||||
names: {}
|
||||
# Examples:
|
||||
# User-Agent: redact
|
||||
# Authorization: drop
|
||||
# Content-Type: keep
|
||||
|
||||
metrics:
|
||||
# datadog:
|
||||
# address: 127.0.0.1:8125
|
||||
# influxdb:
|
||||
# address: localhost:8089
|
||||
# protocol: udp
|
||||
prometheus:
|
||||
entryPoint: metrics
|
||||
# statsd:
|
||||
# address: localhost:8125
|
||||
|
||||
globalArguments:
|
||||
- "--global.checknewversion"
|
||||
|
||||
##
|
||||
# -- Additional arguments to be passed at Traefik's binary
|
||||
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||
additionalArguments:
|
||||
- "--metrics.prometheus"
|
||||
- "--ping"
|
||||
- "--serverstransport.insecureskipverify=true"
|
||||
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
||||
|
||||
# -- TLS Options to be created as TLSOption CRDs
|
||||
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
|
||||
# Example:
|
||||
tlsOptions:
|
||||
default:
|
||||
sniStrict: false
|
||||
minVersion: VersionTLS12
|
||||
curvePreferences:
|
||||
- CurveP521
|
||||
- CurveP384
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
|
||||
# -- Options for the main traefik service, where the entrypoints traffic comes from
|
||||
# from.
|
||||
service:
|
||||
main:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
main:
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
protocol: HTTP
|
||||
# -- Forwarded Headers should never be enabled on Main entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
tcp:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
web:
|
||||
enabled: true
|
||||
port: 9080
|
||||
protocol: HTTP
|
||||
redirectTo: websecure
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# Options: Empty, 0 (ingore), or positive int
|
||||
# redirectPort:
|
||||
websecure:
|
||||
enabled: true
|
||||
port: 9443
|
||||
protocol: HTTPS
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# tcpexample:
|
||||
# enabled: true
|
||||
# targetPort: 9443
|
||||
# protocol: TCP
|
||||
# tls:
|
||||
# enabled: false
|
||||
# # this is the name of a TLSOption definition
|
||||
# options: ""
|
||||
# certResolver: ""
|
||||
# domains: []
|
||||
# # - main: example.com
|
||||
# # sans:
|
||||
# # - foo.example.com
|
||||
# # - bar.example.com
|
||||
metrics:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9180
|
||||
targetPort: 9180
|
||||
protocol: HTTP
|
||||
# -- Forwarded Headers should never be enabled on Metrics entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
udp:
|
||||
enabled: false
|
||||
|
||||
probes:
|
||||
# -- Liveness probe configuration
|
||||
# @default -- See below
|
||||
liveness:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: HTTP
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
path: "/ping"
|
||||
|
||||
# -- Redainess probe configuration
|
||||
# @default -- See below
|
||||
readiness:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: HTTP
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
path: "/ping"
|
||||
|
||||
# -- Startup probe configuration
|
||||
# @default -- See below
|
||||
startup:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: HTTP
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
path: "/ping"
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
enabled: true
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- traefik.containo.us
|
||||
resources:
|
||||
- ingressroutes
|
||||
- ingressroutetcps
|
||||
- ingressrouteudps
|
||||
- middlewares
|
||||
- middlewaretcps
|
||||
- tlsoptions
|
||||
- tlsstores
|
||||
- traefikservices
|
||||
- serverstransports
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
create: true
|
||||
|
||||
# -- SCALE Middleware Handlers
|
||||
middlewares:
|
||||
basicAuth: []
|
||||
# - name: basicauthexample
|
||||
# users:
|
||||
# - username: testuser
|
||||
# password: testpassword
|
||||
forwardAuth: []
|
||||
# - name: forwardAuthexample
|
||||
# address: https://auth.example.com/
|
||||
# authResponseHeaders:
|
||||
# - X-Secret
|
||||
# - X-Auth-User
|
||||
# authRequestHeaders:
|
||||
# - "Accept"
|
||||
# - "X-CustomHeader"
|
||||
# authResponseHeadersRegex: "^X-"
|
||||
# trustForwardHeader: true
|
||||
chain: []
|
||||
# - name: chainname
|
||||
# middlewares:
|
||||
# - name: compress
|
||||
redirectScheme: []
|
||||
# - name: redirectSchemeName
|
||||
# scheme: https
|
||||
# permanent: true
|
||||
rateLimit: []
|
||||
# - name: rateLimitName
|
||||
# average: 300
|
||||
# burst: 200
|
||||
redirectRegex: []
|
||||
# - name: redirectRegexName
|
||||
# regex: putregexhere
|
||||
# replacement: repslacementurlhere
|
||||
# permanent: false
|
||||
stripPrefixRegex: []
|
||||
# - name: stripPrefixRegexName
|
||||
# regex: []
|
||||
ipWhiteList: []
|
||||
# - name: ipWhiteListName
|
||||
# sourceRange: []
|
||||
# ipStrategy:
|
||||
# depth: 2
|
||||
# excludedIPs: []
|
||||
|
||||
portalhook:
|
||||
enabled: true
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,138 @@
|
|||
---
|
||||
hide:
|
||||
- toc
|
||||
---
|
||||
|
||||
# Security Overview
|
||||
|
||||
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
#### Chart Object: traefik/templates/common.yaml
|
||||
|
||||
|
||||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-traefik' of Deployment 'RELEASE-NAME-traefik' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'resources.requests.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
|
||||
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'resources.requests.memory' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
|
||||
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.privileged' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
|
||||
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'resources.limits.memory' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
|
||||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'RELEASE-NAME-traefik' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'RELEASE-NAME-traefik' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-traefik' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||||
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment 'RELEASE-NAME-traefik' should not set 'spec.template.volumes.hostPath' </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
|
||||
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment 'RELEASE-NAME-traefik' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
|
||||
|
||||
|
||||
| No Misconfigurations found |
|
||||
|:---------------------------------|
|
||||
|
||||
|
||||
|
||||
|
||||
| No Misconfigurations found |
|
||||
|:---------------------------------|
|
||||
|
||||
|
||||
|
||||
|
||||
| No Misconfigurations found |
|
||||
|:---------------------------------|
|
||||
|
||||
|
||||
|
||||
|
||||
| No Misconfigurations found |
|
||||
|:---------------------------------|
|
||||
|
||||
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||||
tccr.io/truecharts/traefik:v2.6.6@sha256:8772fcd592d130f68e61778553554c99a791bcf1ab609fdc276e978706048acd
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
|
||||
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
|
||||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/traefik:v2.6.6@sha256:8772fcd592d130f68e61778553554c99a791bcf1ab609fdc276e978706048acd (alpine 3.14.6)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| No Vulnerabilities found |
|
||||
|:---------------------------------|
|
||||
|
||||
|
||||
|
||||
**gobinary**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| github.com/containerd/containerd | CVE-2022-23648 | HIGH | v1.5.9 | 1.4.13, 1.5.10, 1.6.1 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html">http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-23648">https://access.redhat.com/security/cve/CVE-2022-23648</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648</a><br><a href="https://github.com/advisories/GHSA-crp2-qrr5-8pq7">https://github.com/advisories/GHSA-crp2-qrr5-8pq7</a><br><a href="https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70">https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70</a><br><a href="https://github.com/containerd/containerd/releases/tag/v1.4.13">https://github.com/containerd/containerd/releases/tag/v1.4.13</a><br><a href="https://github.com/containerd/containerd/releases/tag/v1.5.10">https://github.com/containerd/containerd/releases/tag/v1.5.10</a><br><a href="https://github.com/containerd/containerd/releases/tag/v1.6.1">https://github.com/containerd/containerd/releases/tag/v1.6.1</a><br><a href="https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7">https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7</a><br><a href="https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7.">https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7.</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23648">https://nvd.nist.gov/vuln/detail/CVE-2022-23648</a><br><a href="https://ubuntu.com/security/notices/USN-5311-1">https://ubuntu.com/security/notices/USN-5311-1</a><br><a href="https://www.debian.org/security/2022/dsa-5091">https://www.debian.org/security/2022/dsa-5091</a><br></details> |
|
||||
| github.com/docker/distribution | GMS-2022-20 | UNKNOWN | v2.7.1+incompatible | v2.8.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-qq97-vm5h-rrhg">https://github.com/advisories/GHSA-qq97-vm5h-rrhg</a><br><a href="https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586">https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586</a><br><a href="https://github.com/distribution/distribution/security/advisories/GHSA-qq97-vm5h-rrhg">https://github.com/distribution/distribution/security/advisories/GHSA-qq97-vm5h-rrhg</a><br><a href="https://github.com/opencontainers/image-spec/pull/411">https://github.com/opencontainers/image-spec/pull/411</a><br></details> |
|
||||
| github.com/hashicorp/consul | CVE-2022-24687 | MEDIUM | v1.10.4 | 1.9.15, 1.10.8, 1.11.3 | <details><summary>Expand...</summary><a href="https://discuss.hashicorp.com">https://discuss.hashicorp.com</a><br><a href="https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/">https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-24687">https://nvd.nist.gov/vuln/detail/CVE-2022-24687</a><br><a href="https://security.netapp.com/advisory/ntap-20220331-0006/">https://security.netapp.com/advisory/ntap-20220331-0006/</a><br></details> |
|
||||
| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210616213533-5ff15b29337e | 0.0.0-20220315160706-3147a52a75dd | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27191">https://access.redhat.com/security/cve/CVE-2022-27191</a><br><a href="https://github.com/advisories/GHSA-8c26-wmh5-6g9v">https://github.com/advisories/GHSA-8c26-wmh5-6g9v</a><br><a href="https://groups.google.com/g/golang-announce">https://groups.google.com/g/golang-announce</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s</a><br><a href="https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ">https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-27191">https://nvd.nist.gov/vuln/detail/CVE-2022-27191</a><br><a href="https://security.netapp.com/advisory/ntap-20220429-0002/">https://security.netapp.com/advisory/ntap-20220429-0002/</a><br></details> |
|
||||
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary><a href="https://go-review.googlesource.com/c/text/+/340830">https://go-review.googlesource.com/c/text/+/340830</a><br><a href="https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f">https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f</a><br><a href="https://pkg.go.dev/vuln/GO-2021-0113">https://pkg.go.dev/vuln/GO-2021-0113</a><br></details> |
|
|
@ -0,0 +1,156 @@
|
|||
{{/* Define the args */}}
|
||||
{{- define "traefik.args" -}}
|
||||
args:
|
||||
{{/* merge all ports */}}
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* start of actual arguments */}}
|
||||
{{- with .Values.globalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $config := $ports }}
|
||||
{{- if $config }}
|
||||
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
|
||||
{{- $_ := set $config "protocol" "TCP" }}
|
||||
{{- end }}
|
||||
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--api.dashboard=true"
|
||||
- "--ping=true"
|
||||
{{- if .Values.metrics }}
|
||||
{{- if .Values.metrics.datadog }}
|
||||
- "--metrics.datadog=true"
|
||||
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.influxdb }}
|
||||
- "--metrics.influxdb=true"
|
||||
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
|
||||
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.prometheus }}
|
||||
- "--metrics.prometheus=true"
|
||||
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.statsd }}
|
||||
- "--metrics.statsd=true"
|
||||
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress"
|
||||
{{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||||
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||||
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $entrypoint, $config := $ports }}
|
||||
{{/* add args for forwardedHeaders support */}}
|
||||
{{- if $config.forwardedHeaders.enabled }}
|
||||
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
|
||||
{{- end }}
|
||||
{{- if $config.forwardedHeaders.insecureMode }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* end forwardedHeaders configuration */}}
|
||||
{{- if $config.redirectTo }}
|
||||
{{- $toPort := index $ports $config.redirectTo }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- else if $config.redirectPort }}
|
||||
{{ if gt $config.redirectPort 0.0 }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
|
||||
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
|
||||
{{- if $config.tls.options }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.certResolver }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.domains }}
|
||||
{{- range $index, $domain := $config.tls.domains }}
|
||||
{{- if $domain.main }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||||
{{- end }}
|
||||
{{- if $domain.sans }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.logs }}
|
||||
{{- if .general.format }}
|
||||
- "--log.format={{ .general.format }}"
|
||||
{{- end }}
|
||||
{{- if ne .general.level "ERROR" }}
|
||||
- "--log.level={{ .general.level | upper }}"
|
||||
{{- end }}
|
||||
{{- if .access.enabled }}
|
||||
- "--accesslog=true"
|
||||
{{- if .access.format }}
|
||||
- "--accesslog.format={{ .access.format }}"
|
||||
{{- end }}
|
||||
{{- if .access.bufferingsize }}
|
||||
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters }}
|
||||
{{- if .access.filters.statuscodes }}
|
||||
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters.retryattempts }}
|
||||
- "--accesslog.filters.retryattempts"
|
||||
{{- end }}
|
||||
{{- if .access.filters.minduration }}
|
||||
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||||
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||||
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.pilot.enabled }}
|
||||
- "--pilot.token={{ .Values.pilot.token }}"
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.pilot "dashboard" }}
|
||||
- "--pilot.dashboard={{ .Values.pilot.dashboard }}"
|
||||
{{- end }}
|
||||
{{- with .Values.additionalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
|||
{{/*
|
||||
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
|
||||
By convention this will simply use the <namespace>/<service-name> to match the name of the
|
||||
service generated.
|
||||
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
|
||||
{{- $fullName := include "common.names.fullname" . -}}
|
||||
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
|
||||
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
|
||||
{{- print $servicePath | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Construct a comma-separated list of whitelisted namespaces
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
|
||||
{{- end -}}
|
||||
{{- define "providers.kubernetesCRD.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/* Define the ingressClass */}}
|
||||
{{- define "traefik.ingressClass" -}}
|
||||
---
|
||||
{{ if .Values.ingressClass.enabled }}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
|
||||
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
|
||||
{{- else }}
|
||||
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
|
||||
{{- end }}
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
annotations:
|
||||
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
name: {{ .Release.Name }}
|
||||
spec:
|
||||
controller: traefik.io/ingress-controller
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,25 @@
|
|||
{{/* Define the ingressRoute */}}
|
||||
{{- define "traefik.ingressRoute" -}}
|
||||
{{ if .Values.ingressRoute.dashboard.enabled }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-dashboard
|
||||
annotations:
|
||||
{{- with .Values.ingressRoute.dashboard.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- main
|
||||
routes:
|
||||
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
{{ end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,26 @@
|
|||
{{/* Define the portalHook */}}
|
||||
{{- define "traefik.portalhook" -}}
|
||||
{{- if .Values.portalhook.enabled }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: portalhook
|
||||
namespace: {{ $namespace }}
|
||||
data:
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $value := $ports }}
|
||||
{{ $name }}: {{ $value.port | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,12 @@
|
|||
{{/* Define the tlsOptions */}}
|
||||
{{- define "traefik.tlsOptions" -}}
|
||||
{{- range $name, $config := .Values.tlsOptions }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
spec:
|
||||
{{- toYaml $config | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.setup" . }}
|
||||
|
||||
{{- if .Values.metrics }}
|
||||
{{- if .Values.metrics.prometheus }}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "9180" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
|
||||
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
|
||||
{{- $_ := set .Values "args" $mergedargs -}}
|
||||
|
||||
{{- include "traefik.portalhook" . }}
|
||||
{{- include "traefik.tlsOptions" . }}
|
||||
{{- include "traefik.ingressRoute" . }}
|
||||
{{- include "traefik.ingressClass" . }}
|
||||
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
|
@ -0,0 +1,65 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: compress
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
compress: {}
|
||||
---
|
||||
# Here, an average of 300 requests per second is allowed.
|
||||
# In addition, a burst of 200 requests is allowed.
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-ratelimit
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: 600
|
||||
burst: 400
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-secure-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
sslForceHost: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: 'none'
|
||||
server: ''
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: chain-basic
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: basic-secure-headers
|
||||
- name: compress
|
|
@ -0,0 +1,34 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
|
||||
---
|
||||
{{- $users := list }}
|
||||
{{ range $index, $userdata := $middlewareData.users }}
|
||||
{{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
|
||||
{{ end }}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||
namespace: {{ $namespace }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
users: |
|
||||
{{- range $index, $user := $users }}
|
||||
{{ printf "%s" $user }}
|
||||
{{- end }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||
{{ end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.chain }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
{{ range $index, $middleware := .middlewares }}
|
||||
- name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,30 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: {{ $middlewareData.address }}
|
||||
{{- with $middlewareData.authResponseHeaders }}
|
||||
authResponseHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $middlewareData.authRequestHeaders }}
|
||||
authRequestHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.authResponseHeadersRegex }}
|
||||
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.trustForwardHeader }}
|
||||
trustForwardHeader: true
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,33 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
{{- range $middlewareData.sourceRange }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy }}
|
||||
ipStrategy:
|
||||
{{- if $middlewareData.ipStrategy.depth }}
|
||||
depth: {{ $middlewareData.ipStrategy.depth }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy.excludedIPs }}
|
||||
excludedIPs:
|
||||
{{- range $middlewareData.ipStrategy.excludedIPs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,19 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: {{ $middlewareData.average }}
|
||||
burst: {{ $middlewareData.burst }}
|
||||
{{ end }}
|
|
@ -0,0 +1,19 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectScheme:
|
||||
scheme: {{ $middlewareData.scheme }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{ end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: {{ $middlewareData.regex | quote }}
|
||||
replacement: {{ $middlewareData.replacement | quote }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{ end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
|
||||
{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
{{- range $middlewareData.regex }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,29 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-opencors-chain
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: tc-opencors-headers
|
||||
- name: compress
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-closedcors-chain
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: tc-closedcors-headers
|
||||
- name: compress
|
|
@ -0,0 +1,64 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-opencors-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowHeaders:
|
||||
- '*'
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
- POST
|
||||
accessControlAllowOriginList:
|
||||
- '*'
|
||||
accessControlMaxAge: 100
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: none
|
||||
server: ""
|
||||
forceSTSHeader: true
|
||||
referrerPolicy: same-origin
|
||||
sslForceHost: true
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-closedcors-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
sslForceHost: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: 'none'
|
||||
server: ''
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue