Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[rhoai-2.8] CVE-2024-43788 odh-dashboard-container: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule #352

Open
wants to merge 2 commits into
base: rhoai-2.8
Choose a base branch
from

Conversation

DaoDaoNoCode
Copy link

JIRA: RHOAIENG-11991

Cherry-pick the commit opendatahub-io@8f7c866 to fix the CVE in RHOAI 2.8.

Copy link

sonarcloud bot commented Sep 11, 2024

Copy link

@andrewballantyne andrewballantyne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It occurs to me we don't actually have a 2.8.z ready to go 🤔 @dgutride do you know when the next release will be?

@dgutride
Copy link

@andrewballantyne - no, I am working on a more comprehensive approach to how we deal with issues like this. In general, I'd rather we have fixes tagged and ready to go, but not moved into a branch until we know we are going to move forward with a change. Staging things early might be problematic if they end up not wanting cve fixes for a z-stream for some reason.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants