Bug 2180696

Summary: [4.10 clone] Security and VA issues with ODF operator
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Mudit Agarwal <muagarwa>
Component: odf-operatorAssignee: Sanjal Katiyar <skatiyar>
Status: CLOSED CANTFIX QA Contact: krishnaram Karthick <kramdoss>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.10CC: ahanwate, akgunjal, ebenahar, etamir, hnallurv, kramdoss, mrajanna, muagarwa, nbecker, nigoyal, nthomas, ocs-bugs, odf-bz-bot, rcyriac, security-response-team, shaali, skatiyar, tnielsen, uchapaga, usrivast, vyoganan
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2180685 Environment:
Last Closed: 2023-05-29 08:18:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2166417, 2180685    
Bug Blocks: 2180695    

Description Mudit Agarwal 2023-03-22 05:33:03 UTC 
+++ This bug was initially created as a clone of Bug #2180685 +++

+++ This bug was initially created as a clone of Bug #2166417 +++
Comment 3 Sanjal Katiyar 2023-04-27 14:06:18 UTC 
Changes are fixed and backported till 4.12, we can not fix it for 4.10 as there are multiple changes which will also require extensive testing. Moreover, we will need to backport multiple other fixes as well to finally fix this particular issue.
Comment 4 vyoganan 2023-05-11 09:25:50 UTC 
Hi, Customer returned
--- 
Regarding issue ID: 115558 - the fix will be available for ODF version 4.13 and backport to 4.10 will not be possible because a straightforward backport will break functionality beyond 4.12. The patch for 4.12 is expected to be available in May.
Regarding issue ID: 115897, the fix was supposed to be available for ODF version 4.10 and planned for release in May.

Could you confirm if there is a problem with backporting the fix for issue ID 115897 or if they were referring to ID 115558?
Comment 5 Nitin Goyal 2023-05-11 09:57:15 UTC 
Hello @vyoganan Can you provide the source of the information you mentioned? I am having difficulty finding the details you referred to in the comment. This is important for me to better understand the situation and provide an appropriate answer.
Comment 6 vyoganan 2023-05-11 12:25:55 UTC 
@nitin, IBM requested to know the two issues.

There are two issue IDs being discussed. 

For issue ID 115558, the fix will only be available for ODF version 4.13, as attempting to backport it to version 4.10 would break functionality beyond version 4.12. The patch for version 4.12 is expected to be available in May.

Regarding issue ID 115897, the fix was initially planned to be available for version 4.10 in May. However, it is unclear if there is an issue with backporting the fix for this specific issue. Can you please confirm if there is a problem with backporting the fix for issue ID 115897 or if there was confusion with the issue ID being referred to?
Comment 7 vyoganan 2023-05-15 10:19:22 UTC 
@nigoyal / Team Is there any update?
Comment 12 Nitin Goyal 2023-05-29 04:37:44 UTC 
Attention guys, I don't think this bug should be in the verified state, It should be "CLOSED" as "CANTFIX". I think the confusion was created due to the change made by "vyoganan" in comment 4 where he moved the bug from closed to modified state.

Mudit and Krk, Can we pls get this bug removed from the errata?
Comment 13 Nitin Goyal 2023-05-29 04:40:22 UTC 
(In reply to vyoganan from comment #6)
> @nitin, IBM requested to know the two issues.
> 
> There are two issue IDs being discussed. 
> 
> For issue ID 115558, the fix will only be available for ODF version 4.13, as
> attempting to backport it to version 4.10 would break functionality beyond
> version 4.12. The patch for version 4.12 is expected to be available in May.
> 
> Regarding issue ID 115897, the fix was initially planned to be available for
> version 4.10 in May. However, it is unclear if there is an issue with
> backporting the fix for this specific issue. Can you please confirm if there
> is a problem with backporting the fix for issue ID 115897 or if there was
> confusion with the issue ID being referred to?

vyoganan, We are not able to backport the changes to the 4.10 as Sanjal mentioned above. Also pls keep in mind we should not change the bug states just for asking questions, They do create problems sometimes.