We need to update our operators to use OCP 4.11 / kubernetes 1.24 libraries
Bump k8s.io/*, client-go, library-go, openshift-api, operator-sdk, controller-runtime.
Bump prometheus/client_golang for CVE-2022-21698 fixes.
To fix CVE-2020-26160, add this to go.mod of all operators that import jwt-go:
replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt v3.2.1+incompatible
Repos to update:
Most of these have a dependency on the library-go bump, which means we're dependent on https://github.com/openshift/library-go/pull/1356, and that PR is (I think) dependent on the 1.24 k8s rebase.
Some PR are verified in other BZ and will update status when all finished.
Checked regression test result looks okay.
Also check oVirt and Manila ci looks okay.
Update status to VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.