Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NGINX: Update ModSecurity. #12913

Closed
rafaelrpinto opened this issue Mar 1, 2025 · 2 comments · Fixed by #12914
Closed

NGINX: Update ModSecurity. #12913

rafaelrpinto opened this issue Mar 1, 2025 · 2 comments · Fixed by #12914
Assignees
@Gacko @strongjz
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@rafaelrpinto
Copy link
Contributor

A serious CVE has been disclosed which affects the current ModeSecurity 3.0.13, currently used by ingress-nginx.

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27110
@rafaelrpinto rafaelrpinto added the kind/bug Categorizes issue or PR as related to a bug. label Mar 1, 2025
@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority labels Mar 1, 2025
@rafaelrpinto rafaelrpinto mentioned this issue Mar 1, 2025
Merged
10 tasks
@Gacko
Copy link
Member

Gacko commented Mar 1, 2025

I'll try to propose a PR later, but this is not going to be released immediately, but in the upcoming patch release.

@Gacko
Copy link
Member

Gacko commented Mar 1, 2025

/retitle NGINX: Update ModSecurity.
/triage accepted
/kind bug
/priority backlog
/assign

@k8s-ci-robot k8s-ci-robot changed the title Upgrade to ModSecurity 3.0.14 to address CVE-2025-27110 NGINX: Update ModSecurity. Mar 1, 2025
@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority labels Mar 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Gacko Gacko

@strongjz strongjz

Labels
kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
[SIG Network] Ingress NGINX
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

NGINX: Update ModSecurity. rafaelrpinto/ingress-nginx
4 participants
@Gacko @strongjz @rafaelrpinto @k8s-ci-robot