From b10e382a405c306f9493d3f385f8f297915ae62c Mon Sep 17 00:00:00 2001 From: gsmith-sas <65406958+gsmith-sas@users.noreply.github.com> Date: Fri, 24 May 2024 14:48:15 -0400 Subject: [PATCH 1/4] [SECURITY] Upgrade Fluent Bit to address critical vulnerability --- CHANGELOG.md | 4 ++++ component_versions.env | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e42cfc4..d130c765 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # SAS Viya Monitoring for Kubernetes +## Unreleased +* **Logging** + * [SECURITY] Upgraded to Fluent Bit 3.0.4 to address critical security vulnerability (CVE-2024-4323) + ## Version 1.2.25 (14MAY2024) * **Metrics** * [CHANGE] New Grafana dashboard Perf/Analysis added diff --git a/component_versions.env b/component_versions.env index 0dcd78e8..e3217b9e 100644 --- a/component_versions.env +++ b/component_versions.env @@ -17,8 +17,8 @@ ES_EXPORTER_FULL_IMAGE="quay.io/prometheuscommunity/elasticsearch-exporter:v1.7. #Fluent Bit FLUENTBIT_HELM_CHART_REPO=fluent FLUENTBIT_HELM_CHART_NAME=fluent-bit -FLUENTBIT_HELM_CHART_VERSION=0.43.0 -FB_FULL_IMAGE="cr.fluentbit.io/fluent/fluent-bit:2.2.2" +FLUENTBIT_HELM_CHART_VERSION=0.46.7 +FB_FULL_IMAGE="cr.fluentbit.io/fluent/fluent-bit:3.0.4" #OpenSearch OPENSEARCH_HELM_CHART_REPO=opensearch From 4d0e82e423d114142e354783d4f5a25a5f9c1fdc Mon Sep 17 00:00:00 2001 From: gsmith-sas <65406958+gsmith-sas@users.noreply.github.com> Date: Fri, 24 May 2024 14:50:30 -0400 Subject: [PATCH 2/4] Add link to Fluent Bit blog post re: security vulnerability --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d130c765..b5efd9a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased * **Logging** - * [SECURITY] Upgraded to Fluent Bit 3.0.4 to address critical security vulnerability (CVE-2024-4323) + * [SECURITY] Upgraded to Fluent Bit 3.0.4 to address critical security vulnerability [(CVE-2024-4323)](https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/) ## Version 1.2.25 (14MAY2024) * **Metrics** From 3e4dc25082284ed24e87ea67c5f55469aaea9e4a Mon Sep 17 00:00:00 2001 From: gsmith-sas <65406958+gsmith-sas@users.noreply.github.com> Date: Wed, 29 May 2024 18:48:38 -0400 Subject: [PATCH 3/4] Move to Fluent Bit 3.0.6 --- component_versions.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/component_versions.env b/component_versions.env index e3217b9e..c05296fc 100644 --- a/component_versions.env +++ b/component_versions.env @@ -18,7 +18,7 @@ ES_EXPORTER_FULL_IMAGE="quay.io/prometheuscommunity/elasticsearch-exporter:v1.7. FLUENTBIT_HELM_CHART_REPO=fluent FLUENTBIT_HELM_CHART_NAME=fluent-bit FLUENTBIT_HELM_CHART_VERSION=0.46.7 -FB_FULL_IMAGE="cr.fluentbit.io/fluent/fluent-bit:3.0.4" +FB_FULL_IMAGE="cr.fluentbit.io/fluent/fluent-bit:3.0.6" #OpenSearch OPENSEARCH_HELM_CHART_REPO=opensearch From 9067b7f05c6133bbba4ddfe8bbe8d7c853abb2b7 Mon Sep 17 00:00:00 2001 From: gsmith-sas <65406958+gsmith-sas@users.noreply.github.com> Date: Wed, 29 May 2024 18:54:21 -0400 Subject: [PATCH 4/4] Updated CHANGELOG.md to reflect current FB version --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b5efd9a1..9937cc6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased * **Logging** - * [SECURITY] Upgraded to Fluent Bit 3.0.4 to address critical security vulnerability [(CVE-2024-4323)](https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/) + * [SECURITY] Upgraded to Fluent Bit 3.0.6 to address critical security vulnerability [(CVE-2024-4323)](https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/) ## Version 1.2.25 (14MAY2024) * **Metrics**