Skip to content

Upgrade pyasn1 version to 0.6.3#187

Open
vkmc wants to merge 2 commits into
masterfrom
fix-pyasn
Open

Upgrade pyasn1 version to 0.6.3#187
vkmc wants to merge 2 commits into
masterfrom
fix-pyasn

Conversation

@vkmc

@vkmc vkmc commented Apr 14, 2026

Copy link
Copy Markdown
Contributor

The base ansible-operator:v1.38.1 image contains pyasn1 0.6.1, which is vulnerable to CVE-2026-30922

This change adds a pip3 upgrade step to install pyasn1>=0.6.3 which includes the MAX_NESTING_DEPTH protection against this attack.

@vkmc @claude
Upgrade pyasn1 to 0.6.3 in base image
a396ae4 
The base ansible-operator:v1.38.1 image contains pyasn1 0.6.1, which is vulnerable to CVE-2026-30922

This change adds a pip3 upgrade step to install pyasn1>=0.6.3 which includes the MAX_NESTING_DEPTH protection against this attack.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@vkmc vkmc requested a review from elfiesmelfie April 14, 2026 15:40
@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 14, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/4609f8da74c04dd088ba56a0ead4d39f

stf-crc-ocp_418-local_build FAILURE in 28m 54s
✔️ stf-crc-ocp_420-local_build SUCCESS in 45m 55s
stf-crc-ocp_418-local_build-index_deploy NODE_FAILURE Node request 100-0008210151 failed in 0s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 46m 16s
stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 31m 26s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 38m 40s
stf-crc-ocp_418-catalog_deploy FAILURE in 27m 27s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 35m 00s

@vkmc

vkmc commented Apr 15, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 15, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/51578b9f7b9f42dab890937edbbb1af2

stf-crc-ocp_418-local_build RETRY_LIMIT in 23m 02s
✔️ stf-crc-ocp_420-local_build SUCCESS in 41m 15s
✔️ stf-crc-ocp_418-local_build-index_deploy SUCCESS in 45m 02s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 49m 07s
stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 27m 48s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 33m 38s
stf-crc-ocp_418-catalog_deploy FAILURE in 28m 48s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 32m 20s

@vkmc

vkmc commented Apr 15, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 15, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/760f9bf4741840db8e200d925625d9a5

stf-crc-ocp_418-local_build NODE_FAILURE Node request 100-0008211070 failed in 0s
✔️ stf-crc-ocp_420-local_build SUCCESS in 41m 56s
stf-crc-ocp_418-local_build-index_deploy NODE_FAILURE Node request 100-0008211072 failed in 0s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 46m 58s
stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 32m 05s
stf-crc-ocp_420-nightly_bundles-index_deploy NODE_FAILURE Node request 100-0008211075 failed in 0s
✔️ stf-crc-ocp_418-catalog_deploy SUCCESS in 37m 29s
stf-crc-ocp_420-catalog_deploy NODE_FAILURE Node request 100-0008211077 failed in 0s

@vkmc

vkmc commented Apr 17, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@vkmc vkmc requested a review from compi-migui April 17, 2026 14:39
@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 17, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/4518ba78e7834f9e89e8df6d2c983db2

stf-crc-ocp_418-local_build FAILURE in 34m 26s
✔️ stf-crc-ocp_420-local_build SUCCESS in 42m 08s
stf-crc-ocp_418-local_build-index_deploy NODE_FAILURE Node request 100-0008212329 failed in 0s
stf-crc-ocp_420-local_build-index_deploy NODE_FAILURE Node request 100-0008212330 failed in 0s
✔️ stf-crc-ocp_418-nightly_bundles-index_deploy SUCCESS in 39m 28s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 37m 55s
stf-crc-ocp_418-catalog_deploy NODE_FAILURE Node request 100-0008212333 failed in 0s
stf-crc-ocp_420-catalog_deploy NODE_FAILURE Node request 100-0008212334 failed in 0s

@vkmc

vkmc commented Apr 27, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 27, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/8b4bb88e2db7405ab0cabdac586f2b19

✔️ stf-crc-ocp_418-local_build SUCCESS in 45m 18s
✔️ stf-crc-ocp_420-local_build SUCCESS in 42m 43s
✔️ stf-crc-ocp_418-local_build-index_deploy SUCCESS in 47m 27s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 45m 11s
✔️ stf-crc-ocp_418-nightly_bundles-index_deploy SUCCESS in 39m 34s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 34m 55s
stf-crc-ocp_418-catalog_deploy FAILURE in 27m 46s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 35m 35s

@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 28, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/0fb938f803e648cda4082c6ebe5aa55a

stf-crc-ocp_418-local_build RETRY_LIMIT in 20m 41s
✔️ stf-crc-ocp_420-local_build SUCCESS in 46m 10s
✔️ stf-crc-ocp_418-local_build-index_deploy SUCCESS in 52m 02s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 46m 18s
✔️ stf-crc-ocp_418-nightly_bundles-index_deploy SUCCESS in 39m 35s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 36m 04s
✔️ stf-crc-ocp_418-catalog_deploy SUCCESS in 36m 38s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 35m 45s

@danpawlik

danpawlik commented May 21, 2026

Copy link
Copy Markdown

recheck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danpawlik danpawlik danpawlik approved these changes
@elfiesmelfie elfiesmelfie Awaiting requested review from elfiesmelfie
@compi-migui compi-migui Awaiting requested review from compi-migui

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vkmc @danpawlik