Bump Kolla images for CVE-2024-36039

assumptionsandg · assumptionsandg · commit b2d80198ce85 · 2024-06-26T15:12:43.000+01:00
diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml
@@ -4,19 +4,16 @@
 # where the key is the OS distro and the value is the tag to deploy.
 kolla_image_tags:
   openstack:
+    rocky-9: 2023.1-rocky-9-20240621T104542
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240621T104542
+  bifrost_deploy:
     rocky-9: 2023.1-rocky-9-20240423T125905
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240423T125905
-  cloudkitty:
-    rocky-9: 2023.1-rocky-9-20240509T111619
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T111619
   haproxy_ssh:
     rocky-9: 2023.1-rocky-9-20240509T102329
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329
   letsencrypt:
     rocky-9: 2023.1-rocky-9-20240509T102329
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329
-  magnum:
-    rocky-9: 2023.1-rocky-9-20240607T082105
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240607T082105
   opensearch:
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T094444
diff --git a/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml
@@ -0,0 +1,7 @@
+---
+security:
+  - |
+    Addresses critical vulnerability CVE-2024-36039 by
+    bumping the PyMySQL library to 1.1.1 in all affected
+    Kolla images. This vulnerability allows SQL injection 
+    through untrusted JSON objects.
