Skip to content

Release edge node agents with go 1.24.9 #590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cheeyanglee merged 8 commits into from
Nov 24, 2025
Merged

Release edge node agents with go 1.24.9 #590

cheeyanglee merged 8 commits into from
Nov 24, 2025

Conversation

@rranjan3
Copy link
Contributor

@rranjan3 rranjan3 commented Nov 19, 2025
edited
Loading

Merge Checklist

All boxes should be checked before merging the PR

  • The changes in the PR have been built and tested
  • cgmanifest file has been updated if required
  • Ready to merge

Description

Any Newly Introduced Dependencies

How Has This Been Tested?

@rranjan3
Release edge node agents with go 1.24.9
54744cf 
- use golang 1.24.9 in all agents
- Fix CVE-2025-47913

Signed-off-by: Rajeev Ranjan <[email protected]>
@rranjan3
Update cgmanifest
70eba77 
Signed-off-by: Rajeev Ranjan <[email protected]>
@rranjan3 rranjan3 requested a review from a team as a code owner November 19, 2025 20:03
@rranjan3 rranjan3 changed the base branch from 3.0 to 3.0-dev November 19, 2025 20:04
@aaroncyew
Copy link
Member

aaroncyew commented Nov 20, 2025

CVE-2025-47913 fix will depends on #594 to be merged before we can proceed to resolve the ssh-agent fixes.

cheeyanglee
cheeyanglee reviewed Nov 21, 2025
View reviewed changes
@rranjan3
Copy link
Contributor Author

rranjan3 commented Nov 21, 2025

Able to provision EN & create cluster on it

image

@rranjan3
Copy link
Contributor Author

rranjan3 commented Nov 21, 2025

image

@aaroncyew
Copy link
Member

aaroncyew commented Nov 24, 2025

Automated Messages: Label 'platform-manageability-agent' has been added to this Pull Request.

@aaroncyew
Copy link
Member

aaroncyew commented Nov 24, 2025

Automated Messages: Label 'reporting-agent' has been added to this Pull Request.

@aaroncyew aaroncyew added x-crypto: v0.36.0: CVE-2025-47913 Component x-crypto labelled for run 7936573 x-crypto: v0.36.0: CVE-2025-47914 Component x-crypto labelled for run 7936573 x-crypto: v0.36.0: CVE-2025-58181 Component x-crypto labelled for run 7936573 labels Nov 24, 2025
@aaroncyew
Copy link
Member

aaroncyew commented Nov 24, 2025
edited
Loading

@rranjan3 The package build tests for platform-manageability-agent & reporting-agent is PASSED
other package tests for cluster-agent, hardware-discovery-agent, node-agent, platform-telemetry-agent, platform-update-agent are FAILED to build SRPMs.

Vulnerabilities for reporting-agent: CVE-2025-47913, CVE-2025-47914, CVE-2025-58181
No vulnerabilities reported for platform-manageability-agent, however the undetected version require mitigations

Details will be updated in issue ticket(s) for each agents

@aaroncyew aaroncyew self-requested a review November 24, 2025 03:03
@cheeyanglee
Copy link
Contributor

cheeyanglee commented Nov 24, 2025
edited
Loading

@rranjan3 The package build tests for platform-manageability-agent & reporting-agent is PASSED other package tests for cluster-agent, hardware-discovery-agent, node-agent, platform-telemetry-agent, platform-update-agent are FAILED to build SRPMs.

Vulnerabilities for reporting-agent: CVE-2025-47913, CVE-2025-47914, CVE-2025-58181 No vulnerabilities reported for platform-manageability-agent, however the undetected version require mitigations

Details will be updated in issue ticket(s) for each agents

@aaroncyew build is working with #1275.
do you mean reporting agent does not fix for CVE-2025-47914 and CVE-2025-58181 ?

@aaroncyew
Copy link
Member

aaroncyew commented Nov 24, 2025

CVE-2025-47913 is fixed for platform-manageability-agent but not for reporting-agent

@cheeyanglee cheeyanglee merged commit a7879ae into 3.0-dev Nov 24, 2025
18 of 19 checks passed
@cheeyanglee cheeyanglee deleted the rranjan3-ena-release branch November 24, 2025 09:56
liulis-sg pushed a commit that referenced this pull request Nov 25, 2025
@rranjan3 @liulis-sg
Release edge node agents with go 1.24.9 (#590)
bec042b 
* Release edge node agents with go 1.24.9

- use golang 1.24.9 in all agents
- Fix CVE-2025-47913

Signed-off-by: Rajeev Ranjan <[email protected]>

* Update cgmanifest

Signed-off-by: Rajeev Ranjan <[email protected]>

* PMA @ 0.3.1

Signed-off-by: Rajeev Ranjan <[email protected]>

* Review: Update lower/upper version of go

Signed-off-by: Rajeev Ranjan <[email protected]>

---------

Signed-off-by: Rajeev Ranjan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cheeyanglee cheeyanglee cheeyanglee approved these changes

@aaroncyew aaroncyew Awaiting requested review from aaroncyew

Assignees

@aaroncyew aaroncyew

@rranjan3 rranjan3

Labels

ITEP-81738 platform-manageability-agent reporting-agent x-crypto: v0.36.0: CVE-2025-47913 Component x-crypto labelled for run 7936573 x-crypto: v0.36.0: CVE-2025-47914 Component x-crypto labelled for run 7936573 x-crypto: v0.36.0: CVE-2025-58181 Component x-crypto labelled for run 7936573

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rranjan3 @aaroncyew @cheeyanglee