Skip to content

Upgrade otelcol-contrib to v0.141.0. #623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cheeyanglee merged 2 commits into from
Dec 12, 2025
Merged

Upgrade otelcol-contrib to v0.141.0. #623

cheeyanglee merged 2 commits into from
Dec 12, 2025

Conversation

@bunnichx
Copy link
Contributor

@bunnichx bunnichx commented Dec 5, 2025
edited
Loading

Merge Checklist

All boxes should be checked before merging the PR

  • The changes in the PR have been built and tested
  • cgmanifest file has been updated if required
  • Ready to merge

Description

Upgrade version of otelcol-contrib to fix CVE's reported in x-crypto sub component.

Fixes all the CVE's associated with x-crypto with otelcol-contrib as parent component.

Any Newly Introduced Dependencies

How Has This Been Tested?

Built spec and generated ISO and raw images.

@bunnichx bunnichx requested a review from a team as a code owner December 5, 2025 15:21
@bunnichx bunnichx changed the title Upgrade otelcol-contrib version to fix CVE. Upgrade otelcol-contrib to v0.141.0. Dec 5, 2025
@bunnichx bunnichx marked this pull request as draft December 5, 2025 15:41
@aaroncyew
Copy link
Member

aaroncyew commented Dec 8, 2025

Automated Messages: Label 'otelcol-contrib' has been added to this Pull Request.

@aaroncyew aaroncyew added x-crypto: v0.32.0: CVE-2025-22869 Component x-crypto labelled for run 7986563 x-crypto: v0.32.0: CVE-2025-47913 Component x-crypto labelled for run 7986563 x-crypto: v0.32.0: CVE-2025-47914 Component x-crypto labelled for run 7986563 x-crypto: v0.32.0: CVE-2025-58181 Component x-crypto labelled for run 7986563 labels Dec 8, 2025
@aaroncyew
Copy link
Member

aaroncyew commented Dec 8, 2025

@bunnichx update analysis file .yaml for all components version overrides as current analysis scan is producing false positive results in scan ID 7986563

@aaroncyew aaroncyew removed x-crypto: v0.32.0: CVE-2025-22869 Component x-crypto labelled for run 7986563 x-crypto: v0.32.0: CVE-2025-47913 Component x-crypto labelled for run 7986563 x-crypto: v0.32.0: CVE-2025-47914 Component x-crypto labelled for run 7986563 x-crypto: v0.32.0: CVE-2025-58181 Component x-crypto labelled for run 7986563 labels Dec 8, 2025
@bunnichx
Upgrade otelcol-contrib version to fix CVE.
4eade12 
 - Upgrade version to 0.141.0.
 - Remove CVE-2025-22872.patch since changes are part of latest version.
 - Fixes CVE-2025-47913, CVE-2025-47914 and CVE-2025-58181.

Signed-off-by: Unniche, BasavarajX <[email protected]>
@bunnichx bunnichx force-pushed the upgrade-otelcol-contrib branch from 1aa67bf to 4eade12 Compare December 8, 2025 05:36
@bunnichx bunnichx marked this pull request as ready for review December 8, 2025 05:36
@bunnichx
Copy link
Contributor Author

bunnichx commented Dec 8, 2025
edited
Loading

@bunnichx update analysis file .yaml for all components version overrides as current analysis scan is producing false positive results in scan ID 7986563

PR 109 is raised in bdba repo.

andy-vm
andy-vm reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

@andy-vm andy-vm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please share

  • test result, e.g. screenshot of new version in image
  • rpm build result

@bunnichx
Copy link
Contributor Author

bunnichx commented Dec 9, 2025

please share

  • test result, e.g. screenshot of new version in image
  • rpm build result

Hi @andy-vm ,
Please find below installed screenshot.
image

RPM build link is updated in ITEP-82184

@cheeyanglee
Copy link
Contributor

cheeyanglee commented Dec 9, 2025

@bunnichx looks like the vendor tar ball is missing

@bunnichx bunnichx requested a review from andy-vm December 10, 2025 06:34
andy-vm
andy-vm approved these changes Dec 11, 2025
View reviewed changes
Copy link
Contributor

@andy-vm andy-vm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cheeyanglee cheeyanglee merged commit 55216c7 into open-edge-platform:3.0-dev Dec 12, 2025
15 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cheeyanglee cheeyanglee cheeyanglee approved these changes

@andy-vm andy-vm andy-vm approved these changes

@aaroncyew aaroncyew Awaiting requested review from aaroncyew

@jinghuitham jinghuitham Awaiting requested review from jinghuitham

@JiayongT JiayongT Awaiting requested review from JiayongT

Assignees

@bunnichx bunnichx

Labels

ITEP-82183 otelcol-contrib

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bunnichx @aaroncyew @cheeyanglee @andy-vm