Upgrade otelcol-contrib to v0.141.0. #623
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bunnichx
changed the title
Member
|
Automated Messages: Label 'otelcol-contrib' has been added to this Pull Request. |
aaroncyew
added
x-crypto: v0.32.0: CVE-2025-22869
Member
|
@bunnichx update analysis file .yaml for all components version overrides as current analysis scan is producing false positive results in scan ID 7986563 |
aaroncyew
removed
x-crypto: v0.32.0: CVE-2025-22869
- Upgrade version to 0.141.0. - Remove CVE-2025-22872.patch since changes are part of latest version. - Fixes CVE-2025-47913, CVE-2025-47914 and CVE-2025-58181. Signed-off-by: Unniche, BasavarajX <basavarajx.unniche@intel.com>
bunnichx
force-pushed
the
upgrade-otelcol-contrib
branch
from
1aa67bf to
4eade12
Compare
Contributor
Author
PR 109 is raised in bdba repo. |
andy-vm
reviewed
Dec 9, 2025
Contributor
andy-vm
left a comment
andy-vm
left a comment
There was a problem hiding this comment.
please share
- test result, e.g. screenshot of new version in image
- rpm build result
Contributor
Author
Hi @andy-vm , RPM build link is updated in ITEP-82184 |
Contributor
|
@bunnichx looks like the vendor tar ball is missing |
cheeyanglee
approved these changes
Dec 12, 2025
cheeyanglee
merged commit 55216c7
into
open-edge-platform:3.0-dev
15 of 18 checks passed
cheeyanglee
pushed a commit
to cheeyanglee/edge-microvisor-toolkit
that referenced
this pull request
Jan 22, 2026
- Upgrade version to 0.141.0. - Remove CVE-2025-22872.patch since changes are part of latest version. - Fixes CVE-2025-47913, CVE-2025-47914 and CVE-2025-58181. Signed-off-by: Unniche, BasavarajX <basavarajx.unniche@intel.com> Co-authored-by: andy-vm <108446482+andy-vm@users.noreply.github.com>
cheeyanglee
added a commit
that referenced
this pull request
Jan 23, 2026
* ip4save config change (#620) * Update full.json Added ip4save changes for iso * Create configure-ip4save.sh Post installation script for iso to allow type 8 incoming ping * Separated post installation paths in full.json * Fixed file permission for configure-ip4save.sh * Fixed indentation for full.json --------- Co-authored-by: andy-vm <108446482+andy-vm@users.noreply.github.com> Co-authored-by: Mohamad Noor Alim Hussin <mohamad.noor.alim.hussin@intel.com> * Upgrade otelcol-contrib version to fix CVE. (#623) - Upgrade version to 0.141.0. - Remove CVE-2025-22872.patch since changes are part of latest version. - Fixes CVE-2025-47913, CVE-2025-47914 and CVE-2025-58181. Signed-off-by: Unniche, BasavarajX <basavarajx.unniche@intel.com> Co-authored-by: andy-vm <108446482+andy-vm@users.noreply.github.com> * Upgrade the RPC version from 2.45.1 to 2.48.9 (#619) - Upgraded the RPC from 2.45.1 to 2.48.9 to resolve the CVE-2025-47914, CVE-2025-58181 and CVE-2025-47913. - Update the rpc.spec file with release, dump version and changelog entry. Signed-off-by: Polmoorx Shiva Kumar <polmoorx.shiva.kumar@intel.com> * restore caddy (#642) * restore caddy * restore caddy --------- Co-authored-by: andy.peng <andypeng@pglgull002.png.intel.com> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> * CVE Fix for x-crypto component in caddy (#672) - Applied suggested patch from NVD database for - CVE-2025-58181. Signed-off-by: Unniche, BasavarajX <basavarajx.unniche@intel.com> Co-authored-by: andy-vm <108446482+andy-vm@users.noreply.github.com> * Removed go-rpm-macros dependency in caddy.spec (#689) * Update CVE patches to fix CVE issues (#661) - Include fix for CVE-2025-61727 and CVE-2025-61729. - Updated caddy.spec file to update release, bump version, and add changelog entries. Signed-off-by: Polmoorx Shiva Kumar <polmoorx.shiva.kumar@intel.com> --------- Signed-off-by: Unniche, BasavarajX <basavarajx.unniche@intel.com> Signed-off-by: Polmoorx Shiva Kumar <polmoorx.shiva.kumar@intel.com> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Co-authored-by: chrngc <149708414+chrngc@users.noreply.github.com> Co-authored-by: andy-vm <108446482+andy-vm@users.noreply.github.com> Co-authored-by: Mohamad Noor Alim Hussin <mohamad.noor.alim.hussin@intel.com> Co-authored-by: bunnichx <101382885+bunnichx@users.noreply.github.com> Co-authored-by: POLMOOR SHIVA KUMAR <polmoorx.shiva.kumar@intel.com> Co-authored-by: andy.peng <andypeng@pglgull002.png.intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge Checklist
All boxes should be checked before merging the PR
Description
Upgrade version of otelcol-contrib to fix CVE's reported in x-crypto sub component.
Fixes all the CVE's associated with x-crypto with otelcol-contrib as parent component.
Any Newly Introduced Dependencies
How Has This Been Tested?
Built spec and generated ISO and raw images.